Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42ef7d89-b9bf-460f-b906-7443d96f4a6f.roa
File:                     42ef7d89-b9bf-460f-b906-7443d96f4a6f.roa (raw, json)
Hash identifier:          rfbYLsQeyVILKsgbpbAW0UwIgtiDfFY4Z2qJd67BU4A=
Subject key identifier:   82:C0:4A:4C:02:36:C6:C0:91:E0:2D:6E:82:A9:EE:EF:C7:3D:7A:6F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6E22806B0C772E566CCCF5D906FE6B42632C576D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42ef7d89-b9bf-460f-b906-7443d96f4a6f.roa
Signing time:             Mon 31 Mar 2025 19:20:14 +0000
ROA not before:           Mon 31 Mar 2025 19:20:14 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:8090::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:22:80:6b:0c:77:2e:56:6c:cc:f5:d9:06:fe:6b:42:63:2c:57:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:20:14 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:99:5f:f3:ec:7b:d1:02:ae:df:4a:c6:e8:6f:
                    b0:23:95:51:cb:54:bc:1e:94:cb:e7:ff:bc:dc:28:
                    55:74:f5:6c:85:af:1b:db:23:b1:95:63:e8:f6:4f:
                    6b:62:31:3b:22:84:57:d9:4e:23:69:8c:24:f0:38:
                    44:2f:be:df:0d:2e:9d:6f:78:94:e9:0c:aa:72:b3:
                    77:bb:a4:7e:e7:a9:59:a6:31:a3:ff:e6:4b:d1:97:
                    27:5a:b5:89:c6:a5:f9:21:d4:e7:bf:2e:a6:f0:36:
                    d4:18:91:a4:52:15:bd:f3:4b:3c:15:94:2e:42:8b:
                    76:dc:ad:fa:28:5b:07:69:98:22:0a:3b:dd:6d:7c:
                    4e:68:4a:4d:fc:ec:20:2e:e5:29:4d:0a:e9:8e:40:
                    dd:5d:12:66:a9:56:dc:19:2e:0f:b0:de:5f:ac:62:
                    24:76:53:f5:8c:06:69:d0:b0:8f:12:b8:39:32:52:
                    1e:4a:b3:87:b7:ed:d6:07:a8:2c:12:25:17:d6:bc:
                    1a:3c:45:f9:5f:7c:5e:37:cd:84:fb:1b:13:cc:10:
                    5f:69:89:f2:f1:07:e6:6e:bb:80:df:a7:8a:6e:be:
                    f9:d9:48:e4:fd:d3:5a:00:69:42:28:ef:e3:bb:3c:
                    8c:5a:d4:62:5f:6b:6e:6d:ea:cb:1e:fa:24:2b:dd:
                    a6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C0:4A:4C:02:36:C6:C0:91:E0:2D:6E:82:A9:EE:EF:C7:3D:7A:6F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42ef7d89-b9bf-460f-b906-7443d96f4a6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:8090::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:b1:c1:28:e7:d4:dc:2c:4f:67:58:17:c1:2e:ab:7e:a5:63:
         4c:8f:9d:ca:67:af:db:72:d8:fb:7e:97:52:48:ec:db:7e:7c:
         35:99:ea:23:e3:9a:89:57:bb:27:ce:33:ee:e0:fc:d8:ce:70:
         19:f3:f5:4d:bc:5f:aa:a3:63:25:db:7a:c7:5b:50:02:1e:7e:
         3c:e3:89:a8:11:85:f0:0b:2c:27:47:62:05:8c:92:65:44:f3:
         2a:da:71:95:48:62:fe:83:3f:f7:96:f2:aa:e1:2b:70:5a:58:
         a9:c6:e0:9e:93:b4:93:de:6c:b2:d4:74:c5:51:a3:eb:47:e7:
         02:42:dd:16:57:de:16:46:9d:3a:88:80:c0:13:a9:96:c0:e2:
         a7:20:09:0a:b3:c6:5a:96:0e:94:18:c8:98:55:b6:23:4a:c0:
         0a:2f:ec:90:b9:bc:8e:dc:5c:2b:67:75:c2:c8:0b:1a:41:9c:
         7b:f1:19:95:e1:f9:f1:6d:fc:3e:ae:14:5d:57:8f:ae:c8:8a:
         63:01:ce:c5:9d:e0:ad:c5:ba:f6:0b:41:a5:16:ce:05:1c:32:
         19:21:a3:cf:ac:b6:99:3d:0d:61:68:0d:a7:4f:f2:1c:ea:40:
         38:e7:14:29:4e:1c:30:fa:a3:87:3c:1c:03:00:9e:cd:8a:97:
         23:cf:6b:11
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbiKAawx3LlZszPXZBv5rQmMsV20wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTIwMTRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFkZTljMzQ4NDgzNTA5MWE4Y2U0ZTBhMWY4NWU1YzE3OWVjMmQ4NDA4MGEz
ZGVhMzgxNGMzN2IyYzRhMjk1MWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMiZX/Pse9ECrt9KxuhvsCOVUctUvB6Uy+f/vNwoVXT1bIWvG9sjsZVj6PZP
a2IxOyKEV9lOI2mMJPA4RC++3w0unW94lOkMqnKzd7ukfuepWaYxo//mS9GXJ1q1
ical+SHU578upvA21BiRpFIVvfNLPBWULkKLdtyt+ihbB2mYIgo73W18TmhKTfzs
IC7lKU0K6Y5A3V0SZqlW3BkuD7DeX6xiJHZT9YwGadCwjxK4OTJSHkqzh7ft1geo
LBIlF9a8GjxF+V98XjfNhPsbE8wQX2mJ8vEH5m67gN+nim6++dlI5P3TWgBpQijv
47s8jFrUYl9rbm3qyx76JCvdpp0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSCwEpM
AjbGwJHgLW6Cqe7vxz16bzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDJlZjdkODktYjliZi00NjBmLWI5MDYtNzQ0M2Q5NmY0YTZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
kDANBgkqhkiG9w0BAQsFAAOCAQEApLHBKOfU3CxPZ1gXwS6rfqVjTI+dymev23LY
+36XUkjs2358NZnqI+OaiVe7J84z7uD82M5wGfP1TbxfqqNjJdt6x1tQAh5+POOJ
qBGF8AssJ0diBYySZUTzKtpxlUhi/oM/95byquErcFpYqcbgnpO0k95sstR0xVGj
60fnAkLdFlfeFkadOoiAwBOplsDipyAJCrPGWpYOlBjImFW2I0rACi/skLm8jtxc
K2d1wsgLGkGce/EZleH58W38Pq4UXVePrsiKYwHOxZ3grcW69gtBpRbOBRwyGSGj
z6y2mT0NYWgNp0/yHOpAOOcUKU4cMPqjhzwcAwCezYqXI89rEQ==
-----END CERTIFICATE-----