Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4471b4d2-62e1-4876-baf7-b5951493a774.roa
File:                     4471b4d2-62e1-4876-baf7-b5951493a774.roa (raw, json)
Hash identifier:          EmZruas4XQIcfVyTyvJPGSfc3HV2qV1ZeJpH1qswXR4=
Subject key identifier:   33:E3:EF:0E:FF:FE:74:9A:3C:AF:83:60:F0:A8:0B:C9:0E:FE:D3:FE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0831EA6299C9070AE7438DFB2A68907F350E44F0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4471b4d2-62e1-4876-baf7-b5951493a774.roa
Signing time:             Mon 31 Mar 2025 20:21:43 +0000
ROA not before:           Mon 31 Mar 2025 20:21:43 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:60c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:31:ea:62:99:c9:07:0a:e7:43:8d:fb:2a:68:90:7f:35:0e:44:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:43 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:56:f2:c2:da:d3:fe:a9:d9:51:f6:34:17:86:
                    5e:78:8c:2b:fe:ba:b6:77:73:aa:2a:bd:bd:75:76:
                    bf:4e:5f:59:f4:e4:53:5f:6a:f2:e2:68:2e:21:93:
                    4c:bc:c9:b6:da:37:d0:09:68:c9:4d:2c:eb:6b:8c:
                    e4:8d:d6:bd:a7:9d:e0:ad:e6:6e:63:9b:76:eb:19:
                    22:de:0a:d6:a3:86:ae:86:d9:da:36:50:e5:4f:76:
                    c1:23:b8:d7:9b:7e:e8:62:f2:9b:1b:cf:93:68:64:
                    d3:39:ae:ad:52:cb:93:ec:16:dd:24:2f:9f:2c:0e:
                    c0:df:34:83:ca:74:94:16:59:43:c8:65:e3:49:79:
                    63:bf:77:d1:1e:f3:b1:73:8d:e7:75:66:57:b0:99:
                    96:92:dc:4d:88:4a:9b:c3:a5:5e:a0:7f:7e:08:c8:
                    a9:37:7c:f0:09:e8:e7:3c:fb:af:e8:1a:5c:74:ab:
                    1e:88:d3:58:65:91:91:1a:df:c5:64:64:49:b7:8d:
                    8a:eb:d0:d2:01:07:47:c5:84:98:6a:b1:e4:ac:9a:
                    c6:6c:96:94:c2:82:67:b4:c4:2b:8f:ed:83:72:66:
                    cf:fd:16:e0:4a:58:91:6d:dc:b3:c1:7b:da:14:6d:
                    33:ac:43:04:65:c6:8c:e6:3e:8d:ed:94:2e:e1:9e:
                    35:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E3:EF:0E:FF:FE:74:9A:3C:AF:83:60:F0:A8:0B:C9:0E:FE:D3:FE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4471b4d2-62e1-4876-baf7-b5951493a774.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:60c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         52:10:00:2a:b3:d7:f2:34:6a:9f:5a:5b:e2:bb:de:83:5b:0b:
         94:c2:d3:17:ab:be:d6:ba:7c:54:2c:a9:6e:5a:07:f2:67:74:
         27:7b:ce:0e:21:70:2a:8c:43:da:76:f1:e4:33:69:9a:f7:31:
         03:b0:04:3c:e5:76:78:73:61:6c:9b:49:59:11:e4:05:e1:69:
         c4:5f:2d:21:d5:90:25:00:03:95:c2:c0:97:09:62:67:3e:c9:
         dd:29:78:40:5d:c3:e1:a8:5f:a2:0b:f3:18:b1:be:7c:23:8b:
         43:5a:12:2d:d6:e1:e7:79:f4:a7:1d:36:08:f2:e5:03:b3:75:
         8b:67:6d:ab:86:fa:96:73:67:9c:6d:db:9e:bf:5a:03:29:1c:
         67:b4:13:04:d7:64:f4:47:26:be:42:6d:76:72:a5:55:c2:13:
         f7:6e:59:3c:bd:68:9d:59:3d:cb:b4:e1:a7:8d:57:88:b1:5c:
         ed:ef:a8:cd:95:4a:95:97:6c:0c:6d:33:e7:f6:31:fe:65:f1:
         0e:32:a4:85:59:ae:66:37:af:fc:99:d6:de:cc:3d:cb:29:b8:
         8a:fe:0c:5c:28:6a:af:66:f8:b9:6d:d8:b5:58:22:bb:62:8b:
         26:1e:24:ea:25:db:c9:80:2e:db:d2:61:fe:74:64:0d:cc:ad:
         39:d6:4d:b8
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCDHqYpnJBwrnQ437KmiQfzUORPAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxNDNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU1ZDdmNTIwY2MwNGZiYjkxY2UxZjRjMTdhZjI1YjJkN2IwZTA0ZjdkYTk4
OTE4MDg0NGRjYzE1ZjkyZTAzNWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJxW8sLa0/6p2VH2NBeGXniMK/66tndzqiq9vXV2v05fWfTkU19q8uJoLiGT
TLzJtto30AloyU0s62uM5I3Wvaed4K3mbmObdusZIt4K1qOGrobZ2jZQ5U92wSO4
15t+6GLymxvPk2hk0zmurVLLk+wW3SQvnywOwN80g8p0lBZZQ8hl40l5Y7930R7z
sXON53VmV7CZlpLcTYhKm8OlXqB/fgjIqTd88Ano5zz7r+gaXHSrHojTWGWRkRrf
xWRkSbeNiuvQ0gEHR8WEmGqx5KyaxmyWlMKCZ7TEK4/tg3Jmz/0W4EpYkW3cs8F7
2hRtM6xDBGXGjOY+je2ULuGeNc8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQz4+8O
//50mjyvg2DwqAvJDv7T/jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDQ3MWI0ZDItNjJlMS00ODc2LWJhZjctYjU5NTE0OTNhNzc0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DVg
wDANBgkqhkiG9w0BAQsFAAOCAQEAUhAAKrPX8jRqn1pb4rveg1sLlMLTF6u+1rp8
VCypbloH8md0J3vODiFwKoxD2nbx5DNpmvcxA7AEPOV2eHNhbJtJWRHkBeFpxF8t
IdWQJQADlcLAlwliZz7J3Sl4QF3D4ahfogvzGLG+fCOLQ1oSLdbh53n0px02CPLl
A7N1i2dtq4b6lnNnnG3bnr9aAykcZ7QTBNdk9EcmvkJtdnKlVcIT925ZPL1onVk9
y7Thp41XiLFc7e+ozZVKlZdsDG0z5/Yx/mXxDjKkhVmuZjev/JnW3sw9yym4iv4M
XChqr2b4uW3YtVgiu2KLJh4k6iXbyYAu29Jh/nRkDcytOdZNuA==
-----END CERTIFICATE-----