Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/493f1269-3ba4-4dea-829a-985dda6749ee.roa
File:                     493f1269-3ba4-4dea-829a-985dda6749ee.roa (raw, json)
Hash identifier:          8m6lacvNnV5umPqFfWW64K6SQTi7gOVU7bl9CpaJ8fo=
Subject key identifier:   0D:AA:5F:14:E5:DE:E6:B1:44:AB:EB:07:8B:4C:ED:3F:4A:F7:F3:D8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0B1D61BE06C565A9C2827F7A026DCE0874A63E7A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/493f1269-3ba4-4dea-829a-985dda6749ee.roa
Signing time:             Mon 31 Mar 2025 21:00:47 +0000
ROA not before:           Mon 31 Mar 2025 21:00:47 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d075::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:1d:61:be:06:c5:65:a9:c2:82:7f:7a:02:6d:ce:08:74:a6:3e:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:00:47 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ed:a2:d7:39:ed:99:04:f1:fd:bb:ec:9a:00:
                    79:f3:60:f4:c3:c8:84:2b:92:dc:17:d8:4a:fb:71:
                    6f:dc:41:06:96:00:71:2f:08:b0:e9:18:06:ad:92:
                    a4:f3:0f:b6:ca:5c:e8:cc:0c:10:af:b4:2a:12:b9:
                    f9:ef:90:b8:b8:7a:56:cb:55:47:a4:cf:ee:42:d4:
                    cf:fe:08:51:61:cc:68:d8:4d:5b:cd:f4:36:a0:d0:
                    0b:f6:c1:b7:49:4f:37:de:92:a2:c3:a9:70:f2:8b:
                    01:cf:e2:43:08:a4:14:e6:a0:71:e2:7c:51:4b:00:
                    7f:36:bb:7e:38:e6:cc:c0:34:6d:be:69:eb:8b:2d:
                    18:5c:01:72:09:ea:5b:84:7c:04:d4:44:5a:ed:ad:
                    ae:75:81:d8:b6:71:77:e0:b7:41:db:73:be:e6:7a:
                    ba:62:3c:32:8f:cc:33:3f:13:1d:b3:4e:69:73:95:
                    c7:5f:7c:df:5c:10:01:67:f7:57:14:cc:00:bd:da:
                    e3:0b:bd:12:c7:e7:9b:03:fb:ef:30:01:da:7e:df:
                    42:99:e5:e7:fb:10:6e:fe:e3:8e:1c:b6:06:e7:7e:
                    0d:fa:d0:77:bc:c4:21:ad:e4:83:44:f1:25:83:b4:
                    60:f8:2a:9b:8b:40:81:98:b5:8a:d5:93:5a:80:e4:
                    34:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:AA:5F:14:E5:DE:E6:B1:44:AB:EB:07:8B:4C:ED:3F:4A:F7:F3:D8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/493f1269-3ba4-4dea-829a-985dda6749ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d075::/32

    Signature Algorithm: sha256WithRSAEncryption
         c3:3c:27:cb:d5:6f:b4:d3:28:31:70:38:fc:98:c3:1f:f9:c2:
         01:92:23:85:37:5e:b7:de:5d:4d:0e:5a:34:db:59:2a:8b:bf:
         b2:e4:8d:20:b4:4c:ff:3a:74:ef:33:1b:8b:f1:e3:d6:3d:56:
         86:5f:61:5f:bd:87:65:fd:88:ac:e6:30:12:fe:3b:7a:c7:88:
         a1:13:93:65:94:99:3e:cf:da:14:29:e7:c8:29:e4:0c:99:4d:
         84:20:75:3b:9c:ac:90:7f:6b:9d:a4:90:81:ba:f9:cd:18:0a:
         10:43:1e:56:52:e2:fa:f4:b7:a5:d0:a0:be:be:2f:97:e1:d4:
         1c:7a:94:16:80:bf:de:3a:26:02:cd:e4:f2:7a:f1:28:41:f9:
         07:6f:a9:f7:c0:d1:b5:24:69:b8:f7:bb:e6:ad:29:df:41:ef:
         e2:a3:d6:60:d5:22:55:54:9d:43:a1:a9:ce:71:54:5c:46:1a:
         19:b7:4d:9c:be:42:cb:ad:ab:8a:e3:c4:1e:56:48:28:5b:b3:
         2a:9a:c1:b0:a5:ac:30:d9:47:2c:c7:a4:ae:35:f1:d6:0e:93:
         7d:ed:62:e5:f4:23:84:73:91:e6:25:15:b9:2d:a1:c7:8a:20:
         14:70:cc:2e:fc:24:76:2b:e9:a8:8d:30:b5:6e:bc:0a:f6:ec:
         26:b7:a0:89
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUCx1hvgbFZanCgn96Am3OCHSmPnowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAwNDdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDYyYmMzNmY5MTVlNDYxNGNlYTM1YTEzYzI0NWJjOGYxOWQ1OTRhNjNiNzNk
N2UzNDc1YzYxZjk1YzA1Mjg5ZjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMLtotc57ZkE8f277JoAefNg9MPIhCuS3BfYSvtxb9xBBpYAcS8IsOkYBq2S
pPMPtspc6MwMEK+0KhK5+e+QuLh6VstVR6TP7kLUz/4IUWHMaNhNW830NqDQC/bB
t0lPN96SosOpcPKLAc/iQwikFOagceJ8UUsAfza7fjjmzMA0bb5p64stGFwBcgnq
W4R8BNREWu2trnWB2LZxd+C3QdtzvuZ6umI8Mo/MMz8THbNOaXOVx19831wQAWf3
VxTMAL3a4wu9EsfnmwP77zAB2n7fQpnl5/sQbv7jjhy2Bud+DfrQd7zEIa3kg0Tx
JYO0YPgqm4tAgZi1itWTWoDkNFcCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBQNql8U
5d7msUSr6weLTO0/Svfz2DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDkzZjEyNjktM2JhNC00ZGVhLTgyOWEtOTg1ZGRhNjc0OWVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0HUw
DQYJKoZIhvcNAQELBQADggEBAMM8J8vVb7TTKDFwOPyYwx/5wgGSI4U3XrfeXU0O
WjTbWSqLv7LkjSC0TP86dO8zG4vx49Y9VoZfYV+9h2X9iKzmMBL+O3rHiKETk2WU
mT7P2hQp58gp5AyZTYQgdTucrJB/a52kkIG6+c0YChBDHlZS4vr0t6XQoL6+L5fh
1Bx6lBaAv946JgLN5PJ68ShB+QdvqffA0bUkabj3u+atKd9B7+Kj1mDVIlVUnUOh
qc5xVFxGGhm3TZy+Qsutq4rjxB5WSChbsyqawbClrDDZRyzHpK418dYOk33tYuX0
I4RzkeYlFbktoceKIBRwzC78JHYr6aiNMLVuvAr27Ca3oIk=
-----END CERTIFICATE-----