Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c2cf7b6-3fbb-4d74-886d-21c58b347f58.roa
File:                     4c2cf7b6-3fbb-4d74-886d-21c58b347f58.roa (raw, json)
Hash identifier:          J476VJdN81hMGhozTZGYR8SAx4dKsN9b8an/ZwCKS5I=
Subject key identifier:   1F:64:8E:F2:9D:9C:08:63:9C:6A:27:CA:F3:15:55:F8:F2:DD:FC:1E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       216D8CE4D304A4260BCB67ED98B7650E320475C5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c2cf7b6-3fbb-4d74-886d-21c58b347f58.roa
Signing time:             Mon 31 Mar 2025 20:40:19 +0000
ROA not before:           Mon 31 Mar 2025 20:40:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:6d:8c:e4:d3:04:a4:26:0b:cb:67:ed:98:b7:65:0e:32:04:75:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:40:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4e:1b:d2:a7:b8:14:03:c7:57:25:43:34:2e:
                    01:f0:40:f4:e6:e8:77:b0:ed:75:86:f0:97:80:79:
                    e8:31:bc:89:63:15:64:0a:76:b5:a3:fc:60:fe:2b:
                    4f:ac:4f:11:7d:1f:14:18:05:4c:93:89:17:23:bc:
                    7a:fd:10:76:3e:68:03:ee:30:d7:35:1e:4c:8e:4f:
                    e6:6d:89:e3:43:35:d7:c8:60:c9:81:8b:c1:b8:35:
                    df:38:41:98:3b:82:25:4b:b4:bf:8e:70:b8:80:af:
                    56:07:b4:93:4b:20:9a:c0:18:c3:a7:f0:df:d2:e6:
                    a6:1b:19:a7:8b:d3:9d:b8:bf:0a:58:1d:be:07:4c:
                    4b:1c:f6:8e:59:ca:7b:46:3f:3c:b8:88:c3:dc:91:
                    87:82:f9:70:23:61:89:47:ab:22:4b:2d:d0:06:cf:
                    f3:01:54:34:1e:0c:16:b0:c1:fc:71:e3:5e:02:45:
                    6a:80:ba:9e:ec:bf:ed:d8:90:47:25:f2:b6:fc:83:
                    d8:97:8e:17:6d:c0:5d:56:2b:21:55:f6:44:35:67:
                    9c:bb:78:c1:1c:27:ee:f0:e0:8c:bc:5d:0f:20:0e:
                    4b:99:a4:42:39:cd:8b:3e:d3:48:03:aa:c1:34:ef:
                    6f:c0:d2:a1:86:8a:0b:f8:5b:3d:40:f8:33:0a:cd:
                    cd:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:64:8E:F2:9D:9C:08:63:9C:6A:27:CA:F3:15:55:F8:F2:DD:FC:1E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c2cf7b6-3fbb-4d74-886d-21c58b347f58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ba:6d:48:13:67:40:2a:a7:5a:17:10:34:94:20:eb:c8:c2:14:
         84:12:f8:72:5e:10:f1:eb:5a:40:0d:68:56:48:73:b1:26:66:
         8d:12:1b:07:ba:1a:ce:d8:5f:52:f9:c0:7b:e5:b3:40:43:0a:
         86:5f:f9:1a:e0:c8:6d:a6:96:20:92:4a:52:82:c1:8d:dd:d8:
         0c:05:44:9c:74:42:68:c2:53:22:00:c7:51:c5:d8:2a:db:f1:
         a5:f2:8f:a3:ed:31:e5:38:c5:4e:36:b2:9e:d1:8a:78:69:a4:
         08:32:54:85:2b:52:50:f0:03:24:1c:50:fc:0b:d1:79:8b:38:
         a3:24:20:b7:02:28:5f:40:e0:e6:8c:06:77:b0:4f:44:c3:a5:
         a2:88:81:5b:46:69:8e:4f:5b:97:be:70:8a:55:92:4d:2a:2a:
         03:30:ce:5a:53:d6:d8:f0:ca:2b:0d:01:3b:47:87:80:61:03:
         4c:26:11:b4:f4:cc:cc:75:54:9e:6f:1c:9d:4a:3e:0d:b5:67:
         ea:48:ba:14:04:31:c0:21:34:ed:5d:54:a8:7b:25:e7:0a:bc:
         75:f5:12:9c:4a:d0:eb:b5:f3:e9:6a:65:79:5f:6b:75:58:2a:
         32:10:21:97:8e:75:34:30:29:6b:93:9a:0d:9e:0d:f7:3f:06:
         55:62:29:d0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIW2M5NMEpCYLy2ftmLdlDjIEdcUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDQwMTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGYyM2YzNjc0NjFhOTRjNjNmODNhYjJjZGEwNGU5MmQ2OTQzNWEwMDYzOGVj
NjUwOThjYWIyZThjNGUzMDQ4OGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN1OG9KnuBQDx1clQzQuAfBA9Obod7DtdYbwl4B56DG8iWMVZAp2taP8YP4r
T6xPEX0fFBgFTJOJFyO8ev0Qdj5oA+4w1zUeTI5P5m2J40M118hgyYGLwbg13zhB
mDuCJUu0v45wuICvVge0k0sgmsAYw6fw39LmphsZp4vTnbi/ClgdvgdMSxz2jlnK
e0Y/PLiIw9yRh4L5cCNhiUerIkst0AbP8wFUNB4MFrDB/HHjXgJFaoC6nuy/7diQ
RyXytvyD2JeOF23AXVYrIVX2RDVnnLt4wRwn7vDgjLxdDyAOS5mkQjnNiz7TSAOq
wTTvb8DSoYaKC/hbPUD4MwrNzUECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQfZI7y
nZwIY5xqJ8rzFVX48t38HjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGMyY2Y3YjYtM2ZiYi00ZDc0LTg4NmQtMjFjNThiMzQ3ZjU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H6A
MA0GCSqGSIb3DQEBCwUAA4IBAQC6bUgTZ0Aqp1oXEDSUIOvIwhSEEvhyXhDx61pA
DWhWSHOxJmaNEhsHuhrO2F9S+cB75bNAQwqGX/ka4MhtppYgkkpSgsGN3dgMBUSc
dEJowlMiAMdRxdgq2/Gl8o+j7THlOMVONrKe0Yp4aaQIMlSFK1JQ8AMkHFD8C9F5
izijJCC3AihfQODmjAZ3sE9Ew6WiiIFbRmmOT1uXvnCKVZJNKioDMM5aU9bY8Mor
DQE7R4eAYQNMJhG09MzMdVSebxydSj4NtWfqSLoUBDHAITTtXVSoeyXnCrx19RKc
StDrtfPpamV5X2t1WCoyECGXjnU0MClrk5oNng33PwZVYinQ
-----END CERTIFICATE-----