Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ec3ef54-a209-4902-b036-4d329fe00df1.roa
File:                     4ec3ef54-a209-4902-b036-4d329fe00df1.roa (raw, json)
Hash identifier:          6YecGO4XPYO06SsaPViwa3+XBh2DiMp9EGGHqR+1GP4=
Subject key identifier:   C0:13:93:D4:A6:6C:D2:1D:F9:47:17:C0:9B:31:24:7A:EF:D6:CE:1B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       42E46D51BDCE6EB44F904FF1281F3EA79719CE28
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ec3ef54-a209-4902-b036-4d329fe00df1.roa
Signing time:             Mon 31 Mar 2025 20:10:10 +0000
ROA not before:           Mon 31 Mar 2025 20:10:10 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:8020::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:e4:6d:51:bd:ce:6e:b4:4f:90:4f:f1:28:1f:3e:a7:97:19:ce:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:10:10 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a6:bd:d8:8e:bc:76:66:c9:aa:c8:fd:21:9c:
                    fd:b3:c0:de:30:1e:13:09:e0:ae:c8:fd:a7:21:8e:
                    03:28:4e:33:b9:c9:67:a4:45:67:9b:f8:c7:b7:24:
                    4d:99:c2:c1:ff:0b:25:f6:91:c5:43:57:b7:38:ed:
                    34:9a:53:76:e3:c2:9f:26:f7:0f:66:ee:47:fb:f0:
                    40:b4:8e:94:d0:89:6b:29:d5:30:32:6e:b6:81:a6:
                    54:c2:80:d2:b8:49:66:e7:55:bb:2e:d4:18:37:fe:
                    0d:ff:ad:76:12:ce:32:7d:89:72:fb:17:46:65:84:
                    31:01:b7:77:77:eb:ca:57:5b:3c:5b:6f:1f:d1:c6:
                    3f:fe:22:44:16:ff:9d:27:bb:6d:8f:2a:a7:ce:b6:
                    e7:e3:fa:bb:41:9c:be:b9:00:8c:c4:9c:c0:1f:8f:
                    7c:82:22:37:2f:12:24:c4:18:dc:23:80:a2:25:78:
                    b5:eb:db:e8:96:be:32:c8:04:de:9d:6b:09:b7:38:
                    59:40:ea:a9:9d:3a:33:43:a2:3f:d3:0a:37:34:6e:
                    5c:ca:8a:0f:7c:c8:be:f3:aa:eb:96:8e:b6:7d:09:
                    21:5e:11:72:53:0a:d4:94:f2:1f:a9:bb:80:a2:d5:
                    1e:cb:8c:96:ac:ee:22:d7:34:15:43:0d:41:b4:ca:
                    23:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:13:93:D4:A6:6C:D2:1D:F9:47:17:C0:9B:31:24:7A:EF:D6:CE:1B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ec3ef54-a209-4902-b036-4d329fe00df1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:8020::/46

    Signature Algorithm: sha256WithRSAEncryption
         1d:d0:c3:38:e1:bd:0e:a3:b9:87:74:f8:74:2c:05:06:ad:0c:
         58:73:85:d2:aa:b7:c8:0c:b8:02:ca:4a:51:0d:80:39:e2:9c:
         31:ce:71:93:24:06:95:a4:46:84:ee:3a:3e:1e:50:1a:dd:2b:
         4e:a4:d4:91:b0:87:54:9c:20:c0:e8:2c:8a:e8:93:8d:82:19:
         5f:78:8d:bf:3c:84:50:fc:71:03:f6:cb:df:38:5c:c4:c7:0a:
         6c:91:d7:fb:bf:70:87:6d:2a:89:ed:f8:82:f1:ce:5f:c1:33:
         db:90:6a:36:aa:48:2d:23:c7:b1:67:73:9e:7f:c3:8a:08:ee:
         4b:f0:c3:bf:fe:c7:d2:5b:1b:9e:c4:e2:4e:a8:b5:94:37:8a:
         a5:7e:4e:8a:9b:e2:05:10:86:f6:24:82:7c:7b:a5:9f:d5:97:
         2e:74:5d:a3:d2:8f:88:b8:0b:2a:19:d2:20:b8:10:2c:09:c3:
         3a:f2:87:cf:69:50:50:9b:ea:f8:ae:22:08:82:63:da:50:15:
         fc:d6:02:6d:bc:b6:7c:e1:0c:75:fe:52:fb:4b:1c:3e:41:43:
         82:d3:a4:29:77:30:07:43:67:87:fe:58:0b:3a:66:0a:61:e7:
         b2:7f:2a:30:c1:97:5c:d7:a6:22:4e:58:6f:89:7c:ff:4d:5e:
         a7:f9:56:2e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQuRtUb3ObrRPkE/xKB8+p5cZzigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDEwMTBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg4ODAzNjUyZDFmNTk2NTVlYzkxNDgxMTAyNWUzMjU1NDYxYjIxYzNhMjZh
ZTg5OTliYWE5NmRlNDlhNGE2N2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALemvdiOvHZmyarI/SGc/bPA3jAeEwngrsj9pyGOAyhOM7nJZ6RFZ5v4x7ck
TZnCwf8LJfaRxUNXtzjtNJpTduPCnyb3D2buR/vwQLSOlNCJaynVMDJutoGmVMKA
0rhJZudVuy7UGDf+Df+tdhLOMn2JcvsXRmWEMQG3d3fryldbPFtvH9HGP/4iRBb/
nSe7bY8qp8625+P6u0GcvrkAjMScwB+PfIIiNy8SJMQY3COAoiV4tevb6Ja+MsgE
3p1rCbc4WUDqqZ06M0OiP9MKNzRuXMqKD3zIvvOq65aOtn0JIV4RclMK1JTyH6m7
gKLVHsuMlqzuItc0FUMNQbTKI7ECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTAE5PU
pmzSHflHF8CbMSR679bOGzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGVjM2VmNTQtYTIwOS00OTAyLWIwMzYtNGQzMjlmZTAwZGYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HeA
IDANBgkqhkiG9w0BAQsFAAOCAQEAHdDDOOG9DqO5h3T4dCwFBq0MWHOF0qq3yAy4
AspKUQ2AOeKcMc5xkyQGlaRGhO46Ph5QGt0rTqTUkbCHVJwgwOgsiuiTjYIZX3iN
vzyEUPxxA/bL3zhcxMcKbJHX+79wh20qie34gvHOX8Ez25BqNqpILSPHsWdznn/D
igjuS/DDv/7H0lsbnsTiTqi1lDeKpX5OipviBRCG9iSCfHuln9WXLnRdo9KPiLgL
KhnSILgQLAnDOvKHz2lQUJvq+K4iCIJj2lAV/NYCbby2fOEMdf5S+0scPkFDgtOk
KXcwB0Nnh/5YCzpmCmHnsn8qMMGXXNemIk5Yb4l8/01ep/lWLg==
-----END CERTIFICATE-----