Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5a023ba7-6dbe-46ac-bc6f-621ed6946b6e.roa
File:                     5a023ba7-6dbe-46ac-bc6f-621ed6946b6e.roa (raw, json)
Hash identifier:          skQhSr6UspSLoISt0dwgX+Aw3kJyHNSak3ME/DRPmlc=
Subject key identifier:   7D:74:56:90:17:82:4F:30:6B:62:65:5B:4A:5C:CD:9F:D6:8D:2E:8D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2BFFCD5DB5B49B430690B507EED092B7E85AC829
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5a023ba7-6dbe-46ac-bc6f-621ed6946b6e.roa
Signing time:             Wed 26 Mar 2025 19:23:32 +0000
ROA not before:           Wed 26 Mar 2025 19:23:32 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:8c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:ff:cd:5d:b5:b4:9b:43:06:90:b5:07:ee:d0:92:b7:e8:5a:c8:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:23:32 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fb:cc:ef:c2:0b:43:1c:9e:50:2c:19:af:55:
                    ce:f6:68:1e:65:35:53:fd:b1:9b:fe:81:52:05:cf:
                    05:f6:e2:23:0a:b1:f5:b4:fc:6a:01:6f:d6:1d:5a:
                    21:40:eb:7a:eb:76:43:25:e5:80:46:a0:b8:b4:ba:
                    18:8e:af:d9:ee:94:80:e4:44:44:2e:8e:9f:db:a1:
                    27:1d:ad:44:66:19:c7:59:10:b0:db:5c:40:84:99:
                    4c:f8:9f:54:d2:57:f7:80:3a:cb:2b:d8:3d:ae:8d:
                    38:69:0d:b0:97:21:74:46:79:57:5c:5b:39:03:56:
                    28:fb:8c:d6:ea:c6:ac:24:2a:ee:e6:07:b4:c2:0a:
                    4c:33:04:49:53:bd:0f:ec:bd:ba:0e:ec:28:ca:5b:
                    3b:d0:42:09:c1:c8:22:89:4d:4a:29:45:17:ee:60:
                    f3:68:86:1e:06:d7:82:bb:36:8c:0f:69:55:03:ab:
                    de:e9:9b:03:c6:de:3d:b3:9a:34:9a:0c:29:2c:92:
                    2d:65:59:2b:2b:81:c7:30:e9:07:55:2d:24:5a:be:
                    ee:f0:29:f0:f5:3c:0a:08:68:d6:64:f6:02:2a:b5:
                    e0:e1:8c:f9:62:15:1b:f8:75:a5:31:0f:e7:d8:26:
                    38:60:79:51:fc:3e:46:90:c4:fe:cb:81:f3:ea:fb:
                    f5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:74:56:90:17:82:4F:30:6B:62:65:5B:4A:5C:CD:9F:D6:8D:2E:8D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5a023ba7-6dbe-46ac-bc6f-621ed6946b6e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:8c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:4e:5f:74:7e:fc:4f:f3:ca:1b:b7:9c:72:5e:a8:cf:a7:11:
         bb:14:2f:d6:9b:21:1e:11:50:6e:f7:2c:0a:49:88:ec:12:39:
         fc:58:f4:1f:84:78:51:88:98:a3:87:df:7c:57:c6:01:9a:a4:
         93:a5:d2:ee:c8:f9:9c:89:75:f0:2b:1d:dd:aa:d5:2d:c4:04:
         53:30:ad:ab:0e:09:bc:fe:b1:9d:88:86:34:44:b4:55:d4:40:
         29:40:78:89:73:a5:6e:18:5c:04:04:66:3c:f9:50:b7:b8:26:
         5a:61:67:30:59:7d:7f:70:68:dc:0d:49:de:be:b8:4c:5d:dc:
         44:7b:0b:ab:dc:67:93:6b:59:62:d0:61:d9:f9:7c:85:1c:65:
         10:df:82:16:7b:12:ed:fd:aa:21:f7:71:2c:24:cc:c0:5e:cb:
         0b:37:c3:ab:59:b9:7d:7b:68:d8:80:a3:40:34:03:c9:0c:a5:
         22:14:a3:67:b9:eb:91:e9:c4:81:f7:17:ba:09:61:e8:a1:85:
         54:d0:bb:47:5f:3c:39:3f:5e:d1:6e:2f:43:dd:61:0f:d8:26:
         5f:62:84:db:f7:28:28:02:58:4a:11:12:b4:43:6f:ff:62:1d:
         dc:1c:90:26:0f:74:c5:ad:e8:cd:a1:36:a2:e2:8b:fa:31:d6:
         49:ce:44:5a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUK//NXbW0m0MGkLUH7tCSt+hayCkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTIzMzJaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGYxNzQ4NWM2NmY0ZjZmNzU3ODE0YTIzNTgwMWUxM2Q3NjdjNmMzMDkzYmM2
MTZjMDg5MzA4Y2MwOTdiYzQ2MWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALv7zO/CC0McnlAsGa9VzvZoHmU1U/2xm/6BUgXPBfbiIwqx9bT8agFv1h1a
IUDreut2QyXlgEaguLS6GI6v2e6UgORERC6On9uhJx2tRGYZx1kQsNtcQISZTPif
VNJX94A6yyvYPa6NOGkNsJchdEZ5V1xbOQNWKPuM1urGrCQq7uYHtMIKTDMESVO9
D+y9ug7sKMpbO9BCCcHIIolNSilFF+5g82iGHgbXgrs2jA9pVQOr3umbA8bePbOa
NJoMKSySLWVZKyuBxzDpB1UtJFq+7vAp8PU8Cgho1mT2Aiq14OGM+WIVG/h1pTEP
59gmOGB5Ufw+RpDE/suB8+r79QUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR9dFaQ
F4JPMGtiZVtKXM2f1o0ujTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWEwMjNiYTctNmRiZS00NmFjLWJjNmYtNjIxZWQ2OTQ2YjZlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8I
wDANBgkqhkiG9w0BAQsFAAOCAQEADU5fdH78T/PKG7eccl6oz6cRuxQv1pshHhFQ
bvcsCkmI7BI5/Fj0H4R4UYiYo4fffFfGAZqkk6XS7sj5nIl18Csd3arVLcQEUzCt
qw4JvP6xnYiGNES0VdRAKUB4iXOlbhhcBARmPPlQt7gmWmFnMFl9f3Bo3A1J3r64
TF3cRHsLq9xnk2tZYtBh2fl8hRxlEN+CFnsS7f2qIfdxLCTMwF7LCzfDq1m5fXto
2ICjQDQDyQylIhSjZ7nrkenEgfcXuglh6KGFVNC7R188OT9e0W4vQ91hD9gmX2KE
2/coKAJYShEStENv/2Id3ByQJg90xa3ozaE2ouKL+jHWSc5EWg==
-----END CERTIFICATE-----