Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d1fff98-4415-4cd0-b2cc-26f61a8cae7b.roa
File:                     5d1fff98-4415-4cd0-b2cc-26f61a8cae7b.roa (raw, json)
Hash identifier:          7ZJ9jLQCoUhu7POAmiViTRkJp6+uXKhZXQhHb1SHVAM=
Subject key identifier:   8A:82:76:4B:BF:A3:B0:B2:D7:3C:A5:77:9E:0C:86:36:6A:AC:96:FB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       09D37077870D835E272334AA129CADB6FA3B861D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d1fff98-4415-4cd0-b2cc-26f61a8cae7b.roa
Signing time:             Mon 31 Mar 2025 19:21:28 +0000
ROA not before:           Mon 31 Mar 2025 19:21:28 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:80b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:d3:70:77:87:0d:83:5e:27:23:34:aa:12:9c:ad:b6:fa:3b:86:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:21:28 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e9:a4:2e:82:12:4f:2c:53:ad:25:1b:1f:58:
                    31:8d:3e:38:50:77:74:78:90:07:7e:79:b6:9e:72:
                    1f:76:f9:62:cb:ef:3e:4c:6c:45:33:03:9c:15:d5:
                    e1:3e:61:d9:bd:71:45:e5:42:03:65:fd:32:b5:78:
                    35:7a:48:fa:9c:86:d5:72:52:f6:0a:cd:40:6b:da:
                    7c:cd:a6:7a:e6:5d:e7:42:0f:f0:99:61:02:88:dc:
                    98:37:93:0f:30:05:a0:c4:d7:0a:13:05:78:37:dd:
                    cc:4f:45:a2:e4:19:35:48:e6:ee:ae:e5:ca:d5:1b:
                    ed:cc:28:e2:a5:1c:ef:b8:ba:db:f7:4d:31:9e:dc:
                    70:e1:e3:a3:d7:be:c5:0d:c6:22:21:22:9b:8c:10:
                    ed:9a:a4:a4:c1:35:38:e9:5c:2d:da:64:ce:94:90:
                    f1:2f:d2:ae:1e:e8:c5:ff:ce:64:61:64:bc:10:2e:
                    37:2b:f6:d6:50:e6:17:28:b7:e7:87:45:3e:b4:90:
                    79:96:d0:8d:bb:d1:e1:d9:07:e0:47:d9:bb:e0:67:
                    12:07:d3:23:74:cc:0a:8c:4c:1b:47:7f:06:8b:78:
                    eb:a7:7e:48:0d:df:f4:ca:8c:46:f0:8d:e0:73:81:
                    f6:d6:59:2d:67:81:09:4d:70:64:2d:2d:d7:08:89:
                    70:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:82:76:4B:BF:A3:B0:B2:D7:3C:A5:77:9E:0C:86:36:6A:AC:96:FB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d1fff98-4415-4cd0-b2cc-26f61a8cae7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:80b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:77:4a:02:2e:e9:0f:1e:9c:89:37:4c:17:8f:db:04:42:ee:
         9e:2e:d9:77:91:a5:c5:9d:38:84:1d:33:44:0a:ad:0d:cf:2b:
         38:80:cc:22:e0:5f:02:70:ee:19:80:d1:72:59:44:5a:2e:dd:
         68:9e:c4:a6:0b:78:de:d6:fb:4f:46:49:40:57:b8:db:4c:70:
         54:44:5a:21:d0:74:07:d0:9c:02:0b:f8:6f:81:15:e1:54:95:
         1f:aa:be:47:d0:5e:c8:d2:40:09:d6:33:cb:a3:f1:fc:75:62:
         85:b8:1c:14:39:10:2a:16:30:e3:2b:1f:64:d8:65:84:0d:c4:
         64:21:85:72:15:2c:82:d9:30:40:87:9e:a4:60:86:bc:c4:8a:
         ec:1b:00:5a:c7:52:fe:44:c3:5e:00:99:2b:2e:a9:34:a1:1d:
         cf:4c:dd:7f:9b:a5:11:61:2a:c8:27:db:81:36:aa:5e:7c:d8:
         99:67:04:39:ed:4d:af:d4:11:30:32:66:de:a6:eb:66:6e:cf:
         75:6b:68:ea:1a:f8:51:58:eb:0a:b8:ae:cf:77:83:9d:81:3c:
         18:00:bc:d4:d6:3b:07:aa:97:0d:88:3a:3f:ad:31:be:9e:e4:
         26:46:23:fe:4b:5b:e0:36:97:61:ca:e5:99:e4:f6:f3:d4:68:
         aa:94:f8:5b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCdNwd4cNg14nIzSqEpyttvo7hh0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTIxMjhaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQwYjI4YzU4OTI0ZGQ0ODVjZTNkMmVhN2RjZjVlZmJiNjI4OTRkZDhmYzcw
Y2U1MzgxZDI3NmFiYzIyYzFkMWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJbppC6CEk8sU60lGx9YMY0+OFB3dHiQB355tp5yH3b5YsvvPkxsRTMDnBXV
4T5h2b1xReVCA2X9MrV4NXpI+pyG1XJS9grNQGvafM2meuZd50IP8JlhAojcmDeT
DzAFoMTXChMFeDfdzE9FouQZNUjm7q7lytUb7cwo4qUc77i62/dNMZ7ccOHjo9e+
xQ3GIiEim4wQ7ZqkpME1OOlcLdpkzpSQ8S/Srh7oxf/OZGFkvBAuNyv21lDmFyi3
54dFPrSQeZbQjbvR4dkH4EfZu+BnEgfTI3TMCoxMG0d/Bot466d+SA3f9MqMRvCN
4HOB9tZZLWeBCU1wZC0t1wiJcMECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSKgnZL
v6Owstc8pXeeDIY2aqyW+zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWQxZmZmOTgtNDQxNS00Y2QwLWIyY2MtMjZmNjFhOGNhZTdiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
sDANBgkqhkiG9w0BAQsFAAOCAQEAVHdKAi7pDx6ciTdMF4/bBELuni7Zd5GlxZ04
hB0zRAqtDc8rOIDMIuBfAnDuGYDRcllEWi7daJ7Epgt43tb7T0ZJQFe420xwVERa
IdB0B9CcAgv4b4EV4VSVH6q+R9BeyNJACdYzy6Px/HVihbgcFDkQKhYw4ysfZNhl
hA3EZCGFchUsgtkwQIeepGCGvMSK7BsAWsdS/kTDXgCZKy6pNKEdz0zdf5ulEWEq
yCfbgTaqXnzYmWcEOe1Nr9QRMDJm3qbrZm7PdWto6hr4UVjrCriuz3eDnYE8GAC8
1NY7B6qXDYg6P60xvp7kJkYj/ktb4DaXYcrlmeT289RoqpT4Ww==
-----END CERTIFICATE-----