Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d2dcf71-0209-4006-a427-f221e27d6ed7.roa
File:                     5d2dcf71-0209-4006-a427-f221e27d6ed7.roa (raw, json)
Hash identifier:          OtYsbAzfM/O3cbcKZW2TKpyUYUIJsuf3TFKo8s1P2W8=
Subject key identifier:   C1:18:B5:4B:7E:1C:C5:68:D0:5C:6F:F5:57:67:56:F6:8A:EF:6D:99
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7E9E775FEC6431967715260F91361D28DBE87287
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d2dcf71-0209-4006-a427-f221e27d6ed7.roa
Signing time:             Mon 31 Mar 2025 20:10:17 +0000
ROA not before:           Mon 31 Mar 2025 20:10:17 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:c080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:9e:77:5f:ec:64:31:96:77:15:26:0f:91:36:1d:28:db:e8:72:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:10:17 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e0:66:0e:9d:1b:df:0a:06:83:f6:3d:48:b0:
                    a7:54:93:20:ae:8b:7e:0f:d8:79:c9:66:44:89:5a:
                    92:c0:61:bd:45:72:99:2b:d9:39:1d:73:16:7e:76:
                    f9:c2:dc:ec:51:7e:bc:5e:a2:4a:ed:37:d1:9a:b9:
                    2b:8d:6e:78:aa:4c:df:dc:6f:b0:9e:09:cd:7d:98:
                    c6:e4:b3:71:88:da:ea:d2:f9:a2:b7:35:dd:12:9d:
                    68:73:27:91:d8:c6:d0:01:98:f9:bc:17:52:2e:da:
                    8d:de:5a:81:3f:02:1f:9f:29:22:d9:30:4b:f0:f3:
                    f6:b5:25:cf:1c:da:63:f7:f6:ee:1b:d5:9b:a7:0a:
                    80:ef:ca:50:91:ed:7c:10:7a:8b:d8:ee:f4:48:17:
                    d0:0e:7c:8f:86:3b:4d:d3:70:5a:43:00:3d:f4:7d:
                    e1:68:73:29:ef:1d:17:e2:8c:68:f1:f2:09:2f:02:
                    bc:f2:60:4a:8b:38:7c:b4:47:75:ec:c3:24:fa:9b:
                    50:63:99:02:cd:59:58:fe:de:dd:f9:09:7c:d2:f5:
                    8c:57:05:f8:80:ce:3a:ff:0b:9b:e9:d4:4c:ab:31:
                    26:e8:71:18:eb:51:bc:9a:71:5d:88:4e:33:77:ac:
                    ca:f9:e7:cf:97:81:60:e4:64:ec:bc:c3:80:94:12:
                    a9:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:18:B5:4B:7E:1C:C5:68:D0:5C:6F:F5:57:67:56:F6:8A:EF:6D:99
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d2dcf71-0209-4006-a427-f221e27d6ed7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:c080::/46

    Signature Algorithm: sha256WithRSAEncryption
         5a:47:c9:35:bc:1e:e9:fc:64:c6:cc:9f:12:4a:aa:40:dd:a1:
         5b:17:67:c0:f5:cd:2f:bb:5f:a6:e1:26:75:64:5f:2a:f6:b4:
         ff:d0:d3:a2:7d:ad:5c:02:98:26:52:62:5e:6c:40:60:79:4e:
         2e:bb:9f:fc:a6:cf:ed:7f:bd:cd:27:30:e6:06:44:81:d4:ea:
         33:51:17:5c:b1:50:8a:a1:1b:0d:49:ee:d5:b3:2c:f7:3a:68:
         6d:3b:08:76:75:26:8c:73:97:8a:ba:37:3f:13:ac:3b:5c:a8:
         1c:70:4c:c8:1d:03:95:c0:af:5e:d9:56:47:b4:a9:6a:66:35:
         4c:02:9f:c3:57:fd:cd:ef:b8:a5:ca:77:0f:e2:52:c5:15:d1:
         46:45:23:2c:f7:ff:43:1a:e9:f6:6f:6d:c6:f9:2f:f9:82:b8:
         06:bb:7d:65:2b:d9:c4:d5:cf:e6:f3:d9:d4:cd:5e:43:e0:54:
         07:aa:8c:0e:b3:fa:d3:a9:b0:35:d3:48:7a:53:f9:e8:14:09:
         d8:bd:32:47:dc:74:65:26:6e:54:ee:27:ca:4b:dc:9f:ff:17:
         87:e1:44:c3:e9:93:92:ba:5b:e0:88:f1:af:2c:43:06:bc:41:
         c9:ce:d0:9f:e4:6f:89:ac:c5:10:99:5e:8a:61:9b:3c:cd:d2:
         d5:a6:5a:0a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUfp53X+xkMZZ3FSYPkTYdKNvococwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDEwMTdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDcwNDAyOGNiZTk1MzYyZGUwYmI5ZDAwZmRiZTA5ZTcwNTc2YTczMTE1MDkw
ZWU0N2IyYzNkYjg5MWY1Y2E2OGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN3gZg6dG98KBoP2PUiwp1STIK6Lfg/YeclmRIlaksBhvUVymSvZOR1zFn52
+cLc7FF+vF6iSu030Zq5K41ueKpM39xvsJ4JzX2YxuSzcYja6tL5orc13RKdaHMn
kdjG0AGY+bwXUi7ajd5agT8CH58pItkwS/Dz9rUlzxzaY/f27hvVm6cKgO/KUJHt
fBB6i9ju9EgX0A58j4Y7TdNwWkMAPfR94WhzKe8dF+KMaPHyCS8CvPJgSos4fLRH
dezDJPqbUGOZAs1ZWP7e3fkJfNL1jFcF+IDOOv8Lm+nUTKsxJuhxGOtRvJpxXYhO
M3esyvnnz5eBYORk7LzDgJQSqQECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTBGLVL
fhzFaNBcb/VXZ1b2iu9tmTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWQyZGNmNzEtMDIwOS00MDA2LWE0MjctZjIyMWUyN2Q2ZWQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DXA
gDANBgkqhkiG9w0BAQsFAAOCAQEAWkfJNbwe6fxkxsyfEkqqQN2hWxdnwPXNL7tf
puEmdWRfKva0/9DTon2tXAKYJlJiXmxAYHlOLruf/KbP7X+9zScw5gZEgdTqM1EX
XLFQiqEbDUnu1bMs9zpobTsIdnUmjHOXiro3PxOsO1yoHHBMyB0DlcCvXtlWR7Sp
amY1TAKfw1f9ze+4pcp3D+JSxRXRRkUjLPf/Qxrp9m9txvkv+YK4Brt9ZSvZxNXP
5vPZ1M1eQ+BUB6qMDrP606mwNdNIelP56BQJ2L0yR9x0ZSZuVO4nykvcn/8Xh+FE
w+mTkrpb4IjxryxDBrxByc7Qn+RviazFEJleimGbPM3S1aZaCg==
-----END CERTIFICATE-----