Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/613f885a-7f25-486b-9eff-fdd6b2c05b65.roa
File:                     613f885a-7f25-486b-9eff-fdd6b2c05b65.roa (raw, json)
Hash identifier:          M0cNyGkRhNkOLdgykNOS04uNsi4D8ub87dCrRoUlHrQ=
Subject key identifier:   1F:3C:B4:67:94:5C:D0:A4:C6:2D:56:D4:73:0D:5E:63:A6:36:37:88
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3546866C8E0BDF4B61836F610C3AC5B95C49BA86
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/613f885a-7f25-486b-9eff-fdd6b2c05b65.roa
Signing time:             Mon 31 Mar 2025 20:01:25 +0000
ROA not before:           Mon 31 Mar 2025 20:01:25 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:4080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:46:86:6c:8e:0b:df:4b:61:83:6f:61:0c:3a:c5:b9:5c:49:ba:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:01:25 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2c:c6:14:c5:10:43:93:dd:c0:59:1a:78:23:
                    45:7d:d2:2d:d9:e0:86:37:ba:5e:56:5b:6c:d8:14:
                    45:2a:6e:8a:32:3d:26:28:f5:8a:71:93:46:88:e8:
                    2e:92:20:93:7a:52:e5:4e:09:e2:5b:1b:11:eb:76:
                    12:f0:31:6a:47:6c:1d:a2:2d:a1:a4:f4:df:e7:e4:
                    dd:02:4c:47:6d:0e:d0:ee:fb:dd:2a:b0:6e:2e:60:
                    f5:6f:67:e1:db:80:1c:c6:a6:5e:a7:b1:a2:36:86:
                    a1:ac:f2:77:0a:21:f0:c5:41:0c:e2:c3:2b:f5:b4:
                    5d:80:e8:e5:f8:60:2d:91:65:97:b8:e6:bf:54:15:
                    a7:3a:f3:13:c0:93:55:bb:4c:30:67:9e:34:03:5a:
                    4e:a8:27:87:2e:eb:28:25:b4:35:4a:a4:e3:b0:0f:
                    0c:13:b0:b0:6a:2e:16:d8:2b:c5:2c:72:d6:38:04:
                    69:08:1a:b4:e8:20:ef:79:8f:cb:15:0e:d0:bb:58:
                    e0:21:90:9e:b3:be:c8:ad:40:34:32:c3:3a:45:4e:
                    f2:bd:43:3c:78:8d:22:94:cd:ac:a0:d8:c8:d8:f5:
                    32:01:46:f0:d4:2d:fd:f9:3e:e6:f7:7d:bd:f0:ca:
                    be:99:88:1d:8a:13:11:7c:1b:a1:2c:d2:9c:59:35:
                    27:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:3C:B4:67:94:5C:D0:A4:C6:2D:56:D4:73:0D:5E:63:A6:36:37:88
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/613f885a-7f25-486b-9eff-fdd6b2c05b65.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:4080::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:a3:ed:d5:1e:83:13:71:46:67:d0:91:01:62:f5:12:16:10:
         7e:d2:d8:54:d8:52:e2:e9:6e:85:ad:0c:5a:55:05:41:de:01:
         1e:4f:d7:ed:b7:16:f6:af:6a:c6:af:5f:58:0b:fd:1c:22:ea:
         ac:f4:28:7e:64:b5:49:ed:bd:4e:a9:8a:6c:03:f7:22:a2:be:
         7a:0d:f3:d5:41:4a:f6:c8:ad:12:bb:b4:60:2f:a7:aa:b2:b1:
         b4:63:27:46:36:5a:97:7a:16:7b:3a:d7:fb:56:79:cc:78:97:
         09:00:d7:d5:a1:63:02:68:3f:70:5a:f6:3c:7a:a7:5b:1f:24:
         fa:ff:ef:be:fe:c6:a5:d6:8e:2a:7a:17:32:8a:47:d6:28:7a:
         cf:18:e0:bf:c2:01:44:8b:e5:6b:a5:09:4f:53:e4:12:e9:9f:
         2c:d7:b7:18:09:88:7e:4b:91:bd:79:5c:ee:0f:18:89:f5:43:
         5a:b0:94:02:7d:de:fe:d1:b6:b2:20:95:80:af:0e:57:4f:1c:
         bd:71:d0:3b:15:01:d7:84:c5:95:98:0d:a8:b1:65:98:83:5a:
         5b:79:15:98:c4:4f:b2:51:30:93:70:3b:32:83:17:c1:a2:a6:
         49:08:8f:c2:43:d3:69:5a:88:bb:1a:83:a9:44:4c:2a:12:d0:
         71:bd:a8:c0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNUaGbI4L30thg29hDDrFuVxJuoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDAxMjVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGIxYWMzOTFlOTY4ZmRlZTI4ZDA3NmQ4MDE1ZjMwODI4NDJmYjZiMTkxMGY1
YTY1NDgzMzM2ZDZmYTMwYjQ1NjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJgsxhTFEEOT3cBZGngjRX3SLdnghje6XlZbbNgURSpuijI9Jij1inGTRojo
LpIgk3pS5U4J4lsbEet2EvAxakdsHaItoaT03+fk3QJMR20O0O773Sqwbi5g9W9n
4duAHMamXqexojaGoazydwoh8MVBDOLDK/W0XYDo5fhgLZFll7jmv1QVpzrzE8CT
VbtMMGeeNANaTqgnhy7rKCW0NUqk47APDBOwsGouFtgrxSxy1jgEaQgatOgg73mP
yxUO0LtY4CGQnrO+yK1ANDLDOkVO8r1DPHiNIpTNrKDYyNj1MgFG8NQt/fk+5vd9
vfDKvpmIHYoTEXwboSzSnFk1J90CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQfPLRn
lFzQpMYtVtRzDV5jpjY3iDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjEzZjg4NWEtN2YyNS00ODZiLTllZmYtZmRkNmIyYzA1YjY1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ABA
gDANBgkqhkiG9w0BAQsFAAOCAQEAGaPt1R6DE3FGZ9CRAWL1EhYQftLYVNhS4ulu
ha0MWlUFQd4BHk/X7bcW9q9qxq9fWAv9HCLqrPQofmS1Se29TqmKbAP3IqK+eg3z
1UFK9sitEru0YC+nqrKxtGMnRjZal3oWezrX+1Z5zHiXCQDX1aFjAmg/cFr2PHqn
Wx8k+v/vvv7GpdaOKnoXMopH1ih6zxjgv8IBRIvla6UJT1PkEumfLNe3GAmIfkuR
vXlc7g8YifVDWrCUAn3e/tG2siCVgK8OV08cvXHQOxUB14TFlZgNqLFlmINaW3kV
mMRPslEwk3A7MoMXwaKmSQiPwkPTaVqIuxqDqURMKhLQcb2owA==
-----END CERTIFICATE-----