Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/64b71704-2a76-40c8-a5e1-57ebfb451913.roa
File:                     64b71704-2a76-40c8-a5e1-57ebfb451913.roa (raw, json)
Hash identifier:          PLxJ11FbxkyhIQlxnbc2M3z/QDpEZn5nzl3PgV++niA=
Subject key identifier:   AE:80:A6:0B:55:58:B1:47:92:21:35:3F:E1:38:B2:1F:3F:34:2C:30
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7D8E31C4148754D383364D763265289B0BFBD931
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/64b71704-2a76-40c8-a5e1-57ebfb451913.roa
Signing time:             Mon 31 Mar 2025 20:21:12 +0000
ROA not before:           Mon 31 Mar 2025 20:21:12 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:e080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:8e:31:c4:14:87:54:d3:83:36:4d:76:32:65:28:9b:0b:fb:d9:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:12 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d9:7d:7c:0a:33:c4:12:48:58:d8:83:3c:53:
                    05:73:20:dc:ad:fd:75:aa:11:2b:10:53:cd:ee:f6:
                    af:20:e0:9c:b1:a0:6c:b7:0b:35:09:c7:41:cb:1e:
                    eb:ba:a9:94:52:66:a4:9a:8b:f4:bf:ff:6a:c7:8f:
                    02:1f:0e:41:cb:17:a9:e7:c6:83:92:32:05:9e:f0:
                    13:4a:26:9f:71:5b:7d:34:cf:c3:82:ef:d8:d6:8e:
                    8a:09:a1:d2:8c:b8:c1:2d:5d:41:d3:23:95:c5:f0:
                    b9:79:3a:5e:a0:55:bc:19:8d:fd:30:cd:73:1b:37:
                    ae:43:e2:31:d2:24:20:7c:7b:c3:68:f2:46:2e:eb:
                    0e:84:82:3a:f0:a7:a9:7b:05:0c:d8:dd:2c:8f:8a:
                    95:43:7d:99:87:7d:30:9a:29:64:b6:fa:d0:2e:09:
                    94:37:35:43:35:15:69:ad:95:e8:98:7a:53:0a:63:
                    28:af:87:06:3e:45:01:b7:a8:a4:b8:8c:6e:e2:b7:
                    9b:55:24:81:4a:8d:1b:79:7a:02:83:29:c5:f4:8a:
                    c0:42:5d:8a:f9:2b:ae:45:4c:ce:29:9a:06:c8:0b:
                    c5:34:f0:42:5c:20:1f:db:95:3e:4a:a9:b9:c8:a3:
                    39:3c:8f:a5:78:38:cb:1f:58:f6:02:68:26:83:49:
                    06:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:80:A6:0B:55:58:B1:47:92:21:35:3F:E1:38:B2:1F:3F:34:2C:30
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/64b71704-2a76-40c8-a5e1-57ebfb451913.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:e080::/46

    Signature Algorithm: sha256WithRSAEncryption
         18:a4:2b:a6:fb:84:30:f1:6e:68:96:18:cf:58:55:5d:89:e8:
         11:19:e3:a4:09:c9:20:8f:c4:7c:4a:59:75:85:d8:91:1f:53:
         f9:2b:75:b7:63:7e:71:c2:2c:20:7a:fc:9c:a5:39:0c:4f:27:
         5d:c4:f6:02:73:2b:bd:07:85:eb:d3:ef:01:98:7c:10:10:56:
         52:2d:ba:62:c8:8c:c5:23:ed:ff:0f:21:d0:7d:2a:71:53:17:
         17:35:94:45:21:c5:7b:46:b5:7b:81:de:a4:56:75:f2:7b:57:
         2c:74:ba:8d:f3:b4:2d:fb:28:5b:1e:51:3b:b0:c8:81:1c:fb:
         7d:54:9a:f0:ed:b1:c5:3c:2d:2b:91:20:79:a3:04:67:3c:1c:
         44:d6:21:8f:c6:ad:ba:76:70:91:dc:c6:dc:cc:1a:16:45:ea:
         ba:5d:ce:3f:5b:52:e5:33:31:2a:14:4f:55:10:33:1a:3c:f8:
         77:f8:fe:d4:ab:fc:ca:de:25:d5:01:98:72:33:d3:38:9e:e5:
         1f:40:b5:7a:33:5b:80:c4:94:05:0f:eb:5c:41:14:21:d9:e9:
         c8:b7:27:a0:c6:8f:96:4c:da:95:d9:d7:95:78:40:5c:f2:7c:
         ac:42:06:c7:a5:79:24:4a:a0:bd:9a:f6:d0:07:de:97:fe:99:
         4f:84:e9:d7
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUfY4xxBSHVNODNk12MmUomwv72TEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxMTJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDZmNTNlY2VmMDhlN2VkMmM4NTFhY2Y5NGNjZWE5YWM2NjVjZTBjYThlZGYx
MjE5Mjg2OTE2ZGRkMmFjNzRiMDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMfZfXwKM8QSSFjYgzxTBXMg3K39daoRKxBTze72ryDgnLGgbLcLNQnHQcse
67qplFJmpJqL9L//asePAh8OQcsXqefGg5IyBZ7wE0omn3FbfTTPw4Lv2NaOigmh
0oy4wS1dQdMjlcXwuXk6XqBVvBmN/TDNcxs3rkPiMdIkIHx7w2jyRi7rDoSCOvCn
qXsFDNjdLI+KlUN9mYd9MJopZLb60C4JlDc1QzUVaa2V6Jh6UwpjKK+HBj5FAbeo
pLiMbuK3m1UkgUqNG3l6AoMpxfSKwEJdivkrrkVMzimaBsgLxTTwQlwgH9uVPkqp
ucijOTyPpXg4yx9Y9gJoJoNJBgkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSugKYL
VVixR5IhNT/hOLIfPzQsMDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjRiNzE3MDQtMmE3Ni00MGM4LWE1ZTEtNTdlYmZiNDUxOTEzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0Hfg
gDANBgkqhkiG9w0BAQsFAAOCAQEAGKQrpvuEMPFuaJYYz1hVXYnoERnjpAnJII/E
fEpZdYXYkR9T+St1t2N+ccIsIHr8nKU5DE8nXcT2AnMrvQeF69PvAZh8EBBWUi26
YsiMxSPt/w8h0H0qcVMXFzWURSHFe0a1e4HepFZ18ntXLHS6jfO0LfsoWx5RO7DI
gRz7fVSa8O2xxTwtK5EgeaMEZzwcRNYhj8atunZwkdzG3MwaFkXqul3OP1tS5TMx
KhRPVRAzGjz4d/j+1Kv8yt4l1QGYcjPTOJ7lH0C1ejNbgMSUBQ/rXEEUIdnpyLcn
oMaPlkzaldnXlXhAXPJ8rEIGx6V5JEqgvZr20Afel/6ZT4Tp1w==
-----END CERTIFICATE-----