Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68b6fd3e-e06c-4456-bd88-6e8d9ce92b22.roa
File:                     68b6fd3e-e06c-4456-bd88-6e8d9ce92b22.roa (raw, json)
Hash identifier:          xQLKK14ogoLC15aVd5MDPegpE3pMvIgBmoR0ANywKtA=
Subject key identifier:   DB:9C:3A:5A:35:08:90:18:3D:3D:01:F2:66:D1:3C:32:66:EC:3C:C9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       11B635D85FD1224E7750A6D95EBBF3246FE3C36B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68b6fd3e-e06c-4456-bd88-6e8d9ce92b22.roa
Signing time:             Mon 31 Mar 2025 19:41:10 +0000
ROA not before:           Mon 31 Mar 2025 19:41:10 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:c000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:b6:35:d8:5f:d1:22:4e:77:50:a6:d9:5e:bb:f3:24:6f:e3:c3:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:41:10 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a5:b7:2e:17:42:af:00:1c:b6:99:ce:c4:81:
                    51:41:4d:b8:75:1e:85:49:73:3d:28:30:60:95:c3:
                    ee:88:0f:04:22:58:c6:53:aa:3d:c9:0f:fd:f4:d9:
                    0f:84:02:13:4d:e5:cd:f0:f8:0f:9b:85:02:97:e4:
                    4a:8c:d5:91:34:21:92:8e:69:00:97:21:69:ce:75:
                    d4:d9:8d:df:f3:e8:9b:63:1e:90:a3:c6:8e:6a:28:
                    3a:70:84:8b:f9:4a:cb:12:8a:c2:a8:b7:9d:06:8e:
                    d3:90:32:46:bc:c9:cc:eb:bf:79:67:3e:87:78:46:
                    da:61:11:e8:01:cb:6f:13:63:99:b7:a6:e1:6b:e5:
                    3b:f3:a9:52:bb:c2:2d:3c:b0:03:c0:1c:6f:f8:52:
                    d2:fb:e7:6e:91:ee:a0:67:7f:83:3b:90:ca:b4:2a:
                    1c:79:77:0f:ff:f4:27:f0:df:f3:66:c2:82:7a:f4:
                    b1:f3:3c:13:8c:c4:d7:ec:26:fd:21:f6:8e:41:36:
                    12:e2:0e:39:3c:d9:60:33:a4:6a:e0:8c:ac:90:e9:
                    8b:f4:56:06:51:43:4f:40:42:7e:99:73:f5:80:7a:
                    30:c3:c1:10:c7:60:c0:c0:c1:c9:7a:37:86:5d:de:
                    3f:fb:eb:2b:9d:27:48:c5:ea:23:13:47:a9:b4:cd:
                    ec:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9C:3A:5A:35:08:90:18:3D:3D:01:F2:66:D1:3C:32:66:EC:3C:C9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68b6fd3e-e06c-4456-bd88-6e8d9ce92b22.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         be:1c:f7:35:55:d2:28:ce:5b:62:b6:41:ba:7b:3c:c4:6e:2a:
         51:d2:95:ff:a0:ea:83:cc:8f:7a:da:a0:dc:57:77:01:d6:cd:
         41:85:7c:01:77:fe:13:49:20:ae:55:3c:4b:b9:46:bc:3b:9c:
         81:68:d8:19:7c:0a:7c:0a:df:84:82:0c:c1:d5:ad:e2:c7:db:
         1c:49:f1:46:83:a8:90:09:05:9c:4b:e9:73:50:b9:bc:f7:0e:
         fe:b7:50:89:a0:0c:96:9a:e3:ba:54:48:1a:dc:7c:17:dc:76:
         3d:1a:f1:2e:8e:80:40:e2:93:02:4a:46:4b:48:21:c2:13:43:
         1c:3c:45:d8:f0:86:d5:26:a8:b6:6b:1d:1d:21:14:55:89:87:
         50:f7:e8:20:6b:ab:b5:4d:c8:4d:8c:59:68:91:bd:91:93:72:
         89:5c:1c:d6:9b:a0:60:0f:c1:40:96:0e:0a:f9:53:c8:4e:e4:
         3c:90:c3:8c:20:a3:74:3b:51:5e:cf:7a:a7:6b:44:d7:4b:74:
         9c:fc:b6:60:14:02:3c:72:e7:ea:b4:d4:2e:1d:9b:47:88:ca:
         a0:7c:21:c1:24:09:d6:d9:e3:4c:14:8e:b7:4e:99:ba:a4:8e:
         3c:72:cc:9b:54:c8:c8:1b:0f:7a:0c:35:9e:6e:98:96:ee:a6:
         f9:2f:b0:5f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEbY12F/RIk53UKbZXrvzJG/jw2swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTQxMTBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJiZDYzZGMwMDJlNWY4ZDdmZGZmZDRlZTYyY2JiYTg4MzVkNTJhMTg3M2I4
NTY1NWY1NmRiYzRiMzhlMjljMDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMqlty4XQq8AHLaZzsSBUUFNuHUehUlzPSgwYJXD7ogPBCJYxlOqPckP/fTZ
D4QCE03lzfD4D5uFApfkSozVkTQhko5pAJchac511NmN3/Pom2MekKPGjmooOnCE
i/lKyxKKwqi3nQaO05AyRrzJzOu/eWc+h3hG2mER6AHLbxNjmbem4WvlO/OpUrvC
LTywA8Acb/hS0vvnbpHuoGd/gzuQyrQqHHl3D//0J/Df82bCgnr0sfM8E4zE1+wm
/SH2jkE2EuIOOTzZYDOkauCMrJDpi/RWBlFDT0BCfplz9YB6MMPBEMdgwMDByXo3
hl3eP/vrK50nSMXqIxNHqbTN7IkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTbnDpa
NQiQGD09AfJm0TwyZuw8yTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhiNmZkM2UtZTA2Yy00NDU2LWJkODgtNmU4ZDljZTkyYjIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HLA
MA0GCSqGSIb3DQEBCwUAA4IBAQC+HPc1VdIozltitkG6ezzEbipR0pX/oOqDzI96
2qDcV3cB1s1BhXwBd/4TSSCuVTxLuUa8O5yBaNgZfAp8Ct+EggzB1a3ix9scSfFG
g6iQCQWcS+lzULm89w7+t1CJoAyWmuO6VEga3HwX3HY9GvEujoBA4pMCSkZLSCHC
E0McPEXY8IbVJqi2ax0dIRRViYdQ9+gga6u1TchNjFlokb2Rk3KJXBzWm6BgD8FA
lg4K+VPITuQ8kMOMIKN0O1Fez3qna0TXS3Sc/LZgFAI8cufqtNQuHZtHiMqgfCHB
JAnW2eNMFI63Tpm6pI48csybVMjIGw96DDWebpiW7qb5L7Bf
-----END CERTIFICATE-----