Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
File:                     68ece0e7-075e-4bcd-873e-0c74882a8546.roa (raw, json)
Hash identifier:          4u+z2/y8UMKJGXqD8DJ4t19ET1ABUcEA06++1886zBA=
Subject key identifier:   FA:47:90:A6:E1:4E:A5:71:ED:0C:85:28:B0:20:04:4C:DE:2A:53:B3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       09314422C4EA16A303A9F6E6DD4B95C570E98F83
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
Signing time:             Mon 31 Mar 2025 19:51:42 +0000
ROA not before:           Mon 31 Mar 2025 19:51:42 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:8080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:31:44:22:c4:ea:16:a3:03:a9:f6:e6:dd:4b:95:c5:70:e9:8f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:51:42 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:f3:f6:a3:2f:02:dd:46:eb:5d:06:a0:5d:ec:
                    17:c1:83:4d:b0:ba:c6:3e:4d:23:7e:28:60:29:7f:
                    70:d9:74:43:80:87:dc:48:c6:89:fb:72:c9:92:b3:
                    a4:b6:e4:a6:1d:fc:d0:18:d1:df:14:0d:3e:ab:16:
                    37:50:ee:5d:3b:33:c6:2a:aa:ce:d1:cf:42:61:84:
                    61:cc:bd:d7:07:14:1b:a8:59:c9:71:49:7d:4c:a0:
                    54:00:bf:82:04:39:9d:61:65:a3:a4:8e:99:cf:49:
                    6b:5b:89:88:3b:37:6a:2c:9b:36:00:0b:88:42:52:
                    03:c8:6c:83:a6:83:64:58:6c:31:07:53:b1:48:ca:
                    35:1f:80:af:95:e1:73:a4:ae:b8:51:44:c3:23:9e:
                    b4:aa:b1:49:58:01:8d:38:c7:c4:93:06:5f:eb:94:
                    78:fc:79:86:b0:5c:1f:17:4c:e1:78:b6:2e:a2:53:
                    aa:10:1a:26:09:92:8b:b5:4d:74:77:a0:d0:04:93:
                    e6:c2:82:80:9e:4e:47:2d:b4:32:b7:f5:ef:78:58:
                    fb:31:3a:c2:bd:d3:e8:d8:fb:8f:fc:60:cc:17:28:
                    ba:e7:c3:74:f8:c6:f3:d9:68:8a:74:a6:eb:eb:1d:
                    6e:18:75:f0:20:2d:dd:29:b9:cc:8a:a0:b5:bb:a9:
                    e2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:47:90:A6:E1:4E:A5:71:ED:0C:85:28:B0:20:04:4C:DE:2A:53:B3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:8080::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:df:d1:e8:86:24:ee:c7:41:94:9e:d5:9c:35:00:8c:7a:e0:
         3b:79:05:c8:62:42:dd:7a:31:66:ed:02:61:d2:ff:8c:06:dd:
         f3:4b:4e:6d:b3:0d:da:81:98:50:96:d9:90:0b:e8:be:28:2a:
         26:00:aa:78:2b:59:80:00:4a:09:ad:41:e7:d0:41:49:05:7b:
         d3:dc:78:e4:56:f2:39:2f:38:eb:61:a7:45:77:b9:cf:8a:c0:
         65:ed:40:e1:b8:c9:c9:ad:20:be:ff:56:b0:f8:22:fe:16:9e:
         7a:22:a6:3c:91:a3:64:c1:ac:81:f2:e5:f2:82:6a:00:9f:52:
         ba:19:44:bf:25:bf:9f:55:a8:18:c5:0d:6b:5c:6b:39:6f:2f:
         22:74:6f:c7:24:ce:e5:a9:25:a2:3f:fe:92:3c:fc:69:23:6b:
         1f:ff:bf:18:be:32:07:dc:05:25:30:66:a9:44:0e:9e:94:a5:
         02:4a:a5:7f:ab:80:67:1b:6f:5b:5d:63:cb:03:f0:a7:38:36:
         5c:aa:20:4d:f1:32:bc:96:ad:5b:e0:8f:14:e4:91:87:a6:c1:
         48:f9:0e:b6:3f:eb:62:4c:35:09:fc:07:ab:d3:b2:83:86:52:
         53:c0:d0:1d:e8:88:38:b1:ac:c4:1c:9c:5e:56:25:43:c5:ed:
         3b:b9:e2:7b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCTFEIsTqFqMDqfbm3UuVxXDpj4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUxNDJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ1YWJlN2VlNTBkYzI3MzUxM2E5MmMwOTQyZWJlOWJkMTg0NzBhOTllMzhi
NzI0OWVhODYxZmFjODczY2RhNGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOrz9qMvAt1G610GoF3sF8GDTbC6xj5NI34oYCl/cNl0Q4CH3EjGiftyyZKz
pLbkph380BjR3xQNPqsWN1DuXTszxiqqztHPQmGEYcy91wcUG6hZyXFJfUygVAC/
ggQ5nWFlo6SOmc9Ja1uJiDs3aiybNgALiEJSA8hsg6aDZFhsMQdTsUjKNR+Ar5Xh
c6SuuFFEwyOetKqxSVgBjTjHxJMGX+uUePx5hrBcHxdM4Xi2LqJTqhAaJgmSi7VN
dHeg0AST5sKCgJ5ORy20Mrf173hY+zE6wr3T6Nj7j/xgzBcouufDdPjG89loinSm
6+sdbhh18CAt3Sm5zIqgtbup4hcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT6R5Cm
4U6lce0MhSiwIARM3ipTszAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhlY2UwZTctMDc1ZS00YmNkLTg3M2UtMGM3NDg4MmE4NTQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
gDANBgkqhkiG9w0BAQsFAAOCAQEASt/R6IYk7sdBlJ7VnDUAjHrgO3kFyGJC3Xox
Zu0CYdL/jAbd80tObbMN2oGYUJbZkAvovigqJgCqeCtZgABKCa1B59BBSQV709x4
5FbyOS8462GnRXe5z4rAZe1A4bjJya0gvv9WsPgi/haeeiKmPJGjZMGsgfLl8oJq
AJ9SuhlEvyW/n1WoGMUNa1xrOW8vInRvxyTO5akloj/+kjz8aSNrH/+/GL4yB9wF
JTBmqUQOnpSlAkqlf6uAZxtvW11jywPwpzg2XKogTfEyvJatW+CPFOSRh6bBSPkO
tj/rYkw1CfwHq9Oyg4ZSU8DQHeiIOLGsxBycXlYlQ8XtO7niew==
-----END CERTIFICATE-----