Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/730c632c-0510-4eef-8649-b29c7a1d089b.roa
File:                     730c632c-0510-4eef-8649-b29c7a1d089b.roa (raw, json)
Hash identifier:          jrgm2F7/23My2HNmGmwxSo3tAUgLCm5Bblb312kKxVU=
Subject key identifier:   F7:45:EC:3C:D7:2D:F8:AC:71:86:52:B2:DC:16:DF:01:B0:7E:4C:4A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6B86011B99840226AF964425DD104B147C7A3EF7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/730c632c-0510-4eef-8649-b29c7a1d089b.roa
Signing time:             Mon 31 Mar 2025 19:11:06 +0000
ROA not before:           Mon 31 Mar 2025 19:11:06 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:2040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:86:01:1b:99:84:02:26:af:96:44:25:dd:10:4b:14:7c:7a:3e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:11:06 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c2:ae:28:6c:05:0a:15:8f:0c:fa:91:66:c1:
                    62:fd:89:f2:ca:47:09:b0:0c:ea:93:35:d3:45:1a:
                    d8:84:dc:88:49:37:fb:8b:36:2e:90:c8:ee:05:36:
                    a0:b2:1e:1a:60:c5:43:f8:84:27:f6:92:eb:e4:da:
                    7c:3e:79:05:e2:70:db:42:cd:e4:74:0f:61:88:bc:
                    4f:0f:63:de:33:93:43:ee:8e:b2:3d:76:48:6a:a0:
                    22:df:f4:70:09:1c:07:f9:58:c9:78:74:14:fd:3e:
                    27:26:c6:3b:f7:40:cc:4f:e7:45:ed:86:5e:5e:95:
                    2c:85:87:85:6b:9a:43:e9:d8:0c:2d:f8:f2:fb:b4:
                    e0:29:36:2b:6a:a7:d2:e2:d5:31:c6:80:3e:d4:8d:
                    06:ee:8a:8a:ee:56:92:f9:42:b3:33:d4:07:6e:1b:
                    35:9d:a3:92:b0:de:11:80:a7:dc:e5:ef:87:c1:2b:
                    df:19:07:3c:bf:0e:7e:da:32:48:0b:83:d7:67:2b:
                    7d:a6:41:84:0b:1f:d6:c8:a4:07:ce:2e:0f:6c:1a:
                    5e:4d:9e:47:1a:53:a9:f7:88:c0:14:ed:d4:92:8e:
                    a8:41:04:e1:2b:08:a2:29:77:b0:27:31:f3:f5:77:
                    b6:b6:46:98:75:c4:87:ac:07:7c:ae:79:75:ec:18:
                    af:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:45:EC:3C:D7:2D:F8:AC:71:86:52:B2:DC:16:DF:01:B0:7E:4C:4A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/730c632c-0510-4eef-8649-b29c7a1d089b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:1d:c9:5d:d6:10:06:5b:1b:11:2d:c6:71:18:7f:1d:be:94:
         85:27:a3:a8:fc:f9:ec:c5:1e:8e:5d:c6:98:51:6c:bb:b0:91:
         6e:a5:ee:7d:39:5f:06:cb:3e:f7:b6:bb:da:1e:e5:cb:8a:23:
         f3:0f:1f:b5:74:26:ef:79:e4:f7:3d:e3:7b:5c:fb:05:c9:43:
         31:dc:7f:8e:42:54:1d:5f:d1:15:de:83:ae:91:c6:bc:2b:3c:
         d5:c9:e5:dd:67:f5:0d:8f:5b:b3:8a:66:2e:d4:d7:dc:21:b7:
         9a:0e:25:11:87:de:1a:35:6c:5e:9b:33:8d:72:b8:2b:05:66:
         b2:09:99:e0:b3:07:3f:35:a5:84:3d:ed:d5:24:ff:72:36:2a:
         2b:2c:d8:4f:4f:24:9b:9d:2c:44:6b:3e:54:06:79:9f:ac:66:
         71:c4:7e:48:28:5b:b5:9d:ac:e8:1f:4d:dc:1a:d6:49:ee:6a:
         ce:d9:1d:ab:b3:a5:e1:53:72:f4:10:96:ad:fd:61:29:25:6e:
         64:46:11:8c:b2:4b:0b:5d:52:e6:8c:97:88:a8:c6:d4:5e:b7:
         12:06:ca:dc:20:13:37:a2:e2:4f:7e:76:4e:e1:1b:c5:c2:32:
         cc:f1:d9:9f:2b:90:5d:cd:6b:bb:39:a3:8d:34:b8:6f:e0:8b:
         84:01:b3:0e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUa4YBG5mEAiavlkQl3RBLFHx6PvcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTExMDZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDljN2IzNmYyZjM4NGU2NDhlMWQxNTQ5OTc0ZjM1YmRjZDUzNTNkYmE2MWY4
YWEzMjdhNDk4YzFiZDA1Mzk1ZTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALPCrihsBQoVjwz6kWbBYv2J8spHCbAM6pM100Ua2ITciEk3+4s2LpDI7gU2
oLIeGmDFQ/iEJ/aS6+TafD55BeJw20LN5HQPYYi8Tw9j3jOTQ+6Osj12SGqgIt/0
cAkcB/lYyXh0FP0+JybGO/dAzE/nRe2GXl6VLIWHhWuaQ+nYDC348vu04Ck2K2qn
0uLVMcaAPtSNBu6Kiu5WkvlCszPUB24bNZ2jkrDeEYCn3OXvh8Er3xkHPL8Oftoy
SAuD12crfaZBhAsf1sikB84uD2waXk2eRxpTqfeIwBTt1JKOqEEE4SsIoil3sCcx
8/V3trZGmHXEh6wHfK55dewYrzECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT3Rew8
1y34rHGGUrLcFt8BsH5MSjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzMwYzYzMmMtMDUxMC00ZWVmLTg2NDktYjI5YzdhMWQwODliLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DEg
QDANBgkqhkiG9w0BAQsFAAOCAQEAmB3JXdYQBlsbES3GcRh/Hb6UhSejqPz57MUe
jl3GmFFsu7CRbqXufTlfBss+97a72h7ly4oj8w8ftXQm73nk9z3je1z7BclDMdx/
jkJUHV/RFd6DrpHGvCs81cnl3Wf1DY9bs4pmLtTX3CG3mg4lEYfeGjVsXpszjXK4
KwVmsgmZ4LMHPzWlhD3t1ST/cjYqKyzYT08km50sRGs+VAZ5n6xmccR+SChbtZ2s
6B9N3BrWSe5qztkdq7Ol4VNy9BCWrf1hKSVuZEYRjLJLC11S5oyXiKjG1F63EgbK
3CATN6LiT352TuEbxcIyzPHZnyuQXc1ruzmjjTS4b+CLhAGzDg==
-----END CERTIFICATE-----