Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/75d0b5d9-2477-4d38-ab7a-0c60a33d8246.roa
File:                     75d0b5d9-2477-4d38-ab7a-0c60a33d8246.roa (raw, json)
Hash identifier:          7vqpZ/IOKwALZ2VWqmhIMZkdo+cqoR6ohqAW6+KjikU=
Subject key identifier:   7F:2D:F4:5E:4E:7C:A8:06:44:6F:DB:23:B2:8C:28:FB:50:1F:27:74
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       138470CA262EC6369B07B5EDFB93BD22312AC68A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/75d0b5d9-2477-4d38-ab7a-0c60a33d8246.roa
Signing time:             Mon 31 Mar 2025 19:00:59 +0000
ROA not before:           Mon 31 Mar 2025 19:00:59 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:6040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:84:70:ca:26:2e:c6:36:9b:07:b5:ed:fb:93:bd:22:31:2a:c6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:00:59 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ce:e9:ae:63:7e:9e:bc:16:44:4e:1d:d1:f1:
                    74:43:2b:6b:bc:e9:3a:dc:4c:d9:39:a1:c2:be:fa:
                    a3:76:a3:83:55:26:1c:51:1b:f5:3e:0e:6c:fe:9a:
                    1a:4a:a7:4d:9c:ac:57:8c:21:50:17:55:ba:0d:e4:
                    c8:42:64:74:de:4f:04:46:c2:26:65:34:5b:1c:93:
                    49:7c:93:03:9f:94:f6:03:75:4e:1a:22:7a:fa:14:
                    13:a5:cc:ea:5c:70:1f:73:61:8c:cd:02:d9:03:ab:
                    b1:7e:2a:25:67:58:73:1e:b6:36:d3:40:55:5d:3e:
                    29:30:18:52:9a:a5:81:ae:9c:b8:23:4f:92:84:22:
                    0d:1a:31:93:8e:94:fc:06:5a:6e:8b:ba:7d:23:e4:
                    68:6d:6c:ca:d7:fe:bd:03:03:45:f8:3c:16:d7:ed:
                    b0:38:f3:3d:fe:22:f2:5a:d6:f0:04:21:a4:db:cf:
                    06:64:24:8d:02:1f:96:19:98:6a:41:77:fe:3e:27:
                    cc:9f:54:c4:b4:95:52:c4:17:01:95:46:11:6c:96:
                    26:0a:3a:b9:01:c2:1a:37:be:19:60:60:25:16:15:
                    d4:e9:ac:68:6b:60:c5:d2:27:c9:e8:e3:cc:89:49:
                    58:2c:76:23:5d:35:4c:0c:1c:f9:50:9f:20:7c:40:
                    30:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:2D:F4:5E:4E:7C:A8:06:44:6F:DB:23:B2:8C:28:FB:50:1F:27:74
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/75d0b5d9-2477-4d38-ab7a-0c60a33d8246.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:6040::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:fc:10:02:f7:3f:66:9c:cc:9a:1e:bb:11:71:22:fa:f5:75:
         d1:0b:db:81:3b:b7:b6:31:ac:21:20:cc:6f:54:9d:2f:9f:69:
         60:4f:12:ca:24:ec:3b:c2:95:a8:84:ae:b6:53:dc:1a:cf:d5:
         7a:f3:d5:4d:12:6b:8d:85:b4:a7:c6:ab:1b:dd:9c:ed:1d:3a:
         2d:6d:fc:83:c1:21:e4:b9:42:4b:1e:dc:c3:7f:b4:37:ba:b0:
         76:0c:25:f5:c9:37:65:53:5f:be:9b:c6:3d:ff:78:48:43:7c:
         f4:07:b6:d4:4b:86:68:a0:45:d1:aa:77:0a:88:16:f2:32:22:
         37:4d:7f:6f:d5:fd:20:15:4e:62:8c:9c:82:6e:7b:fb:a2:15:
         d3:d4:17:a8:61:24:23:bb:45:dd:dc:7b:a3:f6:8d:9d:92:ad:
         2e:a0:11:07:d8:c8:80:9a:74:dc:0c:30:9d:a5:4b:1e:52:30:
         ca:ea:ba:01:1b:64:18:8b:e5:74:d0:3d:dd:2b:44:9b:de:7b:
         4d:3c:02:ae:52:05:ea:99:9e:03:3c:fd:0e:2c:55:e1:37:81:
         c9:d6:2c:ef:ce:34:f2:d2:c2:65:93:06:f0:27:be:c4:8e:fa:
         57:0a:ce:c3:b3:af:17:b4:5d:f4:34:1e:3a:32:ca:93:07:0e:
         c6:0e:e4:26
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUE4RwyiYuxjabB7Xt+5O9IjEqxoowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTAwNTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg3YTRhZTBmNTIyOWZiYWIyYjQwMGNhODYxY2NmMjhiYTJiOTI5ZmU0MGQ3
ZmU4ZmY4YWY1MmRhYjEwOTkxMGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALXO6a5jfp68FkROHdHxdEMra7zpOtxM2Tmhwr76o3ajg1UmHFEb9T4ObP6a
GkqnTZysV4whUBdVug3kyEJkdN5PBEbCJmU0WxyTSXyTA5+U9gN1ThoievoUE6XM
6lxwH3NhjM0C2QOrsX4qJWdYcx62NtNAVV0+KTAYUpqlga6cuCNPkoQiDRoxk46U
/AZabou6fSPkaG1sytf+vQMDRfg8FtftsDjzPf4i8lrW8AQhpNvPBmQkjQIflhmY
akF3/j4nzJ9UxLSVUsQXAZVGEWyWJgo6uQHCGje+GWBgJRYV1OmsaGtgxdInyejj
zIlJWCx2I101TAwc+VCfIHxAMGMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR/LfRe
TnyoBkRv2yOyjCj7UB8ndDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzVkMGI1ZDktMjQ3Ny00ZDM4LWFiN2EtMGM2MGEzM2Q4MjQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DFg
QDANBgkqhkiG9w0BAQsFAAOCAQEAbfwQAvc/ZpzMmh67EXEi+vV10QvbgTu3tjGs
ISDMb1SdL59pYE8SyiTsO8KVqISutlPcGs/VevPVTRJrjYW0p8arG92c7R06LW38
g8Eh5LlCSx7cw3+0N7qwdgwl9ck3ZVNfvpvGPf94SEN89Ae21EuGaKBF0ap3CogW
8jIiN01/b9X9IBVOYoycgm57+6IV09QXqGEkI7tF3dx7o/aNnZKtLqARB9jIgJp0
3AwwnaVLHlIwyuq6ARtkGIvldNA93StEm957TTwCrlIF6pmeAzz9DixV4TeBydYs
78408tLCZZMG8Ce+xI76VwrOw7OvF7Rd9DQeOjLKkwcOxg7kJg==
-----END CERTIFICATE-----