Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/77bc679b-5199-43c2-8199-be5c04a6c0d9.roa
File:                     77bc679b-5199-43c2-8199-be5c04a6c0d9.roa (raw, json)
Hash identifier:          VmLdOUy7gWiK8ZcHgR0K83a4Pj6iQcnf0gcBeA5KSLE=
Subject key identifier:   9E:C5:F0:D9:E0:39:4E:B5:17:E5:47:D5:97:41:E5:22:2F:9A:12:B1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       28C90BEFCC80D5970C6886AC0C998886E5673AC8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/77bc679b-5199-43c2-8199-be5c04a6c0d9.roa
Signing time:             Mon 31 Mar 2025 19:51:05 +0000
ROA not before:           Mon 31 Mar 2025 19:51:05 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:c040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:c9:0b:ef:cc:80:d5:97:0c:68:86:ac:0c:99:88:86:e5:67:3a:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:51:05 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b8:73:32:bb:58:b5:0e:85:90:34:78:b5:bf:
                    9b:45:e7:c2:77:5a:9a:e7:99:11:1d:69:ce:6f:79:
                    29:bb:05:01:08:c6:a5:88:67:3c:44:29:5c:34:e6:
                    9d:a5:24:26:8a:e6:d2:b7:8f:35:e0:e9:9f:07:6f:
                    65:fb:e7:35:b2:32:c6:b2:0c:91:28:1f:13:0f:83:
                    05:10:78:f6:6e:62:68:c4:df:a1:7f:4c:36:3b:3e:
                    1b:a4:fb:81:ee:f9:cb:b3:63:0a:af:2b:11:1f:67:
                    fd:d0:e9:a7:32:9b:e0:a2:33:a2:07:5b:c1:23:a6:
                    6b:5e:d6:41:31:65:c7:66:57:52:9b:99:b6:70:7b:
                    00:86:91:27:20:8f:2e:0e:83:ca:91:af:cb:dd:72:
                    0f:31:11:ab:85:3b:2b:ab:88:25:68:22:12:80:c6:
                    6b:2e:e6:af:2e:65:4e:93:7d:e1:13:0e:8e:e2:24:
                    95:ef:8b:3d:23:60:d4:12:3c:9b:c2:e0:79:62:80:
                    ae:21:d2:5d:7b:a8:34:6e:09:74:65:73:74:3c:02:
                    4e:e9:49:8a:ba:02:b8:ab:2b:af:a4:a3:39:3d:f1:
                    79:5f:1f:9e:eb:2d:e4:c6:a1:84:d9:47:ff:6c:8c:
                    38:2b:3e:f8:e6:0a:bf:c7:19:fe:12:b6:4d:12:56:
                    2e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C5:F0:D9:E0:39:4E:B5:17:E5:47:D5:97:41:E5:22:2F:9A:12:B1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/77bc679b-5199-43c2-8199-be5c04a6c0d9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:c040::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:37:53:92:da:3d:b8:80:b4:f8:36:72:22:29:a0:ff:6d:d4:
         65:84:6a:21:10:25:cf:16:8d:c1:59:81:77:12:7a:3c:16:b2:
         3c:63:ff:f2:63:55:7c:12:f2:c6:21:e7:c4:f9:83:8d:7a:67:
         78:b1:1d:3e:9f:e1:2a:9c:3d:8b:a9:02:9d:f8:79:ea:ec:8d:
         f8:d0:00:1a:ac:e7:58:3e:ed:26:78:c0:b7:d1:47:db:c0:d9:
         ee:a3:2b:5c:1b:c1:3d:9d:49:f2:11:87:5f:40:7f:65:22:3d:
         e1:bb:bf:24:03:3c:f3:83:ff:9b:b6:ed:ae:80:c3:d4:dd:22:
         8e:1f:17:ff:f2:b7:b0:2a:bd:92:40:cf:2f:e8:ed:d2:b4:e1:
         e5:6d:60:ef:f3:6f:40:49:a5:62:13:a0:fa:66:ef:80:8d:05:
         94:92:df:e5:56:24:69:a5:8a:ee:d1:9c:0b:8a:55:e5:ed:4b:
         47:a6:7d:a5:2f:c3:f1:1e:0c:25:86:76:f5:09:d1:5e:1a:27:
         55:9b:89:34:35:f4:93:80:0d:91:a0:71:a6:43:4c:87:2f:5f:
         33:4d:3b:64:6f:7c:5e:1f:c8:bf:5c:c8:69:2c:77:42:6b:ee:
         06:a0:d8:c7:df:65:4e:b7:c3:65:d2:85:67:f3:c7:2b:4a:ad:
         4f:a9:e2:05
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUKMkL78yA1ZcMaIasDJmIhuVnOsgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUxMDVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDYyMjhjMzM5OGJkYjFkMjVlMjJkZjAwZTUzZjQ4NDQ1ZTAzZjU3Y2MzYTg2
ODNlNDAyNDYxNjczNTc1ZTMzMTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKe4czK7WLUOhZA0eLW/m0XnwndamueZER1pzm95KbsFAQjGpYhnPEQpXDTm
naUkJorm0rePNeDpnwdvZfvnNbIyxrIMkSgfEw+DBRB49m5iaMTfoX9MNjs+G6T7
ge75y7NjCq8rER9n/dDppzKb4KIzogdbwSOma17WQTFlx2ZXUpuZtnB7AIaRJyCP
Lg6DypGvy91yDzERq4U7K6uIJWgiEoDGay7mry5lTpN94RMOjuIkle+LPSNg1BI8
m8LgeWKAriHSXXuoNG4JdGVzdDwCTulJiroCuKsrr6SjOT3xeV8fnust5MahhNlH
/2yMOCs++OYKv8cZ/hK2TRJWLsECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSexfDZ
4DlOtRflR9WXQeUiL5oSsTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzdiYzY3OWItNTE5OS00M2MyLTgxOTktYmU1YzA0YTZjMGQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H/A
QDANBgkqhkiG9w0BAQsFAAOCAQEAAjdTkto9uIC0+DZyIimg/23UZYRqIRAlzxaN
wVmBdxJ6PBayPGP/8mNVfBLyxiHnxPmDjXpneLEdPp/hKpw9i6kCnfh56uyN+NAA
GqznWD7tJnjAt9FH28DZ7qMrXBvBPZ1J8hGHX0B/ZSI94bu/JAM884P/m7btroDD
1N0ijh8X//K3sCq9kkDPL+jt0rTh5W1g7/NvQEmlYhOg+mbvgI0FlJLf5VYkaaWK
7tGcC4pV5e1LR6Z9pS/D8R4MJYZ29QnRXhonVZuJNDX0k4ANkaBxpkNMhy9fM007
ZG98Xh/Iv1zIaSx3QmvuBqDYx99lTrfDZdKFZ/PHK0qtT6niBQ==
-----END CERTIFICATE-----