Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/78494449-3e47-40f2-978c-5903f9d1303d.roa
File:                     78494449-3e47-40f2-978c-5903f9d1303d.roa (raw, json)
Hash identifier:          PBXdZPWpDrAkDVmPFPla59fSJkkTlKUHR6UZ+bbrSbg=
Subject key identifier:   49:35:74:CC:CA:6B:CB:77:D4:5E:F7:33:08:3A:A8:4A:90:30:15:C1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       465BCD99758FA744E91A735DA6AF139383931F7E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/78494449-3e47-40f2-978c-5903f9d1303d.roa
Signing time:             Mon 31 Mar 2025 19:51:32 +0000
ROA not before:           Mon 31 Mar 2025 19:51:32 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d074:60c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:5b:cd:99:75:8f:a7:44:e9:1a:73:5d:a6:af:13:93:83:93:1f:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:51:32 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:27:e0:5e:93:c7:be:4b:33:0b:3f:74:4a:23:
                    f8:0b:c4:4d:db:85:43:5b:d7:1b:ea:c7:60:77:1a:
                    0d:70:38:20:30:e9:21:be:8d:e2:6e:b8:19:75:13:
                    2b:c2:4c:f6:c2:c5:46:11:2f:b7:af:28:7a:52:11:
                    fa:5b:70:5d:c1:2b:9f:f6:e9:de:cf:ac:6d:4d:ed:
                    8c:c6:d1:f0:21:db:73:9e:b9:eb:1a:c2:39:ce:91:
                    27:b2:0c:ec:c8:6e:de:1e:ce:ee:81:28:59:c3:19:
                    34:98:66:b9:0b:3c:44:30:30:9e:f7:96:87:b8:39:
                    40:b1:40:03:b9:43:3d:6d:4b:39:1d:3e:0b:96:da:
                    0d:2c:29:1f:24:08:a0:ce:49:dd:8f:37:55:4e:40:
                    11:56:28:3e:10:02:82:e1:e0:43:0f:2c:39:0f:fc:
                    f2:28:1b:f9:9f:bd:58:79:a3:14:9a:b2:ea:35:be:
                    48:43:e5:98:a3:1b:51:0b:d2:15:d3:70:59:f8:1a:
                    c7:49:3e:cb:a4:63:7f:76:2d:68:7b:90:54:98:f8:
                    c3:1b:1e:54:a3:fa:b5:a0:5d:2e:04:3c:26:ce:a2:
                    c4:01:6d:85:5c:0f:87:9b:58:4e:1a:9a:53:d3:4b:
                    88:58:e5:df:7b:4a:f5:dc:c0:af:5a:92:2b:57:32:
                    d5:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:35:74:CC:CA:6B:CB:77:D4:5E:F7:33:08:3A:A8:4A:90:30:15:C1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/78494449-3e47-40f2-978c-5903f9d1303d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:60c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:03:a6:52:53:ed:7a:a2:73:59:ba:b0:cf:8f:7c:25:f4:5d:
         f4:03:9a:01:cb:3f:8a:0a:85:58:11:fa:41:88:03:cd:18:a2:
         d5:24:25:11:26:a7:70:b3:2a:64:a8:62:d5:83:5d:f5:4d:c6:
         28:aa:95:6b:ca:65:a8:8b:eb:0e:40:4b:a9:b8:19:66:44:9b:
         b7:2c:23:30:fb:4b:e8:c3:9a:ae:de:56:27:fd:0c:14:1f:ad:
         c0:a0:30:35:f0:93:73:f5:86:77:99:61:a1:18:aa:dd:35:46:
         74:5a:36:60:a1:7e:9e:90:be:28:c5:10:52:63:04:8d:05:46:
         80:9f:b9:50:ab:40:36:e4:7a:83:d5:ea:8e:ca:f6:2c:8d:72:
         3c:b3:c0:b7:00:f5:66:c8:b1:38:23:ff:2a:48:e3:7f:69:84:
         9b:7e:a9:08:d2:b4:89:e3:39:df:3b:a8:f4:f0:6b:d8:b4:95:
         05:03:32:ac:4c:e6:ca:32:10:6b:de:6b:14:0e:2c:05:a4:7c:
         f5:2a:82:95:0c:b7:c9:a1:62:36:72:53:6a:7a:57:ea:43:d7:
         39:71:ac:78:19:79:66:f7:a0:d0:04:55:a8:9b:48:03:3d:b6:
         08:24:72:d3:76:e2:b8:1d:e6:21:0d:57:22:cc:49:03:41:f1:
         11:c6:3e:37
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURlvNmXWPp0TpGnNdpq8Tk4OTH34wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUxMzJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiZWY0ODE2MDFlZDcwYjhkNDBiYjAxMDAzOTJlZjNjNjA0MDI5YjcwNzJm
Y2UxMWE5MTNhYjI3NDg1OGI2ZGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYn4F6Tx75LMws/dEoj+AvETduFQ1vXG+rHYHcaDXA4IDDpIb6N4m64GXUT
K8JM9sLFRhEvt68oelIR+ltwXcErn/bp3s+sbU3tjMbR8CHbc5656xrCOc6RJ7IM
7Mhu3h7O7oEoWcMZNJhmuQs8RDAwnveWh7g5QLFAA7lDPW1LOR0+C5baDSwpHyQI
oM5J3Y83VU5AEVYoPhACguHgQw8sOQ/88igb+Z+9WHmjFJqy6jW+SEPlmKMbUQvS
FdNwWfgax0k+y6Rjf3YtaHuQVJj4wxseVKP6taBdLgQ8Js6ixAFthVwPh5tYThqa
U9NLiFjl33tK9dzAr1qSK1cy1Q8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRJNXTM
ymvLd9Re9zMIOqhKkDAVwTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Nzg0OTQ0NDktM2U0Ny00MGYyLTk3OGMtNTkwM2Y5ZDEzMDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HRg
wDANBgkqhkiG9w0BAQsFAAOCAQEACQOmUlPteqJzWbqwz498JfRd9AOaAcs/igqF
WBH6QYgDzRii1SQlESancLMqZKhi1YNd9U3GKKqVa8plqIvrDkBLqbgZZkSbtywj
MPtL6MOart5WJ/0MFB+twKAwNfCTc/WGd5lhoRiq3TVGdFo2YKF+npC+KMUQUmME
jQVGgJ+5UKtANuR6g9Xqjsr2LI1yPLPAtwD1ZsixOCP/Kkjjf2mEm36pCNK0ieM5
3zuo9PBr2LSVBQMyrEzmyjIQa95rFA4sBaR89SqClQy3yaFiNnJTanpX6kPXOXGs
eBl5Zveg0ARVqJtIAz22CCRy03biuB3mIQ1XIsxJA0HxEcY+Nw==
-----END CERTIFICATE-----