Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a8386ee-14fb-4089-92bd-6b4b1c9c01a5.roa
File:                     7a8386ee-14fb-4089-92bd-6b4b1c9c01a5.roa (raw, json)
Hash identifier:          KEbxJmUzAeH5PNUHrQJNtOtQ4MdvzQwQVmMH79jbVDI=
Subject key identifier:   89:3D:98:46:CA:23:06:EA:E5:D7:BF:B1:AB:0B:D1:7C:39:29:99:8B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       17B720BBA5F2C4C073FC9889F125DEEE5AB0EDD4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a8386ee-14fb-4089-92bd-6b4b1c9c01a5.roa
Signing time:             Mon 31 Mar 2025 20:10:22 +0000
ROA not before:           Mon 31 Mar 2025 20:10:22 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:5080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:b7:20:bb:a5:f2:c4:c0:73:fc:98:89:f1:25:de:ee:5a:b0:ed:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:10:22 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d3:a4:95:0d:91:39:eb:c2:83:1c:29:cd:a5:
                    cf:02:dc:0c:ab:59:bc:2f:56:ba:f0:5c:6a:13:af:
                    4c:f0:74:4f:3e:7a:86:63:1f:1a:ef:37:fd:bc:00:
                    55:11:cd:70:1f:95:65:a2:25:4a:6d:36:98:d9:4f:
                    7f:5c:60:ef:cb:4d:9f:5f:56:61:9e:b3:df:53:a4:
                    06:8f:4a:0d:4a:a7:65:f9:58:6c:6a:32:a7:92:cb:
                    d1:12:5b:3b:f6:41:a2:85:d9:6c:62:99:69:8f:43:
                    5a:b6:bf:80:b3:93:29:1c:23:c0:4a:a9:ec:da:51:
                    bd:01:33:41:78:a7:d6:40:0a:22:13:27:cf:c1:4a:
                    74:6f:51:6c:43:09:88:1e:ce:1b:b3:90:08:9c:e3:
                    e4:27:75:7f:57:fa:32:e5:05:1e:6e:5e:e6:f9:0c:
                    3a:b3:d2:90:3e:97:a5:14:1c:fb:99:32:cc:29:e8:
                    0b:69:9d:23:13:49:52:11:b5:01:cf:3b:17:c3:c3:
                    c2:f4:4a:56:c7:69:93:c4:46:ff:5f:64:bb:58:45:
                    c6:b8:5b:47:96:25:47:cd:12:84:9e:5a:14:63:e5:
                    d6:7a:25:5c:46:a0:63:98:42:78:36:f6:ef:05:55:
                    9e:f9:be:72:3e:76:1a:8c:55:dc:72:7d:94:bf:cf:
                    76:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:3D:98:46:CA:23:06:EA:E5:D7:BF:B1:AB:0B:D1:7C:39:29:99:8B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a8386ee-14fb-4089-92bd-6b4b1c9c01a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:5080::/46

    Signature Algorithm: sha256WithRSAEncryption
         7d:3b:1b:63:10:1b:f5:5b:88:2a:e5:91:9e:02:a7:5b:10:80:
         a7:91:2f:df:3e:93:56:94:52:7b:77:0e:ff:9f:bb:f9:19:a6:
         c3:5d:bb:12:58:a2:f9:d5:4c:91:f3:17:f5:68:a5:31:93:2a:
         ab:cd:dc:2a:3a:db:a5:b5:95:d3:75:9a:99:3d:ab:51:11:73:
         2b:27:82:20:97:da:d7:03:47:25:86:8a:a0:1d:a8:68:75:66:
         f4:77:9c:ef:3e:5c:50:d4:98:7d:5f:02:18:1c:22:7f:37:d1:
         e1:44:6d:46:9f:bb:07:37:28:a9:9e:78:f3:e9:b2:74:17:36:
         e1:30:7d:45:b7:c2:ad:36:4f:36:c0:82:dd:f9:c1:6d:01:b4:
         97:57:33:b4:e9:1a:bd:2f:88:2d:36:10:3b:e7:af:d5:3e:14:
         89:d4:8e:c0:12:6b:c1:23:f9:94:46:12:55:81:31:ec:0a:74:
         26:de:ec:ad:82:20:ce:3b:0c:e5:11:3e:90:b3:79:e5:6e:8b:
         97:49:ca:7e:f9:53:b1:74:d3:f9:d7:33:7c:19:da:e3:6e:c8:
         a9:d1:2d:42:67:36:5d:5f:cf:6a:df:76:ff:73:60:ce:a5:5e:
         fe:f0:47:63:45:24:ac:82:3c:b4:15:16:dd:af:33:b4:24:a7:
         a7:10:16:06
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUF7cgu6XyxMBz/JiJ8SXe7lqw7dQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDEwMjJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZkNDBiMmFmOWFmNTE2NDM5ZWM5NTdjY2VkYWNiZDA4ZTU5OTcyZDI2Yzgw
M2IwNmZhMTgwNGQ1MDU3NjQ2YmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvTpJUNkTnrwoMcKc2lzwLcDKtZvC9WuvBcahOvTPB0Tz56hmMfGu83/bwA
VRHNcB+VZaIlSm02mNlPf1xg78tNn19WYZ6z31OkBo9KDUqnZflYbGoyp5LL0RJb
O/ZBooXZbGKZaY9DWra/gLOTKRwjwEqp7NpRvQEzQXin1kAKIhMnz8FKdG9RbEMJ
iB7OG7OQCJzj5Cd1f1f6MuUFHm5e5vkMOrPSkD6XpRQc+5kyzCnoC2mdIxNJUhG1
Ac87F8PDwvRKVsdpk8RG/19ku1hFxrhbR5YlR80ShJ5aFGPl1nolXEagY5hCeDb2
7wVVnvm+cj52GoxV3HJ9lL/PdvcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSJPZhG
yiMG6uXXv7GrC9F8OSmZizAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2E4Mzg2ZWUtMTRmYi00MDg5LTkyYmQtNmI0YjFjOWMwMWE1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DVQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAfTsbYxAb9VuIKuWRngKnWxCAp5Ev3z6TVpRS
e3cO/5+7+Rmmw127Elii+dVMkfMX9WilMZMqq83cKjrbpbWV03WamT2rURFzKyeC
IJfa1wNHJYaKoB2oaHVm9Hec7z5cUNSYfV8CGBwifzfR4URtRp+7BzcoqZ548+my
dBc24TB9RbfCrTZPNsCC3fnBbQG0l1cztOkavS+ILTYQO+ev1T4UidSOwBJrwSP5
lEYSVYEx7Ap0Jt7srYIgzjsM5RE+kLN55W6Ll0nKfvlTsXTT+dczfBna427IqdEt
Qmc2XV/Pat92/3NgzqVe/vBHY0UkrII8tBUW3a8ztCSnpxAWBg==
-----END CERTIFICATE-----