Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7b0ce42c-74e9-48e1-9efc-180e262c3bc8.roa
File:                     7b0ce42c-74e9-48e1-9efc-180e262c3bc8.roa (raw, json)
Hash identifier:          hZm1K1/CQgGS1TymtumLbOsDRbhWHZDQFbqQOEW0+p0=
Subject key identifier:   DC:BB:F3:A1:D9:AF:40:D2:C7:9A:57:BD:28:02:8B:57:2C:96:58:04
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6C71ECC6F43C24A7E5A1447B93274BCC0CC83D0E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7b0ce42c-74e9-48e1-9efc-180e262c3bc8.roa
Signing time:             Wed 26 Mar 2025 19:21:58 +0000
ROA not before:           Wed 26 Mar 2025 19:21:58 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:880::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:71:ec:c6:f4:3c:24:a7:e5:a1:44:7b:93:27:4b:cc:0c:c8:3d:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:21:58 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:27:42:07:76:09:06:60:11:33:cf:fc:c5:36:
                    b2:0a:d1:90:02:44:6f:36:47:fa:05:10:d2:cb:5d:
                    26:11:0c:b9:a7:32:0b:8b:ea:5a:cc:69:14:12:07:
                    bd:40:02:68:19:73:06:6a:32:38:91:2f:00:0d:1c:
                    64:b2:10:a7:06:5a:33:12:86:fe:18:11:2b:48:5f:
                    e1:17:5a:bf:e5:a2:9e:10:a9:42:25:62:9d:0f:d8:
                    de:f7:33:b3:4e:59:73:98:be:d6:3e:1d:79:1a:51:
                    08:69:05:da:67:3f:e1:55:09:6b:07:88:50:da:61:
                    e5:f1:68:6e:f4:89:21:65:66:e9:14:4a:36:5d:eb:
                    cd:43:97:e5:c9:62:b7:9f:4f:6c:fb:44:7f:29:45:
                    ed:58:8d:ca:f9:db:36:a5:48:40:f0:09:84:e8:00:
                    74:bc:ed:cd:1c:07:a0:83:3b:d2:ed:18:75:d8:ef:
                    a8:ae:37:41:32:12:1e:3f:dd:d6:05:cb:d2:d2:f4:
                    e6:11:9d:f7:4b:44:ed:9e:fe:f4:ff:2c:02:d4:0e:
                    08:1a:d2:18:52:0f:29:12:e6:4b:47:c3:8d:4a:cd:
                    ad:6b:4d:ad:b2:09:01:3c:d0:c2:09:d6:a8:74:53:
                    9a:41:d6:a9:3d:8e:47:71:af:00:6d:0f:40:b1:6d:
                    36:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BB:F3:A1:D9:AF:40:D2:C7:9A:57:BD:28:02:8B:57:2C:96:58:04
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7b0ce42c-74e9-48e1-9efc-180e262c3bc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:880::/46

    Signature Algorithm: sha256WithRSAEncryption
         7b:af:2d:b1:46:83:96:7d:45:f6:f2:7b:54:9d:24:3b:42:20:
         f3:1f:c3:24:d1:ee:39:00:b7:c1:f8:4e:01:eb:86:8e:e7:15:
         3e:7c:cc:1f:bc:2c:ab:90:02:48:13:7a:ff:85:52:cb:dd:3e:
         2c:0c:fd:c1:f6:f3:71:0d:b3:f7:57:8a:e8:f0:f8:d7:cd:8a:
         ca:e4:40:86:dd:c4:87:0b:27:21:e7:45:be:88:15:cd:6a:9a:
         51:58:c3:ba:e2:ed:b7:fc:9b:2c:30:9a:e6:4c:a4:0f:7f:2f:
         63:d5:97:82:76:e2:52:78:03:9d:dd:40:f0:c1:8f:99:b7:67:
         07:29:e6:b1:7d:23:e9:d7:9c:2d:c2:c7:c5:cb:e8:4d:46:39:
         7d:67:d5:c7:63:a0:0c:b5:e8:c3:d2:53:16:50:2a:ce:b0:de:
         18:e2:77:8d:0f:e2:e7:30:92:7a:6e:d8:ad:60:a5:06:d2:bc:
         ac:31:0a:22:0b:99:c9:90:95:1f:19:cf:3c:36:f9:00:95:c8:
         32:cf:fe:50:2e:57:c4:d2:4b:75:54:14:25:66:86:2d:8b:31:
         21:99:63:0d:5f:07:0e:25:54:9d:a2:64:79:c4:87:6b:ba:d5:
         ae:3e:3e:c3:fe:c6:a6:20:ea:03:d6:41:61:56:d4:ac:3d:03:
         97:92:78:84
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbHHsxvQ8JKfloUR7kydLzAzIPQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTIxNThaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGJhMWIzMGVlNDIwYTkwZDg5Njc4NDY2OTRhNGE3NWM1YzY3MWQxMjFmOWIx
YzY4Y2VmMGNkZDdjNzQ1MzA3OTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJYnQgd2CQZgETPP/MU2sgrRkAJEbzZH+gUQ0stdJhEMuacyC4vqWsxpFBIH
vUACaBlzBmoyOJEvAA0cZLIQpwZaMxKG/hgRK0hf4Rdav+WinhCpQiVinQ/Y3vcz
s05Zc5i+1j4deRpRCGkF2mc/4VUJaweIUNph5fFobvSJIWVm6RRKNl3rzUOX5cli
t59PbPtEfylF7ViNyvnbNqVIQPAJhOgAdLztzRwHoIM70u0YddjvqK43QTISHj/d
1gXL0tL05hGd90tE7Z7+9P8sAtQOCBrSGFIPKRLmS0fDjUrNrWtNrbIJATzQwgnW
qHRTmkHWqT2OR3GvAG0PQLFtNi0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTcu/Oh
2a9A0seaV70oAotXLJZYBDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2IwY2U0MmMtNzRlOS00OGUxLTllZmMtMTgwZTI2MmMzYmM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HcI
gDANBgkqhkiG9w0BAQsFAAOCAQEAe68tsUaDln1F9vJ7VJ0kO0Ig8x/DJNHuOQC3
wfhOAeuGjucVPnzMH7wsq5ACSBN6/4VSy90+LAz9wfbzcQ2z91eK6PD4182KyuRA
ht3EhwsnIedFvogVzWqaUVjDuuLtt/ybLDCa5kykD38vY9WXgnbiUngDnd1A8MGP
mbdnBynmsX0j6decLcLHxcvoTUY5fWfVx2OgDLXow9JTFlAqzrDeGOJ3jQ/i5zCS
em7YrWClBtK8rDEKIguZyZCVHxnPPDb5AJXIMs/+UC5XxNJLdVQUJWaGLYsxIZlj
DV8HDiVUnaJkecSHa7rVrj4+w/7GpiDqA9ZBYVbUrD0Dl5J4hA==
-----END CERTIFICATE-----