Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7c4014b5-e4ed-43b6-a5d0-7a5e8a764e1a.roa
File:                     7c4014b5-e4ed-43b6-a5d0-7a5e8a764e1a.roa (raw, json)
Hash identifier:          72Y6cbN0J4Nh8B3iJWDteR+VoEcl0HdqbQ3v6gEixxU=
Subject key identifier:   18:81:A9:37:1F:A0:09:40:00:DB:48:CF:E7:E3:A6:05:2B:3D:7F:EA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5AD9ED4B5EAE97710512BA48F53CB7E45553C72B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7c4014b5-e4ed-43b6-a5d0-7a5e8a764e1a.roa
Signing time:             Mon 31 Mar 2025 19:01:03 +0000
ROA not before:           Mon 31 Mar 2025 19:01:03 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d074:20c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:d9:ed:4b:5e:ae:97:71:05:12:ba:48:f5:3c:b7:e4:55:53:c7:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:01:03 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:34:d4:d3:d3:e8:ed:1a:7c:9e:fd:e0:3e:d3:
                    d2:c7:65:bf:ae:23:4e:e7:03:27:8d:81:a3:77:e8:
                    10:e2:63:87:a8:ef:f1:82:43:be:bf:a6:eb:f8:cc:
                    5f:e5:8e:63:9e:9b:6f:62:20:48:6b:e9:9b:1a:b3:
                    2b:8b:81:92:9a:44:cf:b3:1f:b1:15:5e:d3:71:ea:
                    1f:1d:bb:50:fd:f7:ca:9c:d5:59:93:39:90:69:56:
                    aa:a6:d2:7e:47:a6:8b:9c:bd:72:b0:57:15:3f:5c:
                    88:55:46:d8:09:af:cf:4c:ee:30:ec:2a:c7:f9:d9:
                    db:13:52:8f:e6:68:91:d8:8d:50:87:d9:04:b6:18:
                    15:80:15:17:db:3f:5e:03:22:3e:1b:a6:10:10:2a:
                    64:08:aa:b3:97:8e:92:99:7a:0e:49:43:77:d6:2f:
                    c8:d3:dc:5c:34:0a:1d:d4:8e:76:ac:47:00:e5:a0:
                    20:dc:e0:19:0f:86:c6:fb:48:fd:e1:c9:53:8d:19:
                    b0:e0:a6:d1:fc:91:9f:77:62:39:ff:03:33:6d:ac:
                    f6:2f:ee:87:7b:7f:46:d5:de:52:b5:71:4f:dc:bc:
                    d4:9d:ce:0a:c8:5c:76:10:e2:5d:e1:69:36:30:ee:
                    3a:f6:0f:cb:fe:58:39:da:6f:ef:ee:75:b5:2e:cc:
                    0d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:81:A9:37:1F:A0:09:40:00:DB:48:CF:E7:E3:A6:05:2B:3D:7F:EA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7c4014b5-e4ed-43b6-a5d0-7a5e8a764e1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:20c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:b6:c3:9c:f6:20:7e:ad:f4:c2:69:78:3c:19:f4:c6:a6:67:
         9b:6e:03:59:19:1a:e8:67:e8:6f:93:bd:6e:a0:f6:a7:b9:ae:
         91:9e:60:3c:6c:5d:d6:92:d7:7b:cb:44:24:7a:79:8e:d4:c0:
         f0:7e:c2:92:5c:04:13:74:28:40:d4:3e:7a:57:dc:9a:1a:96:
         7f:9d:80:fe:9c:33:c4:79:5e:1f:b5:d6:bb:06:77:cb:e3:30:
         d3:6f:70:73:09:4f:b5:fe:60:51:4c:fa:3c:dc:5f:4b:76:d9:
         a8:2e:77:c2:c8:00:a6:7b:a8:9b:d6:c3:13:d2:11:3b:02:96:
         21:7d:e7:6f:7d:7e:86:38:9f:d9:5a:57:62:ea:4c:7c:6b:75:
         e2:c8:17:5d:38:7d:6a:86:a0:a2:e7:73:24:f5:59:91:80:51:
         aa:35:d1:4a:4a:3c:8b:bf:73:d2:09:4c:d5:d2:0f:57:00:bc:
         04:d6:ed:8f:23:9d:be:96:5c:30:8b:94:ef:20:5c:4d:2c:09:
         f4:58:c9:e1:af:2a:1e:6a:ff:d9:70:59:bd:49:83:88:fa:aa:
         a3:3d:81:33:4d:1a:6e:60:1d:a7:8c:27:09:8e:28:6b:37:e4:
         d3:a0:bf:89:af:3c:9e:e3:7d:3b:2a:f3:4b:1c:a1:c3:ac:99:
         46:15:ba:04
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUWtntS16ul3EFErpI9Ty35FVTxyswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTAxMDNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1MjdmMDM5ZTBhMWZhMDgwNDFhZmI5MDhmZmJlMjRlMDliZWM3MjQ3NDUz
NDEyYzAwYzg1OTgyODAxMDdiNGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO001NPT6O0afJ794D7T0sdlv64jTucDJ42Bo3foEOJjh6jv8YJDvr+m6/jM
X+WOY56bb2IgSGvpmxqzK4uBkppEz7MfsRVe03HqHx27UP33ypzVWZM5kGlWqqbS
fkemi5y9crBXFT9ciFVG2Amvz0zuMOwqx/nZ2xNSj+ZokdiNUIfZBLYYFYAVF9s/
XgMiPhumEBAqZAiqs5eOkpl6DklDd9YvyNPcXDQKHdSOdqxHAOWgINzgGQ+GxvtI
/eHJU40ZsOCm0fyRn3diOf8DM22s9i/uh3t/RtXeUrVxT9y81J3OCshcdhDiXeFp
NjDuOvYPy/5YOdpv7+51tS7MDZsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQYgak3
H6AJQADbSM/n46YFKz1/6jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2M0MDE0YjUtZTRlZC00M2I2LWE1ZDAtN2E1ZThhNzY0ZTFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HQg
wDANBgkqhkiG9w0BAQsFAAOCAQEAd7bDnPYgfq30wml4PBn0xqZnm24DWRka6Gfo
b5O9bqD2p7mukZ5gPGxd1pLXe8tEJHp5jtTA8H7CklwEE3QoQNQ+elfcmhqWf52A
/pwzxHleH7XWuwZ3y+Mw029wcwlPtf5gUUz6PNxfS3bZqC53wsgApnuom9bDE9IR
OwKWIX3nb31+hjif2VpXYupMfGt14sgXXTh9aoagoudzJPVZkYBRqjXRSko8i79z
0glM1dIPVwC8BNbtjyOdvpZcMIuU7yBcTSwJ9FjJ4a8qHmr/2XBZvUmDiPqqoz2B
M00abmAdp4wnCY4oazfk06C/ia88nuN9OyrzSxyhw6yZRhW6BA==
-----END CERTIFICATE-----