Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7cfb4167-bb34-4b3d-8c92-bcd5cab97a46.roa
File:                     7cfb4167-bb34-4b3d-8c92-bcd5cab97a46.roa (raw, json)
Hash identifier:          nwMV1E5x/Lt9hZ70wHyBcQRDFQzn6hv/uyJmU9QkQ2c=
Subject key identifier:   3D:1D:AF:C4:69:F6:F1:FA:CD:18:B2:9F:BE:65:A1:5E:20:F7:6C:A4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3409F22EFBBF30560B9199A2E0709DF0D4843ACE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7cfb4167-bb34-4b3d-8c92-bcd5cab97a46.roa
Signing time:             Mon 31 Mar 2025 20:20:19 +0000
ROA not before:           Mon 31 Mar 2025 20:20:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:1040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:09:f2:2e:fb:bf:30:56:0b:91:99:a2:e0:70:9d:f0:d4:84:3a:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:20:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:aa:ec:bb:48:48:00:e0:00:66:93:d6:36:b7:
                    09:7f:b2:2a:69:0a:8f:7b:9d:4d:fc:ed:c6:61:9e:
                    9c:5d:51:04:10:40:32:34:6d:ae:72:29:ba:33:3b:
                    3c:5e:43:cf:b3:23:bd:f6:57:c4:19:bc:9d:16:b0:
                    ed:43:a7:b6:a3:fe:60:db:63:c9:8d:d2:2f:85:e5:
                    3b:8b:eb:2f:e2:f0:33:55:4e:72:58:20:c2:c1:18:
                    47:33:d1:ab:2f:4d:14:a8:79:68:11:6b:66:1a:8f:
                    d2:4e:7c:c5:4d:48:58:48:a7:05:14:63:8c:ad:a3:
                    a3:4d:01:0f:ae:9c:4b:ea:1b:16:f4:49:ec:15:2f:
                    2c:0e:e0:7c:84:51:65:37:c7:18:2b:14:46:57:e1:
                    87:9f:71:13:49:b4:e6:59:d6:90:0d:96:19:c2:c9:
                    84:f1:c7:6e:10:f8:e9:d9:d4:1e:31:9a:e9:7d:c4:
                    a0:4d:9a:4a:d8:41:58:93:25:0a:b7:ca:60:e7:f7:
                    f8:98:c3:fe:6d:48:57:a3:40:09:dd:bc:bd:ea:51:
                    3e:78:84:57:52:6b:44:62:b7:b7:1b:e5:fe:bc:47:
                    24:0d:19:35:53:dc:84:f1:a3:e5:89:7b:05:ee:ed:
                    80:46:d6:f6:90:aa:9f:19:bb:ad:60:43:9c:b0:40:
                    da:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:1D:AF:C4:69:F6:F1:FA:CD:18:B2:9F:BE:65:A1:5E:20:F7:6C:A4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7cfb4167-bb34-4b3d-8c92-bcd5cab97a46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:1040::/46

    Signature Algorithm: sha256WithRSAEncryption
         a2:f6:e3:a1:8c:f9:95:68:0c:ca:c1:41:cb:45:3c:3c:15:1c:
         7e:10:5f:a5:3e:3e:56:97:d2:90:07:42:9e:b5:b2:b2:0e:37:
         02:e1:9a:8d:2e:81:ea:bb:10:4d:59:ce:fb:9e:f3:79:52:52:
         4d:56:a4:3f:1f:30:9a:3d:cd:9a:9d:44:be:b2:a9:ea:02:5a:
         35:7b:2b:90:6d:fb:87:30:b0:25:7a:ce:30:23:5e:e9:fe:7f:
         62:a7:95:e2:47:16:1c:9e:04:48:34:4c:bd:a1:0e:b0:6b:79:
         2b:b3:a3:cb:1a:01:0c:48:00:d1:a3:0d:d4:c2:aa:5b:e8:7f:
         01:20:1d:44:2e:b1:6f:e3:04:30:e5:91:12:a2:db:6b:38:30:
         bf:9b:97:6b:85:03:66:7c:7c:3f:8f:79:97:8d:a7:40:93:23:
         c0:50:5b:71:c7:3c:6b:17:4e:51:de:62:7b:21:11:ef:82:94:
         ee:a9:8a:44:75:5c:7c:d8:c7:bb:e1:c1:ba:ea:ae:82:8c:4b:
         23:e1:a6:34:1a:2b:82:94:2a:7a:5d:84:10:f0:b9:a1:d5:eb:
         d3:f9:76:d0:bd:f2:c4:fc:32:15:39:95:eb:9d:94:23:98:2a:
         37:cf:e8:94:c4:b0:12:ba:aa:d8:4b:3a:46:3c:24:e2:9a:b4:
         5a:5d:c2:f8
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNAnyLvu/MFYLkZmi4HCd8NSEOs4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIwMTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE2YzkwNGY3ZTA1MzdjNGJkZDcxZWU2ZDk2MDFmOTU4MDRlODNkOGE1ODZm
NWUyYjRiOGYyNDhlMTU3NmYwM2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPKq7LtISADgAGaT1ja3CX+yKmkKj3udTfztxmGenF1RBBBAMjRtrnIpujM7
PF5Dz7MjvfZXxBm8nRaw7UOntqP+YNtjyY3SL4XlO4vrL+LwM1VOclggwsEYRzPR
qy9NFKh5aBFrZhqP0k58xU1IWEinBRRjjK2jo00BD66cS+obFvRJ7BUvLA7gfIRR
ZTfHGCsURlfhh59xE0m05lnWkA2WGcLJhPHHbhD46dnUHjGa6X3EoE2aSthBWJMl
CrfKYOf3+JjD/m1IV6NACd28vepRPniEV1JrRGK3txvl/rxHJA0ZNVPchPGj5Yl7
Be7tgEbW9pCqnxm7rWBDnLBA2vECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQ9Ha/E
afbx+s0Ysp++ZaFeIPdspDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2NmYjQxNjctYmIzNC00YjNkLThjOTItYmNkNWNhYjk3YTQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HcQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAovbjoYz5lWgMysFBy0U8PBUcfhBfpT4+VpfS
kAdCnrWysg43AuGajS6B6rsQTVnO+57zeVJSTVakPx8wmj3Nmp1EvrKp6gJaNXsr
kG37hzCwJXrOMCNe6f5/YqeV4kcWHJ4ESDRMvaEOsGt5K7OjyxoBDEgA0aMN1MKq
W+h/ASAdRC6xb+MEMOWREqLbazgwv5uXa4UDZnx8P495l42nQJMjwFBbccc8axdO
Ud5ieyER74KU7qmKRHVcfNjHu+HBuuqugoxLI+GmNBorgpQqel2EEPC5odXr0/l2
0L3yxPwyFTmV652UI5gqN8/olMSwErqq2Es6Rjwk4pq0Wl3C+A==
-----END CERTIFICATE-----