Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/80a87408-515b-45b1-aa62-7e6516358bb6.roa
File:                     80a87408-515b-45b1-aa62-7e6516358bb6.roa (raw, json)
Hash identifier:          K21d9VXgyoTLkYeu7UAcMN3+8W00sp9PMzhDNJVKYbw=
Subject key identifier:   EB:B7:6D:39:5B:6F:F8:23:9B:3A:83:26:71:DE:A0:FF:C8:1A:62:BC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5B851F06CA8ECE85A487121D16444F4383B5398B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/80a87408-515b-45b1-aa62-7e6516358bb6.roa
Signing time:             Mon 31 Mar 2025 20:21:32 +0000
ROA not before:           Mon 31 Mar 2025 20:21:32 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:10c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:85:1f:06:ca:8e:ce:85:a4:87:12:1d:16:44:4f:43:83:b5:39:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:32 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:55:c4:5e:14:94:d9:e1:e7:d0:df:1f:23:c1:
                    c7:db:56:b0:cf:52:ff:40:86:19:00:4f:c9:1a:3f:
                    6e:d1:4e:f0:b4:9d:8d:85:db:88:8e:d0:9c:bc:6b:
                    11:d1:91:14:fe:0b:99:16:ac:e5:81:09:ba:d8:83:
                    58:71:46:e9:39:24:f5:30:eb:52:1d:55:fc:82:53:
                    04:6e:69:b6:8f:d1:12:8b:c7:24:33:b1:10:49:ac:
                    57:3a:47:89:2f:c4:93:6b:b9:46:e1:3e:00:cc:a6:
                    f3:77:fd:66:20:b3:a9:0b:66:4a:c1:7e:8d:91:7b:
                    f9:8b:a5:c2:68:db:50:6e:07:25:be:0b:fe:2f:27:
                    70:93:67:51:4d:63:b4:b1:18:86:cc:57:dd:17:99:
                    28:aa:01:3f:b8:6d:0d:6a:70:05:1f:51:fb:44:87:
                    dc:1c:37:e6:8c:be:aa:67:4f:89:8c:57:f2:41:3a:
                    95:9b:45:6e:6d:05:0c:bd:b9:cf:2c:43:55:75:c8:
                    80:36:65:02:3d:5d:0a:ef:e6:e6:67:6d:83:07:af:
                    0d:dd:a1:cd:d2:a3:97:70:ea:bf:be:4d:3f:24:39:
                    f7:41:01:7b:b4:9d:83:5e:3c:7a:32:4b:7b:12:2e:
                    26:c2:f1:8c:16:a4:89:b2:fc:e0:6a:03:ae:76:42:
                    e0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:B7:6D:39:5B:6F:F8:23:9B:3A:83:26:71:DE:A0:FF:C8:1A:62:BC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/80a87408-515b-45b1-aa62-7e6516358bb6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:10c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         af:0b:90:56:13:7e:98:e8:12:a3:ff:40:c3:7b:40:3d:aa:4b:
         30:80:cc:60:95:c5:ee:8f:11:a3:5f:8d:0d:95:8e:0a:8a:90:
         fd:5a:a7:58:c0:ca:f0:46:6d:bf:54:e4:b3:e8:49:29:00:ee:
         7c:96:71:e6:29:0e:fa:8d:e7:84:28:f4:74:f9:94:73:24:9e:
         cd:1f:c1:ee:60:28:79:2f:7a:96:68:7f:5b:4c:37:46:5d:a7:
         62:75:4d:2c:15:bf:ad:ac:ae:9e:8b:e6:04:58:44:fa:24:a2:
         34:97:09:ce:bf:9b:3c:b9:48:f9:34:29:4e:34:60:e8:10:e5:
         ff:d8:27:a7:de:9e:e8:4a:db:8d:b2:07:09:0c:3c:70:78:ac:
         bd:b2:87:69:a4:b2:a0:1d:97:94:b2:04:3f:e4:3f:7a:a3:3b:
         40:13:38:e0:6d:52:10:69:94:a0:bd:5a:9d:e7:6a:3f:7f:a7:
         03:84:35:93:b1:86:12:c1:1d:fb:ce:56:c0:58:ba:ff:c5:68:
         ed:80:91:71:fc:e6:f7:12:8d:07:32:12:85:bd:7c:17:8e:b3:
         3c:51:8c:ad:fc:2c:58:fa:88:98:d3:b7:39:45:43:ec:29:da:
         84:4d:29:54:a6:d2:16:68:a2:ab:f6:02:81:f1:2d:1d:23:fe:
         51:b3:67:51
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUW4UfBsqOzoWkhxIdFkRPQ4O1OYswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxMzJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJiNjVkZTdiMjcyMDI2ODBjMzhmZjc5YmU3N2NkNTcxM2YzZDI1MDI3N2Jh
NTk3OGVhOTI0YjczY2NiM2RiMzgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpVxF4UlNnh59DfHyPBx9tWsM9S/0CGGQBPyRo/btFO8LSdjYXbiI7QnLxr
EdGRFP4LmRas5YEJutiDWHFG6Tkk9TDrUh1V/IJTBG5pto/REovHJDOxEEmsVzpH
iS/Ek2u5RuE+AMym83f9ZiCzqQtmSsF+jZF7+YulwmjbUG4HJb4L/i8ncJNnUU1j
tLEYhsxX3ReZKKoBP7htDWpwBR9R+0SH3Bw35oy+qmdPiYxX8kE6lZtFbm0FDL25
zyxDVXXIgDZlAj1dCu/m5mdtgwevDd2hzdKjl3Dqv75NPyQ590EBe7Sdg148ejJL
exIuJsLxjBakibL84GoDrnZC4FsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTrt205
W2/4I5s6gyZx3qD/yBpivDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODBhODc0MDgtNTE1Yi00NWIxLWFhNjItN2U2NTE2MzU4YmI2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HsQ
wDANBgkqhkiG9w0BAQsFAAOCAQEArwuQVhN+mOgSo/9Aw3tAPapLMIDMYJXF7o8R
o1+NDZWOCoqQ/VqnWMDK8EZtv1Tks+hJKQDufJZx5ikO+o3nhCj0dPmUcySezR/B
7mAoeS96lmh/W0w3Rl2nYnVNLBW/rayunovmBFhE+iSiNJcJzr+bPLlI+TQpTjRg
6BDl/9gnp96e6ErbjbIHCQw8cHisvbKHaaSyoB2XlLIEP+Q/eqM7QBM44G1SEGmU
oL1anedqP3+nA4Q1k7GGEsEd+85WwFi6/8Vo7YCRcfzm9xKNBzIShb18F46zPFGM
rfwsWPqImNO3OUVD7CnahE0pVKbSFmiiq/YCgfEtHSP+UbNnUQ==
-----END CERTIFICATE-----