Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/81574dff-feff-4992-98e4-f8b95431a28d.roa
File:                     81574dff-feff-4992-98e4-f8b95431a28d.roa (raw, json)
Hash identifier:          CZ3Ms6RHTHamF3fhK1i6F18PBgmsSVY5w7ar4zjNxb4=
Subject key identifier:   07:A2:1B:DD:55:4D:65:1F:DC:54:62:EB:A4:D3:D6:B0:3C:9E:BF:DD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       34A15A9A06E318DB50FD9A1F4FDC7476D6FE4E33
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/81574dff-feff-4992-98e4-f8b95431a28d.roa
Signing time:             Mon 31 Mar 2025 20:21:44 +0000
ROA not before:           Mon 31 Mar 2025 20:21:44 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:9040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:a1:5a:9a:06:e3:18:db:50:fd:9a:1f:4f:dc:74:76:d6:fe:4e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:44 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4b:fa:54:b2:57:60:cb:8d:ee:ff:b9:e6:55:
                    68:be:3d:30:af:62:e4:c1:0f:3e:1c:a2:9e:65:29:
                    7b:2d:96:c8:8b:ec:5f:d0:ae:d4:00:10:f1:2f:89:
                    6b:c7:84:9a:56:ee:ec:7b:8c:de:29:b4:b7:61:6c:
                    ff:89:70:92:98:71:d4:e4:4f:7f:96:d0:aa:d6:05:
                    c6:fe:72:32:78:52:19:b4:d9:ca:b5:53:ca:d0:b9:
                    a0:26:e6:b0:d1:6d:9c:4c:f7:ca:28:99:42:1c:98:
                    63:57:90:a4:fc:fc:23:d5:b1:db:77:71:c6:42:28:
                    a7:a7:13:25:38:6b:52:28:57:8a:9f:35:48:1d:3a:
                    11:5e:38:1b:3e:03:0d:70:a2:fb:2f:d9:cf:0f:0c:
                    b7:f2:72:e4:61:81:e1:d0:97:50:7d:c5:0d:b5:33:
                    a7:55:b3:45:84:60:ce:0c:21:37:e7:0d:99:ba:93:
                    53:cd:64:88:1e:ae:ef:94:2b:90:40:9c:9a:c7:04:
                    c1:e4:28:36:e0:9e:14:bb:5a:86:59:49:87:0f:a8:
                    ed:52:94:44:56:f7:48:88:09:4c:f1:b1:e0:2a:65:
                    c3:68:64:60:ab:49:7e:b2:9d:15:d1:0d:55:92:90:
                    21:61:9d:03:36:d4:43:a2:5e:c0:3f:4a:ba:70:bc:
                    13:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A2:1B:DD:55:4D:65:1F:DC:54:62:EB:A4:D3:D6:B0:3C:9E:BF:DD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/81574dff-feff-4992-98e4-f8b95431a28d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:9040::/46

    Signature Algorithm: sha256WithRSAEncryption
         84:bd:9c:40:fe:23:66:8e:a6:57:06:9f:b9:50:c3:f5:d7:45:
         5a:0c:9a:7e:9c:1d:59:89:a6:d3:dd:99:33:14:0e:eb:e3:24:
         de:ab:66:c2:a2:21:be:65:c8:1f:6f:04:02:16:98:45:33:8e:
         99:3d:98:24:2f:46:9c:4c:89:94:7b:12:d9:5a:8e:2f:ab:78:
         6e:f6:0e:50:70:75:2f:a6:42:a5:d1:af:df:a9:e6:be:a8:b5:
         61:99:52:9a:8c:89:0d:c9:78:05:03:3e:96:31:ca:c4:1d:e2:
         22:09:65:ce:76:37:27:b4:f3:90:71:a4:aa:e8:30:68:0a:9b:
         2f:88:b9:a6:1d:d7:bf:1b:4f:ea:c1:71:39:c7:65:45:93:0c:
         cc:dd:72:a4:80:44:ff:f3:9d:9f:ea:c9:20:11:3c:8a:f4:b5:
         2b:0b:bc:4c:5e:bd:80:21:6a:e2:39:b9:4b:5f:4d:7e:44:54:
         88:99:80:6d:6a:e2:94:ea:25:c3:1a:4b:4b:49:a5:48:0e:42:
         65:eb:d0:88:09:c1:a1:2a:46:ce:0a:a8:12:84:5d:ae:7e:d1:
         1f:a7:d3:43:ab:21:91:27:8c:0f:69:47:9e:9d:72:1e:c2:76:
         3a:5c:fb:12:a9:d0:6a:9f:f1:a2:a5:25:15:ac:67:f5:de:74:
         4a:a0:f3:c5
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNKFamgbjGNtQ/ZofT9x0dtb+TjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxNDRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVmZTZhNDNiODQxZmJjMjE3NmMzNTZhYmE0NDhmYjUzOTI0Mjg3MzVkYThh
MDRhMWUyZmZjYzg3ODk5ZGM5MGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALtL+lSyV2DLje7/ueZVaL49MK9i5MEPPhyinmUpey2WyIvsX9Cu1AAQ8S+J
a8eEmlbu7HuM3im0t2Fs/4lwkphx1ORPf5bQqtYFxv5yMnhSGbTZyrVTytC5oCbm
sNFtnEz3yiiZQhyYY1eQpPz8I9Wx23dxxkIop6cTJThrUihXip81SB06EV44Gz4D
DXCi+y/Zzw8Mt/Jy5GGB4dCXUH3FDbUzp1WzRYRgzgwhN+cNmbqTU81kiB6u75Qr
kECcmscEweQoNuCeFLtahllJhw+o7VKURFb3SIgJTPGx4Cplw2hkYKtJfrKdFdEN
VZKQIWGdAzbUQ6JewD9KunC8E3ECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQHohvd
VU1lH9xUYuuk09awPJ6/3TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODE1NzRkZmYtZmVmZi00OTkyLTk4ZTQtZjhiOTU0MzFhMjhkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HeQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAhL2cQP4jZo6mVwafuVDD9ddFWgyafpwdWYmm
092ZMxQO6+Mk3qtmwqIhvmXIH28EAhaYRTOOmT2YJC9GnEyJlHsS2VqOL6t4bvYO
UHB1L6ZCpdGv36nmvqi1YZlSmoyJDcl4BQM+ljHKxB3iIgllznY3J7TzkHGkqugw
aAqbL4i5ph3XvxtP6sFxOcdlRZMMzN1ypIBE//Odn+rJIBE8ivS1Kwu8TF69gCFq
4jm5S19NfkRUiJmAbWrilOolwxpLS0mlSA5CZevQiAnBoSpGzgqoEoRdrn7RH6fT
Q6shkSeMD2lHnp1yHsJ2Olz7EqnQap/xoqUlFaxn9d50SqDzxQ==
-----END CERTIFICATE-----