Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
File:                     8b940c44-168e-4976-b17d-778e9341611b.roa (raw, json)
Hash identifier:          7MDhzjdkV8DtTZixL6JT1FYdr5pfM+vEnLZDCpUtG2E=
Subject key identifier:   15:90:B6:01:A2:1E:9D:87:05:BE:49:83:CD:EF:51:3A:68:33:6C:A2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       381B952457D18CBB2C7B7406AE7AC073E3E7F59A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
Signing time:             Mon 31 Mar 2025 20:01:23 +0000
ROA not before:           Mon 31 Mar 2025 20:01:23 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:1080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:1b:95:24:57:d1:8c:bb:2c:7b:74:06:ae:7a:c0:73:e3:e7:f5:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:01:23 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9c:2a:0e:64:fe:10:5a:32:7f:cd:f0:fc:cc:
                    86:40:05:dc:7f:cc:4b:1d:05:20:0c:ee:0f:f4:fa:
                    6f:44:9e:86:4a:9f:36:45:7f:37:96:5b:4c:f1:69:
                    86:e1:96:f4:36:12:4b:0c:a6:0f:55:32:4e:38:26:
                    b2:14:46:05:cc:a0:6e:b7:d1:30:9b:95:f7:8d:4d:
                    4e:23:72:3a:e1:40:9c:ac:c8:84:1f:de:29:06:95:
                    30:66:cf:38:d8:06:c9:9d:8a:ef:bb:51:35:37:82:
                    98:e8:8a:99:3d:ef:fa:82:d0:ac:e9:a6:e0:f2:fd:
                    05:e0:9c:cf:8d:eb:b7:2c:c9:2e:88:84:bd:cd:9d:
                    0a:ab:23:5d:a9:ae:09:1b:90:81:44:04:26:ae:5c:
                    df:88:aa:91:58:8f:4a:a8:45:ff:38:46:0d:db:02:
                    ed:59:80:aa:7e:0d:06:76:55:fb:77:05:a9:32:ca:
                    c6:8c:b9:9d:a9:08:d7:1e:e3:4b:8b:0f:db:00:2b:
                    8e:c8:0d:ee:f3:9f:fa:c3:2d:91:ea:f0:07:5d:03:
                    2b:12:cc:c9:24:eb:91:d5:0a:49:b0:01:cb:d2:23:
                    d4:f1:84:d6:e2:94:90:7a:84:1f:0a:ba:c1:92:2c:
                    7a:0a:4b:28:ac:b1:be:16:42:06:1d:23:81:4b:ea:
                    f4:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:90:B6:01:A2:1E:9D:87:05:BE:49:83:CD:EF:51:3A:68:33:6C:A2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:1080::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:b3:02:b5:d1:b2:b0:f1:1a:a3:0c:fe:44:44:66:ed:44:bf:
         09:e4:cb:2e:c1:cd:68:08:f0:a1:10:ed:d4:b3:96:d4:17:e0:
         47:9e:5d:b0:f1:e8:e0:ca:c3:8d:71:5d:8d:18:24:91:b6:08:
         99:aa:cd:25:99:89:57:96:47:e1:e4:02:97:9d:48:0d:9d:43:
         15:a3:13:5d:4b:67:1d:5e:49:c4:c1:dc:4d:d4:0a:16:9d:43:
         5a:f0:49:e5:86:ce:dd:db:68:3f:8c:72:2d:55:5d:55:54:3d:
         95:86:f5:b9:a3:d1:fa:a9:d8:80:6d:1b:cb:5f:d4:da:00:2c:
         6a:7d:b0:11:1b:53:3d:b1:d4:22:96:57:3c:50:2d:44:01:12:
         da:27:53:35:5e:f3:8e:88:61:97:c0:63:8c:d3:0f:b2:0c:d5:
         db:22:cd:b8:47:5e:12:5d:6f:56:bb:55:2c:b3:f4:78:84:f6:
         ca:1f:87:f8:4a:2c:a7:b4:b1:1d:97:c3:64:55:e8:ac:ff:80:
         2c:52:ad:1e:59:19:36:93:7d:3c:ba:4c:88:6e:3c:1f:9d:50:
         d8:1e:d3:41:71:c3:d0:5a:57:e4:f2:d3:7e:d0:cd:a7:e5:37:
         a0:ec:7d:ce:ca:87:d7:eb:92:e3:c8:ab:43:4e:56:12:4b:b1:
         e8:14:98:08
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUOBuVJFfRjLsse3QGrnrAc+Pn9ZowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDAxMjNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhmZWQzMTQ0OTdmOWE1YWRkM2U3OTBmMWYwZGNiODMzM2VlNDA0ZTgyM2Nm
NzRiNWFjNDBkZmU5YTY1MTExZWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK6cKg5k/hBaMn/N8PzMhkAF3H/MSx0FIAzuD/T6b0SehkqfNkV/N5ZbTPFp
huGW9DYSSwymD1UyTjgmshRGBcygbrfRMJuV941NTiNyOuFAnKzIhB/eKQaVMGbP
ONgGyZ2K77tRNTeCmOiKmT3v+oLQrOmm4PL9BeCcz43rtyzJLoiEvc2dCqsjXamu
CRuQgUQEJq5c34iqkViPSqhF/zhGDdsC7VmAqn4NBnZV+3cFqTLKxoy5nakI1x7j
S4sP2wArjsgN7vOf+sMtkerwB10DKxLMySTrkdUKSbABy9Ij1PGE1uKUkHqEHwq6
wZIsegpLKKyxvhZCBh0jgUvq9H8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQVkLYB
oh6dhwW+SYPN71E6aDNsojAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGI5NDBjNDQtMTY4ZS00OTc2LWIxN2QtNzc4ZTkzNDE2MTFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAsrMCtdGysPEaowz+RERm7US/CeTLLsHNaAjw
oRDt1LOW1BfgR55dsPHo4MrDjXFdjRgkkbYImarNJZmJV5ZH4eQCl51IDZ1DFaMT
XUtnHV5JxMHcTdQKFp1DWvBJ5YbO3dtoP4xyLVVdVVQ9lYb1uaPR+qnYgG0by1/U
2gAsan2wERtTPbHUIpZXPFAtRAES2idTNV7zjohhl8BjjNMPsgzV2yLNuEdeEl1v
VrtVLLP0eIT2yh+H+Eosp7SxHZfDZFXorP+ALFKtHlkZNpN9PLpMiG48H51Q2B7T
QXHD0FpX5PLTftDNp+U3oOx9zsqH1+uS48irQ05WEkux6BSYCA==
-----END CERTIFICATE-----