Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/94b73df2-00f3-4adc-a2a1-c8b41e531cf2.roa
File:                     94b73df2-00f3-4adc-a2a1-c8b41e531cf2.roa (raw, json)
Hash identifier:          yZHcmlwtp55QpHxJ3u4Q5dgogoJSmVr1gmYSqo0BUeM=
Subject key identifier:   1E:79:47:06:1A:CB:3F:9B:F0:C4:77:66:15:DC:89:7F:73:D4:27:FA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       03A80A733C5105FCFFC9C7BB2DE478056171CE1C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/94b73df2-00f3-4adc-a2a1-c8b41e531cf2.roa
Signing time:             Mon 31 Mar 2025 20:10:41 +0000
ROA not before:           Mon 31 Mar 2025 20:10:41 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:a080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:a8:0a:73:3c:51:05:fc:ff:c9:c7:bb:2d:e4:78:05:61:71:ce:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:10:41 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:48:0a:e4:c0:fe:bc:3c:99:4b:92:09:32:e3:
                    b3:ee:ec:1f:c5:47:ae:ab:cf:1b:61:ae:ec:19:07:
                    91:a0:f0:6a:14:af:d5:aa:e8:0c:4d:26:8e:a7:8d:
                    43:cf:a3:48:1b:db:09:e3:b3:58:e2:29:9d:b1:b0:
                    ab:13:35:da:55:80:cd:ef:5a:6a:88:4c:87:41:96:
                    0e:d3:67:67:06:29:61:10:1a:8c:0e:09:ad:0c:fb:
                    96:82:08:c5:e7:09:b5:7a:73:a4:d9:92:45:33:a1:
                    8c:f6:4a:c4:84:73:f3:72:2e:19:ba:57:e1:1d:14:
                    85:7f:ee:96:cb:23:8f:58:04:b0:0d:b2:38:6d:bf:
                    20:2c:7c:41:b4:19:8e:42:e9:4a:6e:d6:97:d4:58:
                    91:92:96:ab:a7:6d:1b:79:66:21:f2:49:41:02:24:
                    3d:64:2b:b2:d2:e6:c8:58:98:c3:ed:4e:9f:7f:7b:
                    76:57:29:d2:d8:01:ca:5a:39:bf:e9:7b:d7:01:90:
                    4e:ab:9d:cd:ec:95:72:32:9f:d7:c8:77:2d:bc:5b:
                    33:d2:75:00:1d:2f:c5:d2:60:77:e0:59:bf:de:ca:
                    7a:91:d0:a8:6e:43:33:b3:7d:a6:6d:37:fd:79:9d:
                    93:af:89:02:96:a2:e5:34:40:c4:d6:aa:81:8a:f9:
                    4c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:79:47:06:1A:CB:3F:9B:F0:C4:77:66:15:DC:89:7F:73:D4:27:FA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/94b73df2-00f3-4adc-a2a1-c8b41e531cf2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:a080::/46

    Signature Algorithm: sha256WithRSAEncryption
         bc:af:40:76:a5:04:c1:70:22:68:2c:da:30:76:3a:ac:84:f4:
         99:38:59:da:53:9c:7b:9e:aa:2e:7d:8f:e0:ba:e3:1f:4e:f0:
         f3:52:6a:5c:ab:95:40:10:42:98:b1:61:fc:22:00:37:9b:09:
         ce:ce:ea:e3:cc:2a:62:5a:49:68:16:4a:f6:94:47:9f:a8:bc:
         cc:18:ac:39:13:7e:a2:3c:a4:8f:a2:fe:93:2e:71:92:4a:21:
         8d:6c:7f:b5:fc:91:e2:8d:60:13:43:9c:ec:27:aa:05:0e:6b:
         8b:97:84:d4:e2:c0:57:de:ce:0c:9c:32:99:4a:51:3e:1a:35:
         12:68:57:f7:04:f7:3b:ca:3d:72:98:02:d5:de:bc:c3:63:d7:
         8d:7c:5b:b5:a5:f8:03:12:6e:e6:44:b8:5d:19:46:04:73:74:
         7e:c2:67:c5:bc:6c:c1:4a:4e:dd:7d:91:bf:55:c3:c1:a7:73:
         59:64:36:00:a4:76:f6:07:f0:5d:2b:c7:3e:62:7e:14:ec:f8:
         8a:c2:2a:c3:85:c2:d3:18:fc:f1:08:c2:1a:dc:fb:78:47:a6:
         9c:aa:c5:54:0f:e7:ca:09:2e:79:23:dc:78:e4:a9:6c:e5:c9:
         62:ef:e2:20:c1:dc:2c:f6:dc:35:e8:b8:b8:45:14:20:3a:4f:
         54:04:15:2e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUA6gKczxRBfz/yce7LeR4BWFxzhwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDEwNDFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGI2MDRiMmJiOWYxZDcyMTlmOTdhNzRlOGU0OTc0YTg0MTVkMzg4N2ZiZTI4
OWEzZjBmMWZkZDhiMjgxY2NhNTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANhICuTA/rw8mUuSCTLjs+7sH8VHrqvPG2Gu7BkHkaDwahSv1aroDE0mjqeN
Q8+jSBvbCeOzWOIpnbGwqxM12lWAze9aaohMh0GWDtNnZwYpYRAajA4JrQz7loII
xecJtXpzpNmSRTOhjPZKxIRz83IuGbpX4R0UhX/ulssjj1gEsA2yOG2/ICx8QbQZ
jkLpSm7Wl9RYkZKWq6dtG3lmIfJJQQIkPWQrstLmyFiYw+1On397dlcp0tgBylo5
v+l71wGQTqudzeyVcjKf18h3LbxbM9J1AB0vxdJgd+BZv97KepHQqG5DM7N9pm03
/Xmdk6+JApai5TRAxNaqgYr5TJECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQeeUcG
Gss/m/DEd2YV3Il/c9Qn+jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTRiNzNkZjItMDBmMy00YWRjLWEyYTEtYzhiNDFlNTMxY2YyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DWg
gDANBgkqhkiG9w0BAQsFAAOCAQEAvK9AdqUEwXAiaCzaMHY6rIT0mThZ2lOce56q
Ln2P4LrjH07w81JqXKuVQBBCmLFh/CIAN5sJzs7q48wqYlpJaBZK9pRHn6i8zBis
ORN+ojykj6L+ky5xkkohjWx/tfyR4o1gE0Oc7CeqBQ5ri5eE1OLAV97ODJwymUpR
Pho1EmhX9wT3O8o9cpgC1d68w2PXjXxbtaX4AxJu5kS4XRlGBHN0fsJnxbxswUpO
3X2Rv1XDwadzWWQ2AKR29gfwXSvHPmJ+FOz4isIqw4XC0xj88QjCGtz7eEemnKrF
VA/nygkueSPceOSpbOXJYu/iIMHcLPbcNei4uEUUIDpPVAQVLg==
-----END CERTIFICATE-----