Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9902e563-fe64-4a01-9616-0424a53839fb.roa
File:                     9902e563-fe64-4a01-9616-0424a53839fb.roa (raw, json)
Hash identifier:          fk4/sU8c5BnNQgbRG82p2ObyxjYIw7keaCPnQEISiyM=
Subject key identifier:   24:D7:30:F5:CC:68:E6:E9:C2:5E:03:40:0F:05:66:D6:62:1F:C7:6B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1608A743082DC351523DE69C2B07B6F34F228514
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9902e563-fe64-4a01-9616-0424a53839fb.roa
Signing time:             Mon 31 Mar 2025 19:31:12 +0000
ROA not before:           Mon 31 Mar 2025 19:31:12 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:80c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:08:a7:43:08:2d:c3:51:52:3d:e6:9c:2b:07:b6:f3:4f:22:85:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:31:12 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bf:2f:cc:a9:33:ad:0c:20:60:a8:51:47:24:
                    a4:42:b3:15:3f:57:ce:c9:52:e4:e4:f1:8a:28:ed:
                    5c:a6:c3:59:2d:f3:3c:a5:f9:20:7d:93:e5:18:39:
                    f0:d9:72:06:b1:44:10:ee:ba:de:d3:b9:fe:a7:f2:
                    b4:2c:a6:7d:1d:87:ee:79:ed:90:b7:11:e2:27:66:
                    c0:9a:16:96:2c:48:7c:7b:71:2e:3b:09:ce:9e:db:
                    83:c8:f9:ce:ec:78:66:68:f7:80:18:29:a0:f8:08:
                    d1:0b:30:d9:d1:98:ff:4d:15:a3:26:7d:28:56:7d:
                    4e:08:2a:b8:7c:d2:e3:25:26:fa:d1:46:ad:05:24:
                    24:8d:4b:29:82:59:b8:49:2d:d0:05:c1:ae:8f:a8:
                    4f:b4:1e:70:b4:9e:11:15:92:9b:63:e8:49:1b:f9:
                    04:26:be:bc:ac:56:03:0c:23:8c:7c:54:b5:77:09:
                    7d:7c:7b:fe:dd:8a:94:0c:57:ac:6f:c8:2a:57:cb:
                    8e:b9:96:e8:96:88:4a:76:25:a3:63:d4:4b:95:b3:
                    63:f2:c8:22:ef:81:e3:e0:9c:92:85:26:9c:51:e5:
                    0d:bb:e8:32:75:9d:ec:82:c5:89:6a:d9:dc:14:f4:
                    94:76:e9:a3:0d:1c:0f:df:2b:7e:94:03:4e:66:91:
                    a5:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D7:30:F5:CC:68:E6:E9:C2:5E:03:40:0F:05:66:D6:62:1F:C7:6B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9902e563-fe64-4a01-9616-0424a53839fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:80c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:d4:93:f4:95:80:ee:a1:43:af:af:95:de:55:1f:1b:b5:db:
         45:8b:fe:92:cf:52:72:90:ca:ed:84:ae:28:2c:f7:30:59:3c:
         c9:6c:66:e8:17:8b:b0:00:9a:ea:37:f1:95:ab:e9:9c:ee:90:
         55:f2:16:dd:9d:fb:ad:6b:1c:49:d4:0c:ab:14:cb:21:54:75:
         a7:f4:41:c0:13:1f:4c:2d:4e:8a:76:fe:7e:6c:2d:3f:4b:4e:
         a8:63:4d:a4:30:0d:12:a1:c6:84:e4:14:3b:c1:0b:c5:7a:0c:
         7d:fe:a9:1d:6e:f5:c1:b6:cd:24:9f:b9:ec:92:ee:55:9b:7c:
         52:af:5c:7f:78:99:00:b2:35:48:5e:6d:0a:ca:1d:97:7b:09:
         3f:2b:34:23:f9:df:10:11:aa:85:78:10:f7:51:bc:5a:82:81:
         79:0d:06:f0:7f:67:0b:86:90:2c:7c:fd:18:02:54:0c:73:96:
         0b:83:13:ab:c2:9f:49:e5:d2:0a:ea:10:4a:64:42:e1:17:a0:
         46:e4:10:2a:13:e4:17:85:26:e6:a7:10:ce:f4:57:4a:dd:21:
         0b:80:8c:f1:bd:b1:ae:6a:84:10:71:c2:75:84:2e:cf:05:55:
         9d:77:4b:13:0b:8e:c7:91:6b:1f:93:df:5f:0a:e0:62:95:d4:
         19:f9:58:8b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFginQwgtw1FSPeacKwe2808ihRQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTMxMTJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc2NWNjYWEzNjljMzUzNDM1Nzc1NmQyODUzMWE3MzcyMDg4OWQ5NGMzM2Iw
ZDdhODI4YzdlNGNiYmI1OWQyMTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJq/L8ypM60MIGCoUUckpEKzFT9XzslS5OTxiijtXKbDWS3zPKX5IH2T5Rg5
8NlyBrFEEO663tO5/qfytCymfR2H7nntkLcR4idmwJoWlixIfHtxLjsJzp7bg8j5
zux4Zmj3gBgpoPgI0Qsw2dGY/00VoyZ9KFZ9TggquHzS4yUm+tFGrQUkJI1LKYJZ
uEkt0AXBro+oT7QecLSeERWSm2PoSRv5BCa+vKxWAwwjjHxUtXcJfXx7/t2KlAxX
rG/IKlfLjrmW6JaISnYlo2PUS5WzY/LIIu+B4+CckoUmnFHlDbvoMnWd7ILFiWrZ
3BT0lHbpow0cD98rfpQDTmaRpesCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQk1zD1
zGjm6cJeA0APBWbWYh/HazAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTkwMmU1NjMtZmU2NC00YTAxLTk2MTYtMDQyNGE1MzgzOWZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
wDANBgkqhkiG9w0BAQsFAAOCAQEAddST9JWA7qFDr6+V3lUfG7XbRYv+ks9ScpDK
7YSuKCz3MFk8yWxm6BeLsACa6jfxlavpnO6QVfIW3Z37rWscSdQMqxTLIVR1p/RB
wBMfTC1Oinb+fmwtP0tOqGNNpDANEqHGhOQUO8ELxXoMff6pHW71wbbNJJ+57JLu
VZt8Uq9cf3iZALI1SF5tCsodl3sJPys0I/nfEBGqhXgQ91G8WoKBeQ0G8H9nC4aQ
LHz9GAJUDHOWC4MTq8KfSeXSCuoQSmRC4RegRuQQKhPkF4Um5qcQzvRXSt0hC4CM
8b2xrmqEEHHCdYQuzwVVnXdLEwuOx5FrH5PfXwrgYpXUGflYiw==
-----END CERTIFICATE-----