Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a2c4c28c-0df9-40d4-bf4d-926104b691f4.roa
File:                     a2c4c28c-0df9-40d4-bf4d-926104b691f4.roa (raw, json)
Hash identifier:          a5Th0K5p81Y5cEAaD6nupTtFJAh6ivxHjJWDLETwlYo=
Subject key identifier:   4D:50:FE:1F:A1:52:9E:AB:51:CC:6C:AD:4A:97:34:F6:66:7B:E2:62
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3E48FB13A3EB91F0A4DD4E7FF8A61683853EA5F2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a2c4c28c-0df9-40d4-bf4d-926104b691f4.roa
Signing time:             Mon 31 Mar 2025 20:40:47 +0000
ROA not before:           Mon 31 Mar 2025 20:40:47 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d03a:4000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:48:fb:13:a3:eb:91:f0:a4:dd:4e:7f:f8:a6:16:83:85:3e:a5:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:40:47 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:23:2b:f6:78:be:79:93:08:0f:d4:93:da:e2:
                    de:bf:d7:59:d5:e0:f1:a9:21:34:0f:6d:f3:83:2f:
                    c2:44:32:83:8b:9f:fc:f0:f0:cc:e2:23:e2:30:ad:
                    c1:55:c1:5b:a5:a1:f7:94:dc:47:a5:e7:02:01:f0:
                    ab:99:9f:02:2a:64:7d:14:cd:f7:57:89:7f:e7:53:
                    d4:df:ff:d0:40:06:1e:0f:d0:41:fd:f5:e9:1d:99:
                    e9:e7:f4:b2:13:1c:f4:81:ce:6f:53:1a:d3:79:6b:
                    3a:64:8f:a5:e2:d2:cc:80:a8:04:e7:ff:ab:cc:b8:
                    6b:d3:6b:23:97:d3:df:46:53:d2:53:ab:49:8b:d8:
                    32:92:01:6b:93:f2:9b:4b:4f:36:37:af:71:64:ea:
                    b0:a6:d2:4c:d4:2b:02:0d:90:b1:a3:4a:a3:8f:91:
                    cf:fb:f9:f1:da:f7:18:04:95:08:97:b6:90:b8:5d:
                    06:1b:44:78:aa:39:f2:39:de:3e:4f:e8:f8:c9:7e:
                    55:a1:e6:c2:f1:6c:8e:10:56:bb:b8:4e:db:16:68:
                    f7:c7:df:16:89:aa:ce:36:dc:05:17:40:1f:b7:b8:
                    e6:30:51:69:f3:b6:63:08:10:73:a3:a1:7e:a2:7c:
                    b5:8c:f1:d9:2a:02:8d:4f:54:27:41:b4:d1:6e:48:
                    20:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:50:FE:1F:A1:52:9E:AB:51:CC:6C:AD:4A:97:34:F6:66:7B:E2:62
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a2c4c28c-0df9-40d4-bf4d-926104b691f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d03a:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c6:76:8c:e2:e7:94:1a:7d:a9:f9:ad:81:99:f0:eb:d3:ba:d2:
         f3:86:7b:9f:6d:77:3a:d5:a1:b4:cb:7f:64:56:7a:1b:97:1a:
         b5:80:26:e3:84:30:55:a7:34:59:fb:12:4a:8a:9b:13:68:d2:
         08:c0:63:65:39:27:03:d3:d7:ac:89:85:19:1a:97:60:4d:27:
         e7:fc:5b:db:16:d2:7c:24:0f:b7:f1:cb:c3:b2:9d:d4:e5:65:
         f6:bb:84:a2:e9:b8:b1:fb:e2:ed:72:70:ff:c7:5b:1e:41:a3:
         84:c3:70:47:a2:8d:1e:a7:ef:98:b3:68:24:76:62:08:c0:82:
         8a:5b:2e:f5:01:e0:51:34:ea:6a:f9:bd:f3:f4:45:ea:9c:fe:
         f7:f5:ba:ab:94:34:e2:96:7f:d6:29:b1:6c:f9:58:6a:7b:c4:
         ea:66:fb:7b:d6:82:e3:c9:c9:79:1b:4b:2f:03:33:e3:38:4f:
         82:0c:eb:74:0d:6f:9a:15:d3:db:a1:6e:f3:90:e7:b9:60:44:
         49:64:09:e3:b4:10:db:8c:fd:bf:b3:95:ca:4a:88:c9:49:6c:
         4e:f4:09:2a:81:a9:06:45:cd:27:c8:0a:ba:52:06:4c:d9:d1:
         ca:31:d6:a3:d0:fe:d0:dd:a2:4f:30:22:44:1a:ff:fd:d0:ba:
         b7:cc:9a:69
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPkj7E6PrkfCk3U5/+KYWg4U+pfIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDQwNDdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY3YzFkMGNkMTRiNzg2YjA2Njc4YWE1MDNhMmI1ZTVlMDIzOTMxNWIwNWJj
YjE0YjhkN2VkZjMxN2E5YjQ0ZDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJwjK/Z4vnmTCA/Uk9ri3r/XWdXg8akhNA9t84MvwkQyg4uf/PDwzOIj4jCt
wVXBW6Wh95TcR6XnAgHwq5mfAipkfRTN91eJf+dT1N//0EAGHg/QQf316R2Z6ef0
shMc9IHOb1Ma03lrOmSPpeLSzICoBOf/q8y4a9NrI5fT30ZT0lOrSYvYMpIBa5Py
m0tPNjevcWTqsKbSTNQrAg2QsaNKo4+Rz/v58dr3GASVCJe2kLhdBhtEeKo58jne
Pk/o+Ml+VaHmwvFsjhBWu7hO2xZo98ffFomqzjbcBRdAH7e45jBRafO2YwgQc6Oh
fqJ8tYzx2SoCjU9UJ0G00W5IIDMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRNUP4f
oVKeq1HMbK1KlzT2ZnviYjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTJjNGMyOGMtMGRmOS00MGQ0LWJmNGQtOTI2MTA0YjY5MWY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DpA
MA0GCSqGSIb3DQEBCwUAA4IBAQDGdozi55Qafan5rYGZ8OvTutLzhnufbXc61aG0
y39kVnoblxq1gCbjhDBVpzRZ+xJKipsTaNIIwGNlOScD09esiYUZGpdgTSfn/Fvb
FtJ8JA+38cvDsp3U5WX2u4Si6bix++LtcnD/x1seQaOEw3BHoo0ep++Ys2gkdmII
wIKKWy71AeBRNOpq+b3z9EXqnP739bqrlDTiln/WKbFs+Vhqe8TqZvt71oLjycl5
G0svAzPjOE+CDOt0DW+aFdPboW7zkOe5YERJZAnjtBDbjP2/s5XKSojJSWxO9Akq
gakGRc0nyAq6UgZM2dHKMdaj0P7Q3aJPMCJEGv/90Lq3zJpp
-----END CERTIFICATE-----