Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a75e35f5-c55c-41e8-b026-54c892c68ea2.roa
File:                     a75e35f5-c55c-41e8-b026-54c892c68ea2.roa (raw, json)
Hash identifier:          SYv1JyIaGP3Y3sLTfxeyttnJuRhUwTVZEsguDY0hQL8=
Subject key identifier:   19:F7:F2:BC:EC:07:BE:50:0C:DB:DB:EA:FD:E4:BE:75:C1:D2:B7:B4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4D462EF1EA41403B5D813C675D31D4D24A769781
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a75e35f5-c55c-41e8-b026-54c892c68ea2.roa
Signing time:             Mon 31 Mar 2025 19:11:11 +0000
ROA not before:           Mon 31 Mar 2025 19:11:11 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:90c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:46:2e:f1:ea:41:40:3b:5d:81:3c:67:5d:31:d4:d2:4a:76:97:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:11:11 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e1:0f:62:32:ea:31:0c:91:49:28:16:c0:33:
                    6d:13:a4:14:64:4c:80:97:b7:8c:3e:3d:b2:74:de:
                    b5:b3:3d:e0:f0:30:2c:05:89:99:80:53:86:bf:a4:
                    5c:2c:3e:b1:48:a2:24:37:82:c1:24:8e:cc:dc:38:
                    e3:4f:49:80:0b:dd:ef:6c:75:03:21:be:a4:fa:b5:
                    b4:3e:13:06:c9:d0:c2:01:bd:c2:9c:06:8c:74:83:
                    67:2e:56:25:dc:1c:20:3a:e3:ca:64:19:bd:34:00:
                    d1:55:dd:18:c4:32:45:8c:77:97:35:ba:ac:53:9f:
                    5d:20:46:25:65:b0:db:d1:45:6a:c9:9d:3b:ff:11:
                    01:a9:09:08:28:c7:dd:b3:52:23:01:03:82:6c:dc:
                    a5:ba:53:ee:5e:3a:42:47:e8:46:2c:75:a7:58:ba:
                    40:12:c4:c9:f5:4b:bf:44:fa:54:bf:df:e9:e8:ab:
                    65:60:2b:04:0a:ca:86:d3:12:ab:9c:0f:62:d2:69:
                    c8:70:9d:aa:2b:8f:ce:36:25:a5:a9:85:03:6d:1b:
                    5d:5b:61:de:84:65:24:77:1e:b1:ac:20:54:24:d5:
                    27:62:22:66:cb:6e:3a:93:1d:76:19:94:36:94:70:
                    21:92:ad:8a:dc:54:19:f7:5d:f0:ba:f4:f4:16:a4:
                    6f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F7:F2:BC:EC:07:BE:50:0C:DB:DB:EA:FD:E4:BE:75:C1:D2:B7:B4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a75e35f5-c55c-41e8-b026-54c892c68ea2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:90c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:af:00:ca:54:0e:c0:69:63:93:2d:33:b2:7f:e8:fa:e7:9a:
         d9:3a:c3:28:00:ad:f2:e6:61:c4:3c:ba:f8:49:e2:77:77:40:
         4a:ab:f8:ce:75:b0:f7:f3:de:34:93:a1:55:1b:e3:52:0c:12:
         14:67:f7:e8:a1:1c:17:24:61:4c:00:35:55:2d:f9:45:84:b6:
         09:b3:e9:4a:80:20:5d:76:3b:5f:eb:c5:e4:53:ba:7c:85:f9:
         9c:a0:45:f6:c0:4b:5e:c4:4b:3d:ed:02:09:32:9e:ac:50:ab:
         2f:76:a1:a4:eb:72:43:9c:97:bd:2e:02:a6:88:90:ae:e4:28:
         5d:1d:77:cf:2b:86:08:9b:fd:f6:03:6d:cb:7c:50:dd:cd:6e:
         9b:03:25:41:8d:49:92:e2:b0:f2:c7:fc:3e:7e:fe:c2:ce:0a:
         18:18:41:30:3f:d3:3d:12:f8:4f:ae:ff:43:a3:1d:b1:10:2b:
         f5:88:8d:15:5b:98:b9:54:40:22:3c:b7:5d:c5:a5:b1:00:f8:
         69:42:2d:9c:3a:8c:58:4c:51:24:8d:d2:f3:97:a5:fc:e0:e2:
         b0:ac:96:74:f6:d8:b0:e4:63:44:9f:e3:f6:80:ea:39:fd:33:
         22:3d:cd:58:a4:d2:88:58:3c:91:50:e1:06:6c:a8:f9:2c:7a:
         87:ae:6c:1c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUTUYu8epBQDtdgTxnXTHU0kp2l4EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTExMTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDIxMzllNGZkNTE5NDNjNDVlNDMwNGFhYWViNGE5NGFiZjBlMTI0M2NhMzEy
MTVlZThkNDMxOTMzYzU3NjNhZjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIvhD2Iy6jEMkUkoFsAzbROkFGRMgJe3jD49snTetbM94PAwLAWJmYBThr+k
XCw+sUiiJDeCwSSOzNw4409JgAvd72x1AyG+pPq1tD4TBsnQwgG9wpwGjHSDZy5W
JdwcIDrjymQZvTQA0VXdGMQyRYx3lzW6rFOfXSBGJWWw29FFasmdO/8RAakJCCjH
3bNSIwEDgmzcpbpT7l46QkfoRix1p1i6QBLEyfVLv0T6VL/f6eirZWArBArKhtMS
q5wPYtJpyHCdqiuPzjYlpamFA20bXVth3oRlJHcesawgVCTVJ2IiZstuOpMddhmU
NpRwIZKtitxUGfdd8Lr09Bakb3kCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQZ9/K8
7Ae+UAzb2+r95L51wdK3tDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTc1ZTM1ZjUtYzU1Yy00MWU4LWIwMjYtNTRjODkyYzY4ZWEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAUq8AylQOwGljky0zsn/o+uea2TrDKACt8uZh
xDy6+Enid3dASqv4znWw9/PeNJOhVRvjUgwSFGf36KEcFyRhTAA1VS35RYS2CbPp
SoAgXXY7X+vF5FO6fIX5nKBF9sBLXsRLPe0CCTKerFCrL3ahpOtyQ5yXvS4CpoiQ
ruQoXR13zyuGCJv99gNty3xQ3c1umwMlQY1JkuKw8sf8Pn7+ws4KGBhBMD/TPRL4
T67/Q6MdsRAr9YiNFVuYuVRAIjy3XcWlsQD4aUItnDqMWExRJI3S85el/ODisKyW
dPbYsORjRJ/j9oDqOf0zIj3NWKTSiFg8kVDhBmyo+Sx6h65sHA==
-----END CERTIFICATE-----