Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab232b86-9bd6-409c-8de5-92bfff2a8b5a.roa
File:                     ab232b86-9bd6-409c-8de5-92bfff2a8b5a.roa (raw, json)
Hash identifier:          wbvGD+ZyAY8bX9B4CE3zupm7DIZhu1S70dHab/GUdZ8=
Subject key identifier:   55:1C:7B:8E:24:05:F7:6D:4B:A6:F9:01:25:61:EB:99:4F:1A:3C:D9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       470F5AE7012869A808DAB20B1EC61991D7488EC7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab232b86-9bd6-409c-8de5-92bfff2a8b5a.roa
Signing time:             Mon 31 Mar 2025 19:40:39 +0000
ROA not before:           Mon 31 Mar 2025 19:40:39 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:e0c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:0f:5a:e7:01:28:69:a8:08:da:b2:0b:1e:c6:19:91:d7:48:8e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:40:39 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f5:35:b4:c9:7c:de:47:19:17:c5:23:80:7f:
                    db:af:39:6c:68:b2:d1:11:7a:90:b2:80:3c:9f:e4:
                    66:58:6b:be:79:24:ce:cf:fb:07:a2:88:26:6e:b2:
                    96:16:44:2a:63:80:b5:f6:2f:e4:0a:1a:e4:02:4d:
                    35:0e:81:1e:fe:d3:ce:b7:d4:06:b3:20:86:e9:6d:
                    77:8d:4b:34:cf:9a:e6:66:64:e0:f6:2c:e0:9f:a6:
                    a4:b6:ec:4c:11:b7:82:92:ad:8d:90:d8:b9:26:32:
                    03:74:2d:45:4d:58:cd:8c:c3:a4:05:02:aa:e6:36:
                    89:58:cc:0e:93:de:73:9b:3d:d9:8a:46:9e:2f:05:
                    a9:60:9f:b4:6b:64:1d:9f:29:07:15:11:1d:33:f0:
                    a2:cc:5f:0b:73:28:81:2d:e0:08:14:3b:16:53:1f:
                    86:d8:f1:1d:b3:2d:9e:d3:68:0c:9d:6d:a8:b0:5d:
                    ec:c6:80:59:0e:61:f0:e0:a4:3a:de:4d:04:e6:dd:
                    88:b0:93:8f:f2:ec:63:a6:6c:2a:6a:7b:02:27:4d:
                    a9:27:1e:e4:42:9e:37:e4:80:0f:be:71:71:16:dd:
                    92:d8:3c:8c:ea:58:73:ae:9d:fd:33:ca:4e:df:f5:
                    0c:82:b1:df:5a:1b:4c:8f:4e:8f:fa:e1:f1:7c:4a:
                    fc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:1C:7B:8E:24:05:F7:6D:4B:A6:F9:01:25:61:EB:99:4F:1A:3C:D9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab232b86-9bd6-409c-8de5-92bfff2a8b5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:e0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:9e:9b:9d:3c:42:d7:17:87:36:f0:6f:1b:67:d4:be:96:d0:
         e7:d2:ae:84:9d:22:30:aa:2a:68:26:a3:cf:2a:d8:4a:20:94:
         af:03:1e:ab:91:cd:aa:1c:8c:d7:c1:a7:cc:c4:90:fc:92:12:
         77:b6:dc:fa:cb:42:ea:4a:05:dd:b5:77:7b:ec:6e:aa:79:93:
         ab:46:87:9f:39:a1:88:1a:8f:65:dd:58:b9:b0:f6:98:79:df:
         14:c4:bf:6a:e1:67:58:42:2f:c1:6e:5f:26:2c:bd:aa:f8:a8:
         dd:3e:1a:77:3e:8e:fd:2e:31:c8:65:45:69:6e:de:55:e5:61:
         af:71:20:24:4b:1e:57:ee:08:3a:58:20:d0:b5:05:1a:44:c7:
         72:63:e7:74:d0:74:e7:3c:6c:38:96:8e:8e:a7:a5:41:ad:5e:
         17:13:9b:fe:e7:38:52:2c:71:f0:4f:ed:fc:08:02:67:3d:4c:
         ae:93:35:c5:d0:cb:ed:a7:b8:3f:f4:63:c9:b8:6d:5f:05:17:
         40:5f:d2:22:57:cd:aa:24:a2:13:02:0e:b4:5b:4e:6b:f2:19:
         f4:6d:ce:1d:c2:a1:d5:27:1e:e7:63:d0:71:de:35:84:60:06:
         19:f4:f1:ee:de:1b:5d:57:96:2b:69:dd:c6:2c:83:74:af:2a:
         93:04:89:09
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURw9a5wEoaagI2rILHsYZkddIjscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTQwMzlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDU2MzZkYmUzNGU5MDIwNDAzY2ZkMTEwNGRkMmJlYzk2MjQ2YjUyYzMzNTAw
NTVmZjIzY2JkYmJhMTBjNWFkNWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ/1NbTJfN5HGRfFI4B/2685bGiy0RF6kLKAPJ/kZlhrvnkkzs/7B6KIJm6y
lhZEKmOAtfYv5Aoa5AJNNQ6BHv7TzrfUBrMghultd41LNM+a5mZk4PYs4J+mpLbs
TBG3gpKtjZDYuSYyA3QtRU1YzYzDpAUCquY2iVjMDpPec5s92YpGni8FqWCftGtk
HZ8pBxURHTPwosxfC3MogS3gCBQ7FlMfhtjxHbMtntNoDJ1tqLBd7MaAWQ5h8OCk
Ot5NBObdiLCTj/LsY6ZsKmp7AidNqSce5EKeN+SAD75xcRbdktg8jOpYc66d/TPK
Tt/1DIKx31obTI9Oj/rh8XxK/F0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRVHHuO
JAX3bUum+QElYeuZTxo82TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWIyMzJiODYtOWJkNi00MDljLThkZTUtOTJiZmZmMmE4YjVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H/g
wDANBgkqhkiG9w0BAQsFAAOCAQEAjJ6bnTxC1xeHNvBvG2fUvpbQ59KuhJ0iMKoq
aCajzyrYSiCUrwMeq5HNqhyM18GnzMSQ/JISd7bc+stC6koF3bV3e+xuqnmTq0aH
nzmhiBqPZd1YubD2mHnfFMS/auFnWEIvwW5fJiy9qvio3T4adz6O/S4xyGVFaW7e
VeVhr3EgJEseV+4IOlgg0LUFGkTHcmPndNB05zxsOJaOjqelQa1eFxOb/uc4Uixx
8E/t/AgCZz1MrpM1xdDL7ae4P/RjybhtXwUXQF/SIlfNqiSiEwIOtFtOa/IZ9G3O
HcKh1Sce52PQcd41hGAGGfTx7t4bXVeWK2ndxiyDdK8qkwSJCQ==
-----END CERTIFICATE-----