Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab51a88f-7495-4754-985a-700885d2554a.roa
File:                     ab51a88f-7495-4754-985a-700885d2554a.roa (raw, json)
Hash identifier:          6T8cCpaNC3EZoDWSkWne+NcxwreJdmHeKTszp4pdR1o=
Subject key identifier:   12:6A:BC:CF:33:E3:5A:E3:A9:34:EB:2D:3F:52:AD:20:D3:78:14:E7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4AFFCAD9C196E2743743EF9B7F0DC3225F3F6875
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab51a88f-7495-4754-985a-700885d2554a.roa
Signing time:             Mon 31 Mar 2025 20:00:55 +0000
ROA not before:           Mon 31 Mar 2025 20:00:55 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:e040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:ff:ca:d9:c1:96:e2:74:37:43:ef:9b:7f:0d:c3:22:5f:3f:68:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:00:55 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:53:24:2e:c3:79:ce:bd:82:ef:59:bf:12:b9:
                    fa:04:2e:93:e4:3b:a5:35:00:17:53:f1:d8:b4:f7:
                    26:4f:b7:51:7f:80:f4:5c:9a:5c:ed:9e:6d:72:be:
                    7b:93:cc:2f:21:1c:a7:fe:8e:6b:da:99:42:a6:96:
                    b9:4b:87:76:07:1c:31:22:ad:cc:95:52:e0:04:de:
                    11:52:26:c4:d1:e8:22:14:b3:27:25:7d:9d:f4:5f:
                    51:5e:8c:4c:57:60:d7:bc:27:fa:36:c1:7d:da:e2:
                    17:79:4e:cc:19:dd:9c:f4:aa:f2:df:c0:67:8a:aa:
                    b2:1d:70:0f:4a:0f:2e:58:45:75:f0:b7:ab:fe:f6:
                    78:df:e5:1e:56:7b:81:b0:a5:9c:d0:56:cd:1e:a3:
                    34:9b:9c:41:fc:cc:fc:0e:f8:28:3a:f0:bd:35:69:
                    ad:81:8e:87:7b:da:14:69:90:65:b1:53:28:b2:5b:
                    bb:ff:1b:d5:b9:64:30:0f:fe:5c:7a:46:17:46:ff:
                    44:e2:dd:d1:8b:1a:7b:f2:93:1a:05:b7:bf:65:d4:
                    fc:7b:7a:ff:bd:a3:c7:1f:8c:89:ab:eb:dc:44:1b:
                    57:63:ca:51:76:5b:f2:65:ec:b0:e4:0a:d9:40:b1:
                    fe:24:b4:fc:bf:89:25:7d:63:f6:50:49:a9:7b:66:
                    d3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:6A:BC:CF:33:E3:5A:E3:A9:34:EB:2D:3F:52:AD:20:D3:78:14:E7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab51a88f-7495-4754-985a-700885d2554a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:e040::/46

    Signature Algorithm: sha256WithRSAEncryption
         b6:1f:54:a4:26:a5:6c:30:0f:29:45:74:67:b2:ae:f8:30:cb:
         fe:27:1b:0a:20:8a:27:f2:af:5c:b9:b5:bf:5f:69:5e:19:5f:
         74:d4:df:29:9a:b6:c0:9d:4b:9a:45:07:f1:a8:f4:34:56:c2:
         19:2c:6b:8b:10:3d:56:ad:16:93:ba:71:16:10:b7:4d:48:35:
         0c:bc:5f:1a:93:96:51:1e:95:aa:8e:df:46:75:fc:32:f4:83:
         3c:77:58:7c:f5:80:14:a6:91:a1:39:ac:c9:e9:d6:17:de:a7:
         37:2b:ca:34:e7:d9:4a:db:06:6d:1b:80:95:cb:0d:f8:4b:4d:
         5c:99:2d:38:00:44:a0:96:81:c9:06:b5:f0:65:bc:76:09:29:
         fc:12:df:3e:8d:a0:1e:ee:f9:d6:80:bd:e0:70:ae:72:0c:9d:
         bd:c3:17:05:ef:c5:b8:48:c9:f1:68:3c:31:00:99:dd:18:28:
         d2:4d:b8:ac:42:d3:e2:40:cd:cf:25:ca:ef:7c:89:0e:f2:a7:
         8a:9e:a1:62:51:d4:a2:35:6a:a9:d6:84:49:44:21:9f:a2:19:
         33:0a:4a:f8:bd:29:99:2d:98:e7:57:77:47:40:9a:b4:70:6e:
         42:2e:ab:c5:ff:41:35:fc:c9:a2:ae:44:c2:09:17:ca:79:2d:
         58:b5:cc:4b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUSv/K2cGW4nQ3Q++bfw3DIl8/aHUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDAwNTVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJjZDlmNzdiYTc4MDI1MDVkZDRlOTVhOTMyYTU5MTBkYjNkMzVmOTNlYzg0
ZjIyOWIzNTI3OWU1OGM4ZmQ5YzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpTJC7Dec69gu9ZvxK5+gQuk+Q7pTUAF1Px2LT3Jk+3UX+A9FyaXO2ebXK+
e5PMLyEcp/6Oa9qZQqaWuUuHdgccMSKtzJVS4ATeEVImxNHoIhSzJyV9nfRfUV6M
TFdg17wn+jbBfdriF3lOzBndnPSq8t/AZ4qqsh1wD0oPLlhFdfC3q/72eN/lHlZ7
gbClnNBWzR6jNJucQfzM/A74KDrwvTVprYGOh3vaFGmQZbFTKLJbu/8b1blkMA/+
XHpGF0b/ROLd0Ysae/KTGgW3v2XU/Ht6/72jxx+Miavr3EQbV2PKUXZb8mXssOQK
2UCx/iS0/L+JJX1j9lBJqXtm01MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQSarzP
M+Na46k06y0/Uq0g03gU5zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWI1MWE4OGYtNzQ5NS00NzU0LTk4NWEtNzAwODg1ZDI1NTRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0Hfg
QDANBgkqhkiG9w0BAQsFAAOCAQEAth9UpCalbDAPKUV0Z7Ku+DDL/icbCiCKJ/Kv
XLm1v19pXhlfdNTfKZq2wJ1LmkUH8aj0NFbCGSxrixA9Vq0Wk7pxFhC3TUg1DLxf
GpOWUR6Vqo7fRnX8MvSDPHdYfPWAFKaRoTmsyenWF96nNyvKNOfZStsGbRuAlcsN
+EtNXJktOABEoJaByQa18GW8dgkp/BLfPo2gHu751oC94HCucgydvcMXBe/FuEjJ
8Wg8MQCZ3Rgo0k24rELT4kDNzyXK73yJDvKnip6hYlHUojVqqdaESUQhn6IZMwpK
+L0pmS2Y51d3R0CatHBuQi6rxf9BNfzJoq5EwgkXynktWLXMSw==
-----END CERTIFICATE-----