Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aeb942d1-e5f2-47dd-bd26-7b99f70267ad.roa
File:                     aeb942d1-e5f2-47dd-bd26-7b99f70267ad.roa (raw, json)
Hash identifier:          8APeuFyiFKMK3uVLZ7V14alkzkKxBOt5SV/mlGQXkns=
Subject key identifier:   86:40:59:98:08:6E:A4:DC:A5:F2:A3:96:5D:E7:0B:13:19:DC:DA:F1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       58E9EBC37B1D9AEFBE96A029CAEC61A1FE3C7DA8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aeb942d1-e5f2-47dd-bd26-7b99f70267ad.roa
Signing time:             Mon 31 Mar 2025 20:31:44 +0000
ROA not before:           Mon 31 Mar 2025 20:31:44 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:1080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:e9:eb:c3:7b:1d:9a:ef:be:96:a0:29:ca:ec:61:a1:fe:3c:7d:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:44 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:38:49:a0:00:23:1d:fb:49:fb:f0:61:fb:74:
                    e4:d7:8c:db:23:c4:f8:50:8e:3e:c5:fd:81:6d:01:
                    5c:a4:aa:98:29:dc:9e:39:00:ce:ad:6e:5d:66:57:
                    8d:1c:bb:b2:85:2f:00:db:d5:67:04:0f:b4:d5:da:
                    b5:a9:ff:76:01:47:2e:dd:2e:31:b7:c0:05:83:83:
                    a5:2c:e2:c1:14:ea:26:aa:b4:e5:29:96:ef:37:a0:
                    ad:c0:e7:c0:aa:1f:ef:86:68:01:a7:d0:c8:c4:a0:
                    5e:d5:fa:96:a0:d5:71:73:c5:af:1d:48:d1:d8:2c:
                    94:d8:44:d9:ee:0b:59:cc:88:79:8e:19:c3:43:fc:
                    27:dc:a6:23:10:0d:fd:d6:4f:ed:1f:fc:31:1c:bf:
                    8b:48:cf:e8:c4:52:50:93:b1:e3:1e:39:c9:50:64:
                    ae:d8:3d:0d:20:c3:c9:0d:3d:81:3f:78:5b:02:4c:
                    b8:39:43:da:89:ea:e3:16:7c:cd:ca:45:4d:70:8b:
                    af:bc:46:4c:b5:71:f7:e4:c0:52:ec:26:83:22:a0:
                    92:ae:35:9f:73:6a:e1:f6:ee:89:0c:3d:d2:35:81:
                    cb:da:70:09:af:be:8a:59:04:d7:f1:0d:d1:15:3a:
                    07:a9:33:6d:9e:b5:2e:f2:41:bb:f5:ad:3c:53:c5:
                    21:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:40:59:98:08:6E:A4:DC:A5:F2:A3:96:5D:E7:0B:13:19:DC:DA:F1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aeb942d1-e5f2-47dd-bd26-7b99f70267ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:1080::/46

    Signature Algorithm: sha256WithRSAEncryption
         9e:57:a4:87:e4:90:09:12:cf:e2:02:5a:99:05:25:99:9c:3b:
         e3:4c:dd:22:1d:23:90:26:52:55:b2:d7:cc:bd:0b:1f:ae:8e:
         97:e9:4e:31:68:55:b5:88:3a:dc:81:e5:bd:d7:00:37:7f:30:
         b0:ef:d1:c5:9b:e7:8b:cd:35:72:88:a8:68:fc:1f:2a:1b:dc:
         4b:84:e6:e6:23:27:c6:a6:33:9e:be:00:10:d7:db:ac:49:9c:
         d1:0f:62:df:94:af:e2:9b:2b:ea:d4:3e:24:3a:92:99:20:98:
         ac:99:b1:9a:10:ba:ca:94:13:24:97:ea:5f:f1:dd:37:4a:68:
         e0:82:30:a9:16:55:21:1c:c1:06:07:e9:f4:11:75:33:11:1a:
         1b:ce:be:81:67:80:cf:b7:4e:bc:da:60:ba:94:eb:ac:70:3d:
         36:90:86:e6:7b:2d:3d:ad:73:eb:16:a5:db:aa:b9:3e:96:b9:
         78:b8:b4:cc:f4:25:0c:23:8a:ef:d2:a2:42:3f:bd:84:4f:d9:
         4b:47:1e:b9:ec:9d:87:5a:92:c3:71:3c:9f:13:c4:3b:c4:86:
         c5:87:59:19:c1:92:9f:e1:87:70:38:fa:59:90:b6:4b:f9:2e:
         12:d5:a2:ca:04:6c:56:a1:87:36:59:3b:ff:53:7f:2d:28:25:
         0c:c5:0a:2e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUWOnrw3sdmu++lqApyuxhof48fagwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxNDRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ4ZGU2N2M4ZGU2NDMzZTEwMWNjNTVmZWQ2MTZhOWQxZjUzODQyYjE4OGE3
ZmU3OTdkYTUzY2YwMmQxMDg4NDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJc4SaAAIx37SfvwYft05NeM2yPE+FCOPsX9gW0BXKSqmCncnjkAzq1uXWZX
jRy7soUvANvVZwQPtNXatan/dgFHLt0uMbfABYODpSziwRTqJqq05SmW7zegrcDn
wKof74ZoAafQyMSgXtX6lqDVcXPFrx1I0dgslNhE2e4LWcyIeY4Zw0P8J9ymIxAN
/dZP7R/8MRy/i0jP6MRSUJOx4x45yVBkrtg9DSDDyQ09gT94WwJMuDlD2onq4xZ8
zcpFTXCLr7xGTLVx9+TAUuwmgyKgkq41n3Nq4fbuiQw90jWBy9pwCa++ilkE1/EN
0RU6B6kzbZ61LvJBu/WtPFPFIY8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSGQFmY
CG6k3KXyo5Zd5wsTGdza8TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWViOTQyZDEtZTVmMi00N2RkLWJkMjYtN2I5OWY3MDI2N2FkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DUQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAnlekh+SQCRLP4gJamQUlmZw740zdIh0jkCZS
VbLXzL0LH66Ol+lOMWhVtYg63IHlvdcAN38wsO/RxZvni801coioaPwfKhvcS4Tm
5iMnxqYznr4AENfbrEmc0Q9i35Sv4psr6tQ+JDqSmSCYrJmxmhC6ypQTJJfqX/Hd
N0po4IIwqRZVIRzBBgfp9BF1MxEaG86+gWeAz7dOvNpgupTrrHA9NpCG5nstPa1z
6xal26q5Ppa5eLi0zPQlDCOK79KiQj+9hE/ZS0ceueydh1qSw3E8nxPEO8SGxYdZ
GcGSn+GHcDj6WZC2S/kuEtWiygRsVqGHNlk7/1N/LSglDMUKLg==
-----END CERTIFICATE-----