Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b01a5a70-e8bc-4c88-8f86-597d891eae77.roa
File:                     b01a5a70-e8bc-4c88-8f86-597d891eae77.roa (raw, json)
Hash identifier:          s52zC3/3QXB9cpdx+yqC/yBSCdi3UfCKvOfL3pBTzCA=
Subject key identifier:   FD:95:EA:48:55:DC:39:05:8F:B6:19:36:96:87:09:F2:16:F4:46:3E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2EB57FD68A36887C3C041DEC7049DC170CCE2120
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b01a5a70-e8bc-4c88-8f86-597d891eae77.roa
Signing time:             Mon 31 Mar 2025 19:51:46 +0000
ROA not before:           Mon 31 Mar 2025 19:51:46 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:2080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:b5:7f:d6:8a:36:88:7c:3c:04:1d:ec:70:49:dc:17:0c:ce:21:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:51:46 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ff:85:a1:6c:c2:5a:9d:c5:bf:80:0d:e9:f5:
                    3c:25:e2:20:36:c6:84:60:ff:16:86:bd:10:cc:09:
                    8a:50:76:10:1b:71:4a:f1:2f:8c:30:8e:16:1c:35:
                    fb:cc:09:8c:5b:3f:25:08:d9:a1:81:b9:1c:4a:94:
                    f2:81:6b:97:d8:8f:04:12:57:ca:36:8d:2c:e6:87:
                    b0:24:b2:9c:02:d0:b0:cd:25:a3:61:ab:66:2b:c3:
                    7e:5e:8c:d6:ad:ba:d6:36:44:7e:2e:24:f8:43:c8:
                    a6:10:75:09:a6:a5:b3:b9:b5:d4:e1:2f:f1:ae:8b:
                    9c:49:51:b9:bb:54:3f:0c:30:ae:06:2f:eb:b3:dc:
                    4d:ca:76:fe:8e:90:88:51:dd:41:92:67:a9:64:a6:
                    0d:dc:22:8e:90:1c:e5:ae:c5:89:cc:12:d6:c0:31:
                    68:fc:1d:fd:34:71:81:52:b7:71:35:7f:bb:a0:bc:
                    86:58:0b:8a:c7:4a:ce:9f:5e:00:60:59:d0:fc:87:
                    8c:f3:2c:e3:25:6d:ce:f1:34:02:4a:ed:78:e8:04:
                    c0:21:24:93:6a:8a:83:36:16:eb:11:41:9a:a2:b6:
                    07:da:9b:86:6a:a2:44:95:96:ff:db:28:aa:3e:b8:
                    76:1f:7f:e4:93:87:0c:4f:9f:81:72:90:44:bb:59:
                    0e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:95:EA:48:55:DC:39:05:8F:B6:19:36:96:87:09:F2:16:F4:46:3E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b01a5a70-e8bc-4c88-8f86-597d891eae77.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:2080::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:96:d6:a0:f6:d3:5b:df:55:60:95:45:67:57:76:21:f2:b7:
         f4:56:de:65:9d:fb:f0:27:31:6a:57:2f:eb:d8:bc:08:62:11:
         2e:8f:48:fa:f4:de:36:f8:d7:d0:7b:b5:39:04:68:b7:15:de:
         50:e7:df:be:f7:90:b3:fd:a8:06:f7:a9:36:cb:8c:52:6c:cf:
         32:46:9d:b8:19:73:86:1f:d6:5f:21:c7:f1:f1:9f:64:a6:58:
         90:7c:e6:7d:4a:69:cd:39:14:28:3f:36:73:25:31:2d:65:64:
         49:f8:5f:27:8c:6e:01:ba:11:8d:b6:8a:0b:2a:57:03:b4:b3:
         b1:a2:82:d3:df:82:fa:fa:96:be:a7:80:a4:4e:44:a8:ab:13:
         9f:54:0c:b4:4a:39:91:c8:b1:a3:b6:a6:1b:87:20:85:7f:25:
         fb:4b:59:01:66:09:65:df:9f:a7:c7:aa:4e:0b:5a:c5:84:2a:
         1a:d6:1b:a9:14:c0:c0:61:98:a7:a3:75:6c:78:e5:1d:92:8b:
         1c:0c:54:2e:59:d1:ef:57:4d:a5:22:a1:64:aa:01:99:da:39:
         0d:6f:7f:30:0c:27:fa:7f:7e:e4:ee:af:6b:08:9a:d9:4a:46:
         2f:c4:6f:80:7e:68:be:a1:52:19:0f:27:ae:9a:54:77:03:25:
         39:06:8d:f3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULrV/1oo2iHw8BB3scEncFwzOISAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUxNDZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjZGZkNWQwM2UxZDI3NDkyOGRkYjUxOTYxZDEzZDQyZmU1YWZhNzYxMzZk
M2JkOWIzNzNlYzYwZjViMzE0OWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJH/haFswlqdxb+ADen1PCXiIDbGhGD/Foa9EMwJilB2EBtxSvEvjDCOFhw1
+8wJjFs/JQjZoYG5HEqU8oFrl9iPBBJXyjaNLOaHsCSynALQsM0lo2GrZivDfl6M
1q261jZEfi4k+EPIphB1Caals7m11OEv8a6LnElRubtUPwwwrgYv67PcTcp2/o6Q
iFHdQZJnqWSmDdwijpAc5a7FicwS1sAxaPwd/TRxgVK3cTV/u6C8hlgLisdKzp9e
AGBZ0PyHjPMs4yVtzvE0AkrteOgEwCEkk2qKgzYW6xFBmqK2B9qbhmqiRJWW/9so
qj64dh9/5JOHDE+fgXKQRLtZDiUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT9lepI
Vdw5BY+2GTaWhwnyFvRGPjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjAxYTVhNzAtZThiYy00Yzg4LThmODYtNTk3ZDg5MWVhZTc3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8g
gDANBgkqhkiG9w0BAQsFAAOCAQEAi5bWoPbTW99VYJVFZ1d2IfK39FbeZZ378Ccx
alcv69i8CGIRLo9I+vTeNvjX0Hu1OQRotxXeUOffvveQs/2oBvepNsuMUmzPMkad
uBlzhh/WXyHH8fGfZKZYkHzmfUppzTkUKD82cyUxLWVkSfhfJ4xuAboRjbaKCypX
A7SzsaKC09+C+vqWvqeApE5EqKsTn1QMtEo5kcixo7amG4cghX8l+0tZAWYJZd+f
p8eqTgtaxYQqGtYbqRTAwGGYp6N1bHjlHZKLHAxULlnR71dNpSKhZKoBmdo5DW9/
MAwn+n9+5O6vawia2UpGL8RvgH5ovqFSGQ8nrppUdwMlOQaN8w==
-----END CERTIFICATE-----