Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c02bd597-170b-4eec-b8d1-18d678b065fa.roa
File:                     c02bd597-170b-4eec-b8d1-18d678b065fa.roa (raw, json)
Hash identifier:          bupGF0ifuDYsaZfIhQu4XpwTd54JZ6FThI8GXwHDZfU=
Subject key identifier:   C3:34:B1:02:D1:BE:DA:1D:61:98:EB:F3:C3:B0:44:8B:5B:C5:30:6B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7B738AA74F4D25BE50E10A26C48F2E610DB9E55F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c02bd597-170b-4eec-b8d1-18d678b065fa.roa
Signing time:             Mon 31 Mar 2025 19:30:08 +0000
ROA not before:           Mon 31 Mar 2025 19:30:08 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:8010::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:73:8a:a7:4f:4d:25:be:50:e1:0a:26:c4:8f:2e:61:0d:b9:e5:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:30:08 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:37:53:25:4a:45:bc:38:eb:91:0c:19:a0:dc:
                    e0:a6:5c:24:31:d1:27:9f:d0:b1:c1:45:8a:f9:2c:
                    e5:f1:0a:8f:85:54:82:d4:84:eb:e1:9c:b7:ce:f6:
                    31:8b:03:85:b6:cf:52:bc:f9:9c:c2:d0:f1:c3:0f:
                    4c:3c:a9:6d:a7:b6:89:5a:8d:81:36:ea:dc:51:ad:
                    c8:b2:22:8d:e2:95:d7:ac:38:0d:59:22:09:fb:a9:
                    1b:9f:df:e0:ca:3f:44:10:0b:20:8a:eb:bb:27:79:
                    99:84:62:53:d0:a0:85:ff:dd:15:53:e2:0f:6b:5d:
                    62:cd:92:0f:60:ea:d6:55:2f:07:3d:bb:a2:c6:b5:
                    37:a9:26:e0:ba:1b:13:cb:cc:3e:53:81:86:94:e6:
                    5b:5b:1a:cd:80:34:05:f0:88:50:f6:44:a4:d0:bf:
                    fb:7e:f1:57:14:a9:49:c4:77:ef:fb:a4:92:6d:df:
                    96:ea:24:64:bc:b3:b9:9f:4c:6f:65:d6:98:ac:09:
                    0e:f2:ae:7e:3d:df:84:6d:3b:54:70:4b:c4:ec:bc:
                    e4:ae:08:52:df:bf:81:d0:26:ef:26:ed:04:ce:15:
                    79:fe:46:91:3e:1c:b4:2c:65:59:00:65:86:8f:6f:
                    32:cf:f2:cb:c4:2a:ad:05:a9:06:c4:57:0b:09:12:
                    7c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:34:B1:02:D1:BE:DA:1D:61:98:EB:F3:C3:B0:44:8B:5B:C5:30:6B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c02bd597-170b-4eec-b8d1-18d678b065fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:8010::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:65:d5:7a:4b:5f:ae:fc:ce:50:37:7f:20:a7:1a:95:04:22:
         27:ff:0e:43:d4:6a:ed:44:9d:12:13:da:f1:d9:15:95:99:29:
         28:8b:0b:92:1a:67:6f:f5:76:d5:8d:1a:cc:ec:b9:f9:e4:5f:
         63:c8:96:11:f3:6f:3c:24:af:a7:21:c3:dd:ca:c3:58:8b:cc:
         e6:04:52:d2:ad:21:2a:7c:eb:87:16:42:19:5b:f6:2a:4d:45:
         b4:a8:cc:b2:5c:59:d8:5c:6e:02:5b:02:b3:3a:9a:49:c4:27:
         8f:b9:65:71:00:b5:59:a7:17:a4:15:84:9e:dc:ec:3e:9d:64:
         31:98:7b:45:fd:0a:c6:f7:26:ce:62:d6:cd:d4:d0:40:00:f0:
         2c:8d:a8:64:b7:43:aa:ef:c5:eb:2b:de:e8:58:1e:fc:ad:98:
         59:35:a6:e9:91:de:d9:e8:a5:20:23:c7:fc:d3:b9:59:26:22:
         b6:84:f1:98:65:ab:90:2c:ae:9a:d5:c8:d5:30:ad:38:04:ec:
         a6:1c:ee:92:99:04:f0:05:14:9c:32:08:4e:87:a9:a4:54:5d:
         05:2e:ce:cf:de:3f:f7:6f:a0:12:13:99:6a:42:06:b0:9b:2f:
         ee:da:f3:5c:92:a4:09:43:9f:23:ad:c2:70:19:ff:02:b0:76:
         78:00:fe:49
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUe3OKp09NJb5Q4QomxI8uYQ255V8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTMwMDhaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlMDllNTZkMzQwNDcwMTk4MDZkOGUzZmNmOTg1MTk2MGJkNGQzNzM1ZWNl
ZGYzYWRiN2JmYjA2OGE5OTRhOGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJI3UyVKRbw465EMGaDc4KZcJDHRJ5/QscFFivks5fEKj4VUgtSE6+Gct872
MYsDhbbPUrz5nMLQ8cMPTDypbae2iVqNgTbq3FGtyLIijeKV16w4DVkiCfupG5/f
4Mo/RBALIIrruyd5mYRiU9Cghf/dFVPiD2tdYs2SD2Dq1lUvBz27osa1N6km4Lob
E8vMPlOBhpTmW1sazYA0BfCIUPZEpNC/+37xVxSpScR37/ukkm3fluokZLyzuZ9M
b2XWmKwJDvKufj3fhG07VHBLxOy85K4IUt+/gdAm7ybtBM4Vef5GkT4ctCxlWQBl
ho9vMs/yy8QqrQWpBsRXCwkSfBMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTDNLEC
0b7aHWGY6/PDsESLW8UwazAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzAyYmQ1OTctMTcwYi00ZWVjLWI4ZDEtMThkNjc4YjA2NWZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
EDANBgkqhkiG9w0BAQsFAAOCAQEATGXVektfrvzOUDd/IKcalQQiJ/8OQ9Rq7USd
EhPa8dkVlZkpKIsLkhpnb/V21Y0azOy5+eRfY8iWEfNvPCSvpyHD3crDWIvM5gRS
0q0hKnzrhxZCGVv2Kk1FtKjMslxZ2FxuAlsCszqaScQnj7llcQC1WacXpBWEntzs
Pp1kMZh7Rf0KxvcmzmLWzdTQQADwLI2oZLdDqu/F6yve6Fge/K2YWTWm6ZHe2eil
ICPH/NO5WSYitoTxmGWrkCyumtXI1TCtOATsphzukpkE8AUUnDIIToeppFRdBS7O
z94/92+gEhOZakIGsJsv7trzXJKkCUOfI63CcBn/ArB2eAD+SQ==
-----END CERTIFICATE-----