Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6b4bacc-5824-4f9c-a10d-49f145db8549.roa
File:                     c6b4bacc-5824-4f9c-a10d-49f145db8549.roa (raw, json)
Hash identifier:          5FYvhQPq6q+7rz2OuNRrJM8Ekky7SXCMXRG/9HWw7Dg=
Subject key identifier:   59:7E:7F:F9:B1:C3:55:46:44:3B:AC:50:C7:8D:91:39:C4:57:0E:99
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7C61906972264435DC251B4F423D5C4028BC39BA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6b4bacc-5824-4f9c-a10d-49f145db8549.roa
Signing time:             Sat 05 Apr 2025 00:10:13 +0000
ROA not before:           Sat 05 Apr 2025 00:10:13 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d02f::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:61:90:69:72:26:44:35:dc:25:1b:4f:42:3d:5c:40:28:bc:39:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  5 00:10:13 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c4:68:1f:51:65:06:e0:15:10:59:c1:6d:4f:
                    47:53:9b:5b:3e:23:12:aa:81:e9:f9:a5:69:0a:27:
                    d0:93:4a:78:cb:e4:d8:b6:8a:ab:6a:b0:47:1c:37:
                    5b:9f:40:ec:e7:15:b5:a5:47:dd:c7:1a:36:96:c3:
                    a1:bb:ae:c6:cd:10:3f:83:c5:22:bb:78:35:8a:d6:
                    e3:09:85:3f:54:87:c2:2e:c0:1b:2e:e8:e5:33:b5:
                    b6:21:45:cc:c4:13:35:53:e1:fb:b7:7e:ce:77:8b:
                    b5:63:d0:a1:49:dd:ff:94:cf:8c:ee:fb:1d:de:ed:
                    e8:58:07:c4:db:36:99:53:0e:d1:22:80:71:13:23:
                    c7:1e:d7:f0:ad:c2:d8:ca:b9:b1:27:15:ae:70:f1:
                    f4:71:61:41:43:05:17:d2:a3:fb:cf:51:6f:b2:39:
                    72:47:e6:38:16:8b:d6:19:66:0a:49:1d:1c:e5:ca:
                    37:71:9e:da:fb:7f:9a:f6:76:13:0b:03:d2:03:a3:
                    c5:5f:8b:82:21:97:65:a6:44:81:3e:ac:d8:a1:e4:
                    8b:8c:ea:ec:ae:9a:f8:f5:08:7f:47:f0:45:de:be:
                    1f:d5:cf:44:a5:47:ba:2e:40:5b:db:fe:02:a9:ba:
                    b7:67:f4:2f:0a:3f:21:ac:74:c9:34:a1:ea:1a:aa:
                    20:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:7E:7F:F9:B1:C3:55:46:44:3B:AC:50:C7:8D:91:39:C4:57:0E:99
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6b4bacc-5824-4f9c-a10d-49f145db8549.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d02f::/36

    Signature Algorithm: sha256WithRSAEncryption
         bf:3b:19:38:8e:68:d7:4e:74:0c:7d:5c:66:24:ec:9c:85:d4:
         50:22:19:f0:f5:91:59:7e:36:cf:21:15:f6:ae:f3:59:4d:bd:
         03:05:e5:ce:eb:ee:98:9e:d1:2e:a6:69:0a:b0:a1:a6:5f:68:
         70:87:23:1f:46:83:17:ba:fe:4b:6c:55:60:b6:b2:49:33:1c:
         18:74:d5:46:4a:78:16:42:7a:a0:4d:a5:1d:aa:86:9d:fb:da:
         34:a1:9e:12:b0:7d:03:da:40:5d:c7:22:d9:b8:c9:96:c0:00:
         27:94:0b:d9:b0:39:10:4b:4b:95:d4:56:02:28:25:d1:d1:21:
         ca:cc:07:ec:fd:04:12:50:82:cd:00:72:4d:7d:5e:47:66:09:
         3a:6c:c0:ec:55:50:e5:48:a6:d8:ff:de:d5:a0:fa:68:78:3e:
         b3:42:bb:2c:53:04:1e:6f:32:53:05:15:dd:16:f9:bc:8e:b7:
         3a:a7:9f:e6:03:6a:9d:f2:50:8f:dd:e6:98:25:d0:b2:41:47:
         29:6a:2f:12:8b:c0:15:00:dd:e1:63:2c:e2:87:32:3c:76:42:
         67:55:6c:2f:ac:f9:e3:ea:be:39:0e:fb:ba:b2:c0:71:b6:ae:
         df:12:7a:2c:f1:77:9d:69:3b:7a:3d:e0:2d:60:f1:ad:e0:21:
         fa:ba:b8:74
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfGGQaXImRDXcJRtPQj1cQCi8ObowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDUwMDEwMTNaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDdkZDc5Y2Y1Mjc2ZGFjZmIyMDc5YjZkZjY1NTcyZTYyZTc3OTAwMGU3ZDg2
YWZkYzk5YTZmNTMwYjRmNTQ1NTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALPEaB9RZQbgFRBZwW1PR1ObWz4jEqqB6fmlaQon0JNKeMvk2LaKq2qwRxw3
W59A7OcVtaVH3ccaNpbDobuuxs0QP4PFIrt4NYrW4wmFP1SHwi7AGy7o5TO1tiFF
zMQTNVPh+7d+zneLtWPQoUnd/5TPjO77Hd7t6FgHxNs2mVMO0SKAcRMjxx7X8K3C
2Mq5sScVrnDx9HFhQUMFF9Kj+89Rb7I5ckfmOBaL1hlmCkkdHOXKN3Ge2vt/mvZ2
EwsD0gOjxV+LgiGXZaZEgT6s2KHki4zq7K6a+PUIf0fwRd6+H9XPRKVHui5AW9v+
Aqm6t2f0Lwo/Iax0yTSh6hqqIOECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRZfn/5
scNVRkQ7rFDHjZE5xFcOmTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzZiNGJhY2MtNTgyNC00ZjljLWExMGQtNDlmMTQ1ZGI4NTQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0C8A
MA0GCSqGSIb3DQEBCwUAA4IBAQC/Oxk4jmjXTnQMfVxmJOychdRQIhnw9ZFZfjbP
IRX2rvNZTb0DBeXO6+6YntEupmkKsKGmX2hwhyMfRoMXuv5LbFVgtrJJMxwYdNVG
SngWQnqgTaUdqoad+9o0oZ4SsH0D2kBdxyLZuMmWwAAnlAvZsDkQS0uV1FYCKCXR
0SHKzAfs/QQSUILNAHJNfV5HZgk6bMDsVVDlSKbY/97VoPpoeD6zQrssUwQebzJT
BRXdFvm8jrc6p5/mA2qd8lCP3eaYJdCyQUcpai8Si8AVAN3hYyzihzI8dkJnVWwv
rPnj6r45Dvu6ssBxtq7fEnos8XedaTt6PeAtYPGt4CH6urh0
-----END CERTIFICATE-----