Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6ce96a4-eb6b-4bed-b15b-b1e3cdcac418.roa
File:                     c6ce96a4-eb6b-4bed-b15b-b1e3cdcac418.roa (raw, json)
Hash identifier:          V7+GxZeHjivZjJeYcd6aZ4Lg3SOhZcysXG7EqRe9hUA=
Subject key identifier:   41:66:94:C2:6D:95:CF:91:6F:C3:43:3B:88:70:96:25:50:84:74:8A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       521E2A5D2E0EEAEBDBAC5406ADFF2580FF04745D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6ce96a4-eb6b-4bed-b15b-b1e3cdcac418.roa
Signing time:             Mon 31 Mar 2025 21:11:22 +0000
ROA not before:           Mon 31 Mar 2025 21:11:22 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d018::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:1e:2a:5d:2e:0e:ea:eb:db:ac:54:06:ad:ff:25:80:ff:04:74:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:11:22 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:22:ab:7d:44:dd:62:91:d2:5e:89:cd:e2:72:
                    1e:82:24:a3:1d:76:6c:ce:d2:3f:1f:b6:89:cd:df:
                    7f:1e:9d:28:48:a8:83:1d:86:8d:8c:d4:3f:f6:97:
                    37:1a:f5:5d:b9:c1:2d:e0:bd:cd:f0:dd:f8:8d:a3:
                    80:74:e1:43:5c:e3:2b:71:b7:f0:b1:1d:60:67:95:
                    ca:b9:bf:41:46:ca:fe:52:9c:9f:7a:61:37:fc:f0:
                    5e:e8:51:f7:cc:86:76:9a:dd:d9:8d:ca:e6:72:b1:
                    d3:05:4d:1e:70:b6:48:c0:84:c0:1c:21:8e:69:5a:
                    39:71:0a:9d:a0:ee:1a:d0:16:b5:c6:25:5f:65:2c:
                    1e:c7:91:04:77:3a:b0:6e:b3:e3:f0:fd:79:73:06:
                    cb:36:87:9b:69:8a:f2:3c:7c:01:b5:83:1d:a1:77:
                    e4:89:e9:b5:01:2f:20:57:86:d6:89:c8:17:03:c8:
                    48:4f:ae:ca:be:e0:96:90:c9:80:84:26:0f:23:e8:
                    42:56:ab:d2:c5:82:6d:2d:ab:00:df:13:36:02:88:
                    8e:4d:b1:cb:80:51:54:13:99:fc:01:11:04:b3:3c:
                    de:34:f1:ed:4c:01:8a:fe:d8:e3:14:50:1a:a2:2d:
                    b3:c9:0f:d6:11:a7:91:6a:9d:d6:23:89:cf:9d:cc:
                    8d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:66:94:C2:6D:95:CF:91:6F:C3:43:3B:88:70:96:25:50:84:74:8A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6ce96a4-eb6b-4bed-b15b-b1e3cdcac418.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d018::/38

    Signature Algorithm: sha256WithRSAEncryption
         71:12:e8:5d:b1:f4:e3:1c:b0:79:0a:0e:1a:ab:29:34:16:e2:
         6d:68:02:35:8b:e5:72:c9:db:c2:11:ce:84:27:17:3e:2e:ab:
         80:7d:74:cd:cf:7f:71:c2:04:b6:15:29:8b:50:a1:a4:66:fc:
         48:2b:2d:50:74:e2:ba:8b:2b:72:09:a0:30:4f:24:c6:0f:f3:
         3e:8a:66:1f:b2:8a:79:a8:27:8c:d0:24:70:9e:b5:9e:0c:43:
         be:8f:84:61:bd:03:cc:8c:8e:56:4c:e5:f9:34:5e:37:c5:51:
         09:6f:36:5f:fd:20:04:d9:7a:e2:d7:f1:93:e8:4f:40:1a:c3:
         4a:7c:7d:dc:5d:2c:8f:ae:40:9a:f3:cc:99:16:58:da:74:ef:
         f3:79:24:65:33:b8:9d:0b:98:58:79:dc:0c:eb:86:92:dc:1f:
         d5:96:25:84:c8:4e:ff:38:9a:39:10:e5:05:f9:37:ef:cd:f3:
         00:b6:46:e8:3b:78:c5:01:c8:24:09:90:ea:6d:8a:77:d1:11:
         80:b6:38:6e:27:99:4f:33:d8:4b:f9:70:e2:fa:2b:ea:da:55:
         bf:c4:03:49:98:1f:07:11:7f:89:82:76:f6:59:2c:81:b7:c4:
         9b:c5:f9:70:7e:75:3c:a8:b3:1b:b6:1c:a1:54:c5:e5:23:c8:
         39:00:e6:a0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUh4qXS4O6uvbrFQGrf8lgP8EdF0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTExMjJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyMWI1OWNmOThiMzdmNTRjNmQ5OTNjMWMxYzVkZWNkNDNkMGJlYTQ1NDM3
YzZkNmY1NzdlZTJkMWM3ZGVmMjcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4iq31E3WKR0l6JzeJyHoIkox12bM7SPx+2ic3ffx6dKEiogx2GjYzUP/aX
Nxr1XbnBLeC9zfDd+I2jgHThQ1zjK3G38LEdYGeVyrm/QUbK/lKcn3phN/zwXuhR
98yGdprd2Y3K5nKx0wVNHnC2SMCEwBwhjmlaOXEKnaDuGtAWtcYlX2UsHseRBHc6
sG6z4/D9eXMGyzaHm2mK8jx8AbWDHaF35InptQEvIFeG1onIFwPISE+uyr7glpDJ
gIQmDyPoQlar0sWCbS2rAN8TNgKIjk2xy4BRVBOZ/AERBLM83jTx7UwBiv7Y4xRQ
GqIts8kP1hGnkWqd1iOJz53MjUsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRBZpTC
bZXPkW/DQzuIcJYlUIR0ijAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzZjZTk2YTQtZWI2Yi00YmVkLWIxNWItYjFlM2NkY2FjNDE4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BgA
MA0GCSqGSIb3DQEBCwUAA4IBAQBxEuhdsfTjHLB5Cg4aqyk0FuJtaAI1i+VyydvC
Ec6EJxc+LquAfXTNz39xwgS2FSmLUKGkZvxIKy1QdOK6iytyCaAwTyTGD/M+imYf
sop5qCeM0CRwnrWeDEO+j4RhvQPMjI5WTOX5NF43xVEJbzZf/SAE2Xri1/GT6E9A
GsNKfH3cXSyPrkCa88yZFljadO/zeSRlM7idC5hYedwM64aS3B/VliWEyE7/OJo5
EOUF+TfvzfMAtkboO3jFAcgkCZDqbYp30RGAtjhuJ5lPM9hL+XDi+ivq2lW/xANJ
mB8HEX+Jgnb2WSyBt8SbxflwfnU8qLMbthyhVMXlI8g5AOag
-----END CERTIFICATE-----