Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c8af18fc-ae06-42ae-9533-a5516ea722d4.roa
File:                     c8af18fc-ae06-42ae-9533-a5516ea722d4.roa (raw, json)
Hash identifier:          Ka1VK4KZbH6V/LNa1B9x8WC9yWqmoZA9kQOszroKcno=
Subject key identifier:   32:3F:14:3D:33:8B:CF:1B:07:C6:A4:95:35:79:22:06:85:DF:6F:0D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       71AED6B3628062EC04C8B4C63C4413378EDFBA5E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c8af18fc-ae06-42ae-9533-a5516ea722d4.roa
Signing time:             Mon 31 Mar 2025 19:41:21 +0000
ROA not before:           Mon 31 Mar 2025 19:41:21 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:9080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:ae:d6:b3:62:80:62:ec:04:c8:b4:c6:3c:44:13:37:8e:df:ba:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:41:21 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4a:0a:5e:c6:70:f3:e2:61:5f:2e:54:a1:9f:
                    81:a4:64:8f:e7:c9:f6:ec:f5:fb:67:96:b1:34:95:
                    0d:01:ba:62:05:7f:7f:d3:f6:12:21:b3:8a:d8:5a:
                    e5:5c:db:34:16:14:bc:a4:f6:43:d8:fc:63:7d:15:
                    84:3b:29:4c:1d:bd:31:0e:35:b1:6e:10:23:2a:40:
                    71:56:74:61:70:d2:e5:91:12:13:74:88:0e:95:a2:
                    58:02:40:5b:55:30:b2:33:95:4d:ef:8c:06:17:a4:
                    a0:db:55:85:16:56:90:dc:93:68:42:87:ee:09:10:
                    da:b3:ef:3e:de:38:c4:aa:45:22:1e:f7:64:16:49:
                    e3:3d:3d:d3:0e:08:01:3f:06:19:f1:23:da:e3:4d:
                    19:24:b0:d7:42:27:74:d0:fd:03:15:64:0b:1d:74:
                    d1:4e:48:6f:ec:e6:3e:c2:c6:26:37:79:bb:f4:5a:
                    d8:30:e4:76:c9:f8:b2:9d:7d:bf:47:5d:7a:f1:27:
                    75:d3:7d:73:98:37:ab:87:02:9e:03:d9:23:cb:7a:
                    b7:4c:75:cc:6d:43:b5:9d:51:86:fa:24:ff:75:c1:
                    c2:54:54:71:c6:f5:4a:4a:15:d3:3e:39:22:7f:52:
                    3c:6f:d6:0a:f1:81:18:05:6b:84:58:9c:69:b2:d3:
                    e9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:3F:14:3D:33:8B:CF:1B:07:C6:A4:95:35:79:22:06:85:DF:6F:0D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c8af18fc-ae06-42ae-9533-a5516ea722d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:9080::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:c4:51:f9:85:bb:7a:a1:3b:b4:ca:b0:d6:7a:3a:39:21:c0:
         13:58:dd:b4:40:b3:a4:ae:a9:f4:85:ef:b6:9d:ee:46:cd:a9:
         ca:ef:30:f2:c1:46:b5:dc:45:02:d0:15:65:ce:47:73:93:c7:
         ae:cb:7d:a3:16:3a:5c:5e:e9:1b:c4:99:a5:67:15:c6:6c:66:
         d2:e6:82:19:58:7a:fa:49:a9:f7:78:02:ce:a0:0f:b1:f9:0d:
         c4:db:27:1b:8c:7d:5a:8a:66:f1:fb:5c:36:ce:9e:be:8e:05:
         a8:32:93:6d:c6:4a:80:08:2a:ff:1f:1f:10:89:b2:02:a0:e4:
         e1:97:1f:7c:b5:e6:b2:83:11:38:bb:ca:68:f7:f1:e0:d0:e9:
         47:88:69:b7:47:90:d4:8a:c2:94:f2:6a:45:03:d5:1f:b5:98:
         a3:36:0f:7c:fe:0f:f4:56:95:2b:21:05:56:12:49:13:0a:01:
         6e:63:e2:c5:0f:95:b7:46:ca:12:34:60:ba:26:67:3c:66:a0:
         8d:df:15:c6:ec:db:17:bb:31:eb:c4:ca:e5:3d:6f:6b:e5:3e:
         12:bc:df:3a:05:52:57:2d:bb:80:8c:5b:a2:cf:d0:c2:76:20:
         1f:9c:98:b4:56:72:00:75:ef:52:9b:d9:45:80:0e:c1:c7:ac:
         f0:18:48:69
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUca7Ws2KAYuwEyLTGPEQTN47ful4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTQxMjFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDA4NmZjNjU3NWI5OTc3ZTVlNmQ0ZjgwNjZhOTdhYmE1MGM0YmJiNmY2Njc2
NjJkMmVkNWQzODNkZTU5ZTdmMWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJtKCl7GcPPiYV8uVKGfgaRkj+fJ9uz1+2eWsTSVDQG6YgV/f9P2EiGzitha
5VzbNBYUvKT2Q9j8Y30VhDspTB29MQ41sW4QIypAcVZ0YXDS5ZESE3SIDpWiWAJA
W1UwsjOVTe+MBhekoNtVhRZWkNyTaEKH7gkQ2rPvPt44xKpFIh73ZBZJ4z090w4I
AT8GGfEj2uNNGSSw10IndND9AxVkCx100U5Ib+zmPsLGJjd5u/Ra2DDkdsn4sp19
v0ddevEnddN9c5g3q4cCngPZI8t6t0x1zG1DtZ1Rhvok/3XBwlRUccb1SkoV0z45
In9SPG/WCvGBGAVrhFicabLT6ZkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQyPxQ9
M4vPGwfGpJU1eSIGhd9vDTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzhhZjE4ZmMtYWUwNi00MmFlLTk1MzMtYTU1MTZlYTcyMmQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAncRR+YW7eqE7tMqw1no6OSHAE1jdtECzpK6p
9IXvtp3uRs2pyu8w8sFGtdxFAtAVZc5Hc5PHrst9oxY6XF7pG8SZpWcVxmxm0uaC
GVh6+kmp93gCzqAPsfkNxNsnG4x9Wopm8ftcNs6evo4FqDKTbcZKgAgq/x8fEImy
AqDk4ZcffLXmsoMROLvKaPfx4NDpR4hpt0eQ1IrClPJqRQPVH7WYozYPfP4P9FaV
KyEFVhJJEwoBbmPixQ+Vt0bKEjRguiZnPGagjd8VxuzbF7sx68TK5T1va+U+Erzf
OgVSVy27gIxbos/QwnYgH5yYtFZyAHXvUpvZRYAOwces8BhIaQ==
-----END CERTIFICATE-----