Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ca1ed493-accf-4e7e-8542-cdb1f8d4834b.roa
File:                     ca1ed493-accf-4e7e-8542-cdb1f8d4834b.roa (raw, json)
Hash identifier:          D9ZECxY3bbauj8DGKf4mPtMNzCEcZjpG+1wcCxY/I5s=
Subject key identifier:   5D:5D:C1:19:39:6D:C0:60:4A:E1:B7:6D:FC:CD:87:54:9B:5B:41:D2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       45776F2306CAE9EC67B37B7ABECDF841F5F51A27
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ca1ed493-accf-4e7e-8542-cdb1f8d4834b.roa
Signing time:             Mon 31 Mar 2025 20:30:13 +0000
ROA not before:           Mon 31 Mar 2025 20:30:13 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:60c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:77:6f:23:06:ca:e9:ec:67:b3:7b:7a:be:cd:f8:41:f5:f5:1a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:30:13 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e0:0f:52:67:e6:38:ef:aa:a9:05:0b:4a:5b:
                    9e:68:61:65:0c:92:65:02:d8:34:c6:2f:61:b8:f5:
                    4b:59:19:a1:79:8a:9f:8f:e1:1c:9f:c3:d7:a8:28:
                    45:a2:30:fb:1a:72:68:be:3b:23:9d:e7:e0:44:70:
                    ed:8e:9b:08:36:90:7b:84:03:d3:87:fe:65:f1:f3:
                    fe:ea:ce:6b:4f:4f:6e:89:eb:dd:9b:88:f2:bd:c3:
                    18:a2:0c:16:e1:42:16:25:1a:d8:61:d1:46:2d:60:
                    df:60:93:59:79:70:84:4b:4a:21:e4:b2:48:e4:c7:
                    7f:64:1e:85:c8:f8:1a:44:57:63:a2:b1:ac:f6:16:
                    65:94:36:f3:54:65:11:b3:5e:f0:b1:df:56:60:d3:
                    88:f7:6c:67:2e:fb:bd:f1:bd:fa:4a:88:e1:fc:bc:
                    0a:f1:11:c3:25:ba:20:c0:34:69:e2:60:1b:e0:f4:
                    60:45:aa:3c:2a:9f:2f:d1:2c:94:6e:83:4f:7f:42:
                    10:c7:01:21:89:1a:d9:14:40:77:a3:93:b7:ac:ee:
                    74:8c:0f:f2:41:1d:2a:c9:97:cf:93:82:a3:56:a5:
                    4e:82:bb:75:0a:c2:e5:ff:fe:23:64:f8:8f:37:54:
                    5e:0d:4e:72:32:d5:37:79:bc:7c:0c:3e:7d:9c:03:
                    a1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:5D:C1:19:39:6D:C0:60:4A:E1:B7:6D:FC:CD:87:54:9B:5B:41:D2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ca1ed493-accf-4e7e-8542-cdb1f8d4834b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:60c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         00:71:38:e8:d8:df:ed:f1:c1:8f:61:d3:1b:a0:23:c9:f8:5e:
         14:d3:23:72:24:61:31:09:41:3e:d0:5f:08:8a:b3:24:c4:5d:
         65:f8:91:54:b4:6b:b0:83:0a:bf:a6:e2:54:d0:f7:60:09:b6:
         77:8b:cf:0c:60:85:64:55:79:c0:ee:80:fc:fc:6a:48:b4:1a:
         0d:e1:b1:51:6c:2f:64:28:5e:fb:08:34:79:f4:bb:fe:f0:87:
         fa:64:3e:d2:2e:ac:bf:c1:db:a2:5b:82:b3:9e:9c:40:68:ba:
         88:53:5d:de:4d:49:31:88:84:69:9a:47:32:5b:76:7c:21:92:
         83:a8:89:6b:1e:c3:6c:3b:1a:7a:9d:f2:fb:eb:76:59:3e:df:
         bd:85:4d:64:e0:ef:15:b6:85:72:89:fb:a1:78:5c:ac:f3:45:
         b6:32:ae:fb:12:e2:e2:d6:c0:78:f8:7f:6f:63:73:45:91:f7:
         23:d1:a6:40:70:31:8a:f0:00:b6:fa:4b:bc:61:6c:20:20:99:
         04:53:64:80:14:a0:d8:4a:53:d5:dd:bc:c8:71:04:ac:93:28:
         62:08:39:04:43:ac:7d:64:f7:2d:50:b7:57:83:6d:1d:65:e2:
         6f:14:74:b5:c2:b6:3d:94:88:26:a4:41:42:da:10:bd:27:4f:
         0b:3f:91:37
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURXdvIwbK6exns3t6vs34QfX1GicwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMwMTNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE2NDg2MzM1YTM3NGU5NzNlZjEwYTJmMjIzOWRlNGIyMWIzYzYwODg2YTU4
ZGIwOWM5YzNkMjdjY2JlYWY0ZGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMngD1Jn5jjvqqkFC0pbnmhhZQySZQLYNMYvYbj1S1kZoXmKn4/hHJ/D16go
RaIw+xpyaL47I53n4ERw7Y6bCDaQe4QD04f+ZfHz/urOa09Pbonr3ZuI8r3DGKIM
FuFCFiUa2GHRRi1g32CTWXlwhEtKIeSySOTHf2Qehcj4GkRXY6KxrPYWZZQ281Rl
EbNe8LHfVmDTiPdsZy77vfG9+kqI4fy8CvERwyW6IMA0aeJgG+D0YEWqPCqfL9Es
lG6DT39CEMcBIYka2RRAd6OTt6zudIwP8kEdKsmXz5OCo1alToK7dQrC5f/+I2T4
jzdUXg1OcjLVN3m8fAw+fZwDoUUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRdXcEZ
OW3AYErht238zYdUm1tB0jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2ExZWQ0OTMtYWNjZi00ZTdlLTg1NDItY2RiMWY4ZDQ4MzRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0Hdg
wDANBgkqhkiG9w0BAQsFAAOCAQEAAHE46Njf7fHBj2HTG6AjyfheFNMjciRhMQlB
PtBfCIqzJMRdZfiRVLRrsIMKv6biVND3YAm2d4vPDGCFZFV5wO6A/PxqSLQaDeGx
UWwvZChe+wg0efS7/vCH+mQ+0i6sv8HboluCs56cQGi6iFNd3k1JMYiEaZpHMlt2
fCGSg6iJax7DbDsaep3y++t2WT7fvYVNZODvFbaFcon7oXhcrPNFtjKu+xLi4tbA
ePh/b2NzRZH3I9GmQHAxivAAtvpLvGFsICCZBFNkgBSg2EpT1d28yHEErJMoYgg5
BEOsfWT3LVC3V4NtHWXibxR0tcK2PZSIJqRBQtoQvSdPCz+RNw==
-----END CERTIFICATE-----