Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf8326d0-ecc0-4939-9939-2ed70f6ea536.roa
File:                     cf8326d0-ecc0-4939-9939-2ed70f6ea536.roa (raw, json)
Hash identifier:          0k83PDPtc/yrF1M1nOnghSgqkJkWknQlEa3NMSy9lYs=
Subject key identifier:   74:1D:CF:75:4F:EC:7C:33:28:0F:B8:F4:E9:73:36:1A:E3:8A:3B:AB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0FF474F777837600BA5F4E1190E2AA10046C4B98
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf8326d0-ecc0-4939-9939-2ed70f6ea536.roa
Signing time:             Mon 31 Mar 2025 19:51:04 +0000
ROA not before:           Mon 31 Mar 2025 19:51:04 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:1040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:f4:74:f7:77:83:76:00:ba:5f:4e:11:90:e2:aa:10:04:6c:4b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:51:04 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:4d:dc:ba:e3:67:ed:50:59:a5:21:64:3f:8c:
                    d8:e0:6b:c8:b8:6e:83:26:12:6f:63:ec:ab:c2:f8:
                    90:62:71:95:cc:5c:0a:84:ac:54:18:93:44:6d:bd:
                    18:78:10:04:2c:8f:04:e3:00:83:d6:68:fb:5c:e1:
                    fa:b3:01:85:1f:1a:b8:8b:4f:a6:e8:e3:57:e6:04:
                    74:45:ce:37:b8:1b:cb:5f:1b:11:92:07:60:0c:07:
                    7f:c7:94:07:8f:2b:5b:ee:2a:67:77:d6:98:bc:58:
                    56:45:a3:9d:0b:48:86:f2:e6:bb:d2:b3:26:93:d0:
                    0f:95:ad:d8:7d:5c:7c:b3:a6:cf:3d:56:1b:1e:1b:
                    9e:26:36:d7:21:d2:7e:a9:b2:98:5e:99:f5:3c:dc:
                    f1:11:0e:bd:86:ee:11:74:47:e5:cc:f7:ec:d7:66:
                    d7:d9:ab:7e:04:85:69:24:f5:fb:db:fc:d0:a3:dc:
                    99:c5:5b:52:31:45:10:5d:cf:9d:92:50:71:ea:76:
                    87:ca:4e:5f:c5:f7:fd:51:a2:56:ad:6d:3d:92:52:
                    97:e2:e8:81:f8:cd:5e:3c:12:17:3e:39:50:6b:32:
                    03:19:0e:e2:29:51:07:77:67:46:b1:bc:0c:71:81:
                    ea:19:8e:0e:6e:63:26:66:f3:45:1c:38:ed:5e:b0:
                    95:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:1D:CF:75:4F:EC:7C:33:28:0F:B8:F4:E9:73:36:1A:E3:8A:3B:AB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf8326d0-ecc0-4939-9939-2ed70f6ea536.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:1040::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:5f:8b:24:e0:aa:6f:c1:44:ff:81:06:39:69:22:2f:51:57:
         ec:52:d1:51:d2:76:d7:bc:f1:a5:9e:e4:c5:de:ed:a0:7c:d2:
         d2:17:e6:8a:22:07:73:1e:a1:65:42:00:ed:23:25:71:ad:7f:
         41:be:66:e4:7e:6a:40:5b:b2:eb:cb:41:7d:70:4a:74:ff:cc:
         2c:01:16:7d:47:a5:ee:25:12:e9:d6:66:da:a1:b0:32:cb:62:
         b0:d3:be:30:64:78:e9:ce:69:96:1a:a6:68:3f:58:6a:fd:2a:
         d4:33:53:aa:e2:34:24:13:c1:be:b3:d2:ca:68:50:c0:fe:9b:
         90:dc:b7:b1:26:c7:d5:a8:df:df:49:97:a8:50:6d:19:c2:e7:
         7e:4d:a3:2d:f5:99:f2:4c:0a:d8:5f:8e:3b:d2:89:ae:9b:aa:
         6d:4b:32:26:37:3c:b4:ca:6e:3d:59:e0:d5:32:0a:58:3d:26:
         af:c8:ea:b6:79:7e:ca:0e:dc:a8:9c:92:bd:40:cd:c6:bc:a0:
         e5:e8:90:6a:05:e6:f2:7b:e7:36:58:3b:64:0e:97:dc:9a:54:
         26:f5:d1:5c:f7:74:72:df:85:9a:fd:0f:a0:8e:db:16:d0:a7:
         82:9a:d7:28:1e:db:b0:74:c8:8d:77:6c:50:ea:75:62:b7:b4:
         7c:d9:de:1a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUD/R093eDdgC6X04RkOKqEARsS5gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUxMDRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDRkOWFiYmY2OTE2NjUzM2EwZmQ0OWI4NzRhNDc4NTMwZmY5MGQzZWRhM2Mx
MzA0NDU3NjMwMmVmZjg3MDE1NzgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO9N3LrjZ+1QWaUhZD+M2OBryLhugyYSb2Psq8L4kGJxlcxcCoSsVBiTRG29
GHgQBCyPBOMAg9Zo+1zh+rMBhR8auItPpujjV+YEdEXON7gby18bEZIHYAwHf8eU
B48rW+4qZ3fWmLxYVkWjnQtIhvLmu9KzJpPQD5Wt2H1cfLOmzz1WGx4bniY21yHS
fqmymF6Z9Tzc8REOvYbuEXRH5cz37Ndm19mrfgSFaST1+9v80KPcmcVbUjFFEF3P
nZJQcep2h8pOX8X3/VGiVq1tPZJSl+LogfjNXjwSFz45UGsyAxkO4ilRB3dnRrG8
DHGB6hmODm5jJmbzRRw47V6wlQkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR0Hc91
T+x8MygPuPTpczYa44o7qzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2Y4MzI2ZDAtZWNjMC00OTM5LTk5MzktMmVkNzBmNmVhNTM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAU1+LJOCqb8FE/4EGOWkiL1FX7FLRUdJ217zx
pZ7kxd7toHzS0hfmiiIHcx6hZUIA7SMlca1/Qb5m5H5qQFuy68tBfXBKdP/MLAEW
fUel7iUS6dZm2qGwMstisNO+MGR46c5plhqmaD9Yav0q1DNTquI0JBPBvrPSymhQ
wP6bkNy3sSbH1ajf30mXqFBtGcLnfk2jLfWZ8kwK2F+OO9KJrpuqbUsyJjc8tMpu
PVng1TIKWD0mr8jqtnl+yg7cqJySvUDNxryg5eiQagXm8nvnNlg7ZA6X3JpUJvXR
XPd0ct+Fmv0PoI7bFtCngprXKB7bsHTIjXdsUOp1Yre0fNneGg==
-----END CERTIFICATE-----