Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfe315e6-c630-48bd-8de5-23eee0ad40cd.roa
File:                     cfe315e6-c630-48bd-8de5-23eee0ad40cd.roa (raw, json)
Hash identifier:          +y62h7bBqQqfzn8d4/K3bUddhdiI3oM3nIpZ616/JCU=
Subject key identifier:   CA:AE:62:83:4C:3F:80:D7:48:09:35:AC:D8:F7:A7:19:F3:31:67:E5
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       63EC3A99980DB98028914C30787D82D5C8844E1E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfe315e6-c630-48bd-8de5-23eee0ad40cd.roa
Signing time:             Mon 31 Mar 2025 19:10:44 +0000
ROA not before:           Mon 31 Mar 2025 19:10:44 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:8020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:ec:3a:99:98:0d:b9:80:28:91:4c:30:78:7d:82:d5:c8:84:4e:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:10:44 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1d:bc:e9:f4:e7:ed:b8:b7:57:82:ef:60:a0:
                    df:00:08:e1:c7:47:40:0e:c6:28:d7:8e:6a:ad:fa:
                    35:8a:8b:49:bf:8b:ef:d3:33:83:67:b4:08:74:60:
                    37:51:59:65:50:68:79:cc:0e:42:b7:ad:d7:c6:a3:
                    ff:65:bb:a3:a6:fb:65:dc:87:3b:16:d6:bc:ff:cc:
                    80:8e:6a:cc:6e:5a:e2:bf:2a:35:c0:aa:b8:95:a3:
                    c1:2d:77:ac:2a:e3:92:2e:11:e5:19:74:bd:df:8b:
                    08:3f:ac:c4:e0:6d:16:37:f4:6a:1f:03:d4:03:7c:
                    14:c7:44:2b:d9:3c:a3:d8:40:cc:aa:a3:e1:71:ea:
                    63:14:9f:fe:73:91:6f:f4:ef:44:74:98:40:f6:4f:
                    91:8a:8c:8a:b3:0c:fe:96:67:57:dc:e4:38:0b:88:
                    72:d2:49:f8:0a:e4:48:d6:c1:9c:f1:31:14:dc:16:
                    a3:a9:0e:3c:69:33:e0:be:af:42:44:9f:ed:2d:a6:
                    55:c2:8d:98:f6:98:d5:71:ec:e9:38:06:f2:10:b8:
                    89:37:75:b1:f1:01:84:2e:f6:5c:56:e6:7e:c2:75:
                    9f:2f:d7:68:75:34:cd:58:61:d0:41:51:fb:a8:90:
                    37:ce:b5:d6:a7:98:9c:d6:f3:a8:db:f6:d1:fb:23:
                    9f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:AE:62:83:4C:3F:80:D7:48:09:35:AC:D8:F7:A7:19:F3:31:67:E5
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfe315e6-c630-48bd-8de5-23eee0ad40cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:c6:a6:1a:f9:58:70:db:ca:7c:60:d9:9e:d9:28:bc:f8:60:
         ea:fb:cf:b8:65:ee:e4:8d:dd:a9:6c:41:80:da:2c:d3:da:39:
         e4:d5:09:3f:2c:46:f9:57:52:40:29:80:90:d1:64:16:c3:9c:
         fc:c9:db:4b:e8:c1:f4:33:d5:75:98:7e:68:50:1b:46:66:68:
         4c:ab:1b:d3:08:6e:8b:ca:92:ab:f7:c6:9b:d1:b3:1c:6b:59:
         ee:74:f3:8c:a5:05:72:38:8d:d7:9f:70:6f:0e:7e:e3:e3:ab:
         f3:f2:f1:3b:11:af:d8:3d:fa:62:1a:70:d9:40:af:ea:6c:a0:
         d8:2a:3c:f5:c1:39:2a:b2:23:a0:6c:50:58:1b:9f:d1:57:df:
         47:54:d4:2d:05:9d:ef:54:60:8f:7d:1a:04:4c:6b:c9:62:b7:
         da:19:61:c9:88:f7:e3:06:d0:bb:30:4d:29:b7:09:d5:11:88:
         18:7f:ce:71:c4:d9:e0:31:4a:2d:24:73:a0:26:09:48:26:7d:
         bd:41:60:6e:6e:85:b9:98:73:c8:c7:d7:5c:82:5f:16:09:4c:
         58:90:b2:b9:1a:19:0a:e5:a5:f9:6c:dd:9e:48:cf:6f:ea:94:
         41:ef:47:54:eb:db:a2:b0:41:52:42:33:d0:75:1b:64:dd:f0:
         55:56:79:55
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUY+w6mZgNuYAokUwweH2C1ciETh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTEwNDRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDI4MDRhMzYzMTg4OTVjN2IwMjE4YjkzZWVhMDA0Y2QxZmViYjE2MzY2NDZh
NzRkNzZkMWU1YjY1NjUzYmQwMGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN8dvOn05+24t1eC72Cg3wAI4cdHQA7GKNeOaq36NYqLSb+L79Mzg2e0CHRg
N1FZZVBoecwOQret18aj/2W7o6b7ZdyHOxbWvP/MgI5qzG5a4r8qNcCquJWjwS13
rCrjki4R5Rl0vd+LCD+sxOBtFjf0ah8D1AN8FMdEK9k8o9hAzKqj4XHqYxSf/nOR
b/TvRHSYQPZPkYqMirMM/pZnV9zkOAuIctJJ+ArkSNbBnPExFNwWo6kOPGkz4L6v
QkSf7S2mVcKNmPaY1XHs6TgG8hC4iTd1sfEBhC72XFbmfsJ1ny/XaHU0zVhh0EFR
+6iQN8611qeYnNbzqNv20fsjn30CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTKrmKD
TD+A10gJNazY96cZ8zFn5TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2ZlMzE1ZTYtYzYzMC00OGJkLThkZTUtMjNlZWUwYWQ0MGNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGA
IDANBgkqhkiG9w0BAQsFAAOCAQEAH8amGvlYcNvKfGDZntkovPhg6vvPuGXu5I3d
qWxBgNos09o55NUJPyxG+VdSQCmAkNFkFsOc/MnbS+jB9DPVdZh+aFAbRmZoTKsb
0whui8qSq/fGm9GzHGtZ7nTzjKUFcjiN159wbw5+4+Or8/LxOxGv2D36Yhpw2UCv
6myg2Co89cE5KrIjoGxQWBuf0VffR1TULQWd71Rgj30aBExryWK32hlhyYj34wbQ
uzBNKbcJ1RGIGH/OccTZ4DFKLSRzoCYJSCZ9vUFgbm6FuZhzyMfXXIJfFglMWJCy
uRoZCuWl+WzdnkjPb+qUQe9HVOvborBBUkIz0HUbZN3wVVZ5VQ==
-----END CERTIFICATE-----