Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b19956-9202-4e71-9bee-fdbb4c52bb6e.roa
File:                     d2b19956-9202-4e71-9bee-fdbb4c52bb6e.roa (raw, json)
Hash identifier:          +gWlrAyI2TyQ+1SUe6PGroSqv1Jty+AtUKkiwykxhjg=
Subject key identifier:   AB:03:D1:D8:08:7A:D1:81:EF:A6:A1:E5:15:E8:F0:26:A3:E7:3E:1B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       48260062EE8B7E8A79B4743FF10D20483D999EC7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b19956-9202-4e71-9bee-fdbb4c52bb6e.roa
Signing time:             Wed 26 Mar 2025 19:23:34 +0000
ROA not before:           Wed 26 Mar 2025 19:23:34 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:26:00:62:ee:8b:7e:8a:79:b4:74:3f:f1:0d:20:48:3d:99:9e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:23:34 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:44:5b:64:68:36:c3:54:4e:b3:33:ef:1b:dc:
                    0e:df:36:37:f5:c0:a5:0d:0f:39:dd:22:82:33:45:
                    28:f5:52:6a:ed:50:ed:88:1e:c0:f8:4b:69:f5:21:
                    11:23:f3:39:2a:95:2f:c7:32:bb:14:97:87:8a:88:
                    1d:04:d0:f0:bd:5e:7c:7e:06:e7:5c:43:85:09:20:
                    25:75:16:89:5a:45:c3:31:66:a6:dd:dd:21:59:9e:
                    71:ee:2c:da:3a:61:89:5a:f7:8f:f4:10:c3:6c:9f:
                    59:4e:eb:68:a1:10:90:c9:f4:45:ee:0f:e6:50:27:
                    b2:84:80:41:09:59:0e:10:98:88:d3:47:6f:5e:58:
                    c0:49:97:10:62:44:d1:ac:b1:da:32:ac:78:c8:3f:
                    8a:72:ec:65:61:ab:c6:be:34:a3:72:16:21:17:83:
                    d8:c1:fe:6a:87:9a:54:66:47:34:9f:72:ed:21:a1:
                    b4:2c:56:02:74:cc:4f:85:df:1e:31:a6:34:41:76:
                    a4:37:0c:49:ce:06:bf:da:67:02:61:7d:f2:34:88:
                    55:27:30:78:1b:c5:c6:a2:b0:6e:14:f5:4c:c1:67:
                    3f:fe:e8:77:f1:ff:ff:ed:6f:50:a0:f9:c8:2a:3d:
                    4f:4b:8c:ba:5b:4f:5b:68:ec:b4:5e:c6:92:ba:1c:
                    a4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:03:D1:D8:08:7A:D1:81:EF:A6:A1:E5:15:E8:F0:26:A3:E7:3E:1B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b19956-9202-4e71-9bee-fdbb4c52bb6e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         84:75:92:31:60:d1:29:ca:5a:6f:aa:9f:80:cd:fc:a5:9a:fb:
         e6:a3:0c:69:fb:68:13:66:1b:0c:a3:48:e0:d9:23:56:e7:73:
         32:7f:6e:f4:23:3e:58:8d:bf:4c:53:97:bb:13:ed:56:79:61:
         8f:20:ac:1f:6d:6f:fe:00:43:f0:96:ee:90:94:22:0b:0b:2d:
         54:ee:ea:99:44:a7:b7:d5:8a:8f:e0:8d:91:67:65:cc:b4:43:
         42:a0:e4:56:cf:ba:17:9c:20:b0:1a:bd:07:8a:2c:26:26:6e:
         5b:d8:8e:6b:ee:dc:6a:39:01:49:bf:fd:bb:c3:42:f9:36:e8:
         80:4f:23:a9:15:62:f8:03:ae:95:c8:24:dc:0f:94:c8:24:54:
         a0:ef:50:44:fb:bc:9e:7d:cb:70:d5:45:5e:1b:3e:4a:d8:b6:
         9d:55:f6:8c:9e:a4:23:47:8a:9e:cd:6c:36:88:be:e7:00:8d:
         4f:c7:a7:f2:c2:32:32:87:65:85:ef:ee:e7:15:b9:a4:c0:9f:
         c9:03:63:78:82:83:03:73:f2:99:d5:6d:e9:2e:13:60:a3:1b:
         99:8a:a8:4c:97:56:96:c9:16:b6:31:96:86:dc:6c:ed:9c:59:
         a4:34:06:62:0c:f9:ae:20:cc:a8:58:b7:c9:f4:08:c3:ad:02:
         da:d0:e8:b0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSCYAYu6Lfop5tHQ/8Q0gSD2ZnscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTIzMzRaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDI0OWUzZmRkM2U2MjhlYzQ4ZTNmMzg0Yjc1YWUwMGZkMDFmYjIxNDU0Mzkx
OTZkZmNlNDk1MDNkZGQzYjE0N2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMtEW2RoNsNUTrMz7xvcDt82N/XApQ0POd0igjNFKPVSau1Q7YgewPhLafUh
ESPzOSqVL8cyuxSXh4qIHQTQ8L1efH4G51xDhQkgJXUWiVpFwzFmpt3dIVmece4s
2jphiVr3j/QQw2yfWU7raKEQkMn0Re4P5lAnsoSAQQlZDhCYiNNHb15YwEmXEGJE
0ayx2jKseMg/inLsZWGrxr40o3IWIReD2MH+aoeaVGZHNJ9y7SGhtCxWAnTMT4Xf
HjGmNEF2pDcMSc4Gv9pnAmF98jSIVScweBvFxqKwbhT1TMFnP/7od/H//+1vUKD5
yCo9T0uMultPW2jstF7GkrocpC0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSrA9HY
CHrRge+moeUV6PAmo+c+GzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDJiMTk5NTYtOTIwMi00ZTcxLTliZWUtZmRiYjRjNTJiYjZlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DEI
MA0GCSqGSIb3DQEBCwUAA4IBAQCEdZIxYNEpylpvqp+Azfylmvvmowxp+2gTZhsM
o0jg2SNW53Myf270Iz5Yjb9MU5e7E+1WeWGPIKwfbW/+AEPwlu6QlCILCy1U7uqZ
RKe31YqP4I2RZ2XMtENCoORWz7oXnCCwGr0HiiwmJm5b2I5r7txqOQFJv/27w0L5
NuiATyOpFWL4A66VyCTcD5TIJFSg71BE+7yefctw1UVeGz5K2LadVfaMnqQjR4qe
zWw2iL7nAI1Px6fywjIyh2WF7+7nFbmkwJ/JA2N4goMDc/KZ1W3pLhNgoxuZiqhM
l1aWyRa2MZaG3GztnFmkNAZiDPmuIMyoWLfJ9AjDrQLa0Oiw
-----END CERTIFICATE-----