Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d4797699-eef4-401b-a6e7-1f5cf1f3e7de.roa
File:                     d4797699-eef4-401b-a6e7-1f5cf1f3e7de.roa (raw, json)
Hash identifier:          UxnVtNTtbxIaktLoSI7HSFv/X15m/2t+zWbwqNCqrh4=
Subject key identifier:   74:DD:0A:7E:53:82:63:98:B6:A0:6D:C9:25:5F:35:E0:A2:33:F5:AE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2E031A058F29081AA80B9FC92B0228DB382887EE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d4797699-eef4-401b-a6e7-1f5cf1f3e7de.roa
Signing time:             Mon 31 Mar 2025 19:10:51 +0000
ROA not before:           Mon 31 Mar 2025 19:10:51 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d074:9040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:03:1a:05:8f:29:08:1a:a8:0b:9f:c9:2b:02:28:db:38:28:87:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:10:51 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:22:af:74:d2:85:95:0b:a7:bb:28:27:9f:1a:
                    f1:55:2d:ad:86:36:32:03:43:01:42:a1:cc:3b:59:
                    df:25:c3:a3:ed:7a:ef:1f:97:df:3e:fb:83:bc:4d:
                    fa:5c:4f:cf:91:a9:ba:b9:82:fe:dc:31:45:15:50:
                    77:43:92:ce:bd:ec:cd:ac:03:9a:c0:93:a3:91:50:
                    06:5d:2a:85:84:21:8f:04:e8:63:ff:9c:b2:ed:61:
                    40:ab:67:09:70:21:c1:b0:a7:48:8e:89:5f:b4:63:
                    ae:e1:7c:9c:1e:5b:31:47:42:92:84:89:ee:fb:50:
                    2d:db:51:8a:c7:cd:0f:39:99:1d:5d:f8:eb:5c:57:
                    22:54:2b:71:97:d5:05:79:ef:bb:b2:90:17:ff:90:
                    5b:ef:99:70:c9:7b:45:a6:f8:2d:be:4a:99:bd:42:
                    6a:5d:3f:b5:03:d0:ba:e3:49:4d:52:a6:75:39:ba:
                    85:fc:b0:90:17:35:07:b7:5c:a4:61:97:59:ff:62:
                    1e:90:76:ee:d4:15:95:6c:79:1a:66:97:ec:7e:95:
                    23:fe:86:6e:ca:6f:8a:63:c3:cb:90:9d:34:92:94:
                    d9:91:93:75:33:d6:69:78:bc:7b:e3:95:0b:54:5b:
                    76:5a:1d:5b:e7:00:68:22:59:6f:08:83:26:3f:83:
                    b3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:DD:0A:7E:53:82:63:98:B6:A0:6D:C9:25:5F:35:E0:A2:33:F5:AE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d4797699-eef4-401b-a6e7-1f5cf1f3e7de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:9040::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:a5:77:ef:e1:61:0a:55:91:54:4d:fd:86:14:71:ed:be:ec:
         4f:d2:3d:eb:db:26:6a:86:2f:6b:b9:12:c0:27:c3:ed:37:b1:
         20:38:8b:d4:85:58:11:32:cb:51:f9:76:fd:e6:c6:0a:84:6c:
         11:4a:9d:a3:d7:66:9c:a7:18:4a:79:7f:f7:10:b0:73:7b:63:
         47:cc:75:68:1d:4b:94:f7:a1:67:9c:ed:cb:6c:b3:f5:fc:af:
         89:01:4b:fc:88:c8:64:e8:82:94:ba:4f:98:e2:93:d9:e0:84:
         ea:4f:e3:56:7c:40:21:04:54:17:f4:67:1e:5e:5b:0a:95:25:
         66:5b:86:ba:0c:96:d5:03:00:0b:46:c3:08:45:cb:cd:66:76:
         f3:01:ed:da:df:59:12:d0:49:6a:c2:93:f7:30:40:ba:a5:20:
         fd:65:98:86:fe:ac:d8:a3:b8:7a:c5:27:df:12:9b:71:6f:7b:
         a0:6d:e9:8d:71:c5:d5:40:37:c3:36:b9:43:a6:6b:5e:db:c1:
         dd:f6:d3:1f:6a:50:d0:c5:66:ba:70:7b:9f:e3:31:b2:cc:f3:
         b3:46:f4:02:67:f2:0e:de:a8:e4:9f:73:8d:a4:7c:bf:5f:92:
         78:0f:0a:ae:f1:e1:f0:87:fd:ca:3f:ec:32:86:84:62:01:31:
         cb:16:d6:1a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULgMaBY8pCBqoC5/JKwIo2zgoh+4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTEwNTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJhYTE5YzcyZDA3ZmQzOTdiMjA3OGFjZmVkYmE5N2M3NmYxOTI2NWY0MzJi
Nzg0ZTQ0ZTlkZDc1ZmEyMDc0YWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL4ir3TShZULp7soJ58a8VUtrYY2MgNDAUKhzDtZ3yXDo+167x+X3z77g7xN
+lxPz5GpurmC/twxRRVQd0OSzr3szawDmsCTo5FQBl0qhYQhjwToY/+csu1hQKtn
CXAhwbCnSI6JX7RjruF8nB5bMUdCkoSJ7vtQLdtRisfNDzmZHV3461xXIlQrcZfV
BXnvu7KQF/+QW++ZcMl7Rab4Lb5Kmb1Cal0/tQPQuuNJTVKmdTm6hfywkBc1B7dc
pGGXWf9iHpB27tQVlWx5GmaX7H6VI/6GbspvimPDy5CdNJKU2ZGTdTPWaXi8e+OV
C1RbdlodW+cAaCJZbwiDJj+Ds0sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR03Qp+
U4JjmLagbcklXzXgojP1rjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDQ3OTc2OTktZWVmNC00MDFiLWE2ZTctMWY1Y2YxZjNlN2RlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HSQ
QDANBgkqhkiG9w0BAQsFAAOCAQEADaV37+FhClWRVE39hhRx7b7sT9I969smaoYv
a7kSwCfD7TexIDiL1IVYETLLUfl2/ebGCoRsEUqdo9dmnKcYSnl/9xCwc3tjR8x1
aB1LlPehZ5zty2yz9fyviQFL/IjIZOiClLpPmOKT2eCE6k/jVnxAIQRUF/RnHl5b
CpUlZluGugyW1QMAC0bDCEXLzWZ28wHt2t9ZEtBJasKT9zBAuqUg/WWYhv6s2KO4
esUn3xKbcW97oG3pjXHF1UA3wza5Q6ZrXtvB3fbTH2pQ0MVmunB7n+Mxsszzs0b0
AmfyDt6o5J9zjaR8v1+SeA8KrvHh8If9yj/sMoaEYgExyxbWGg==
-----END CERTIFICATE-----