Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7ff0a46-4c68-43b8-be33-3f3098623685.roa
File:                     d7ff0a46-4c68-43b8-be33-3f3098623685.roa (raw, json)
Hash identifier:          nPVDR0yvJNSz9CluA97kKYLee70liPPItvFZpzPpHBg=
Subject key identifier:   96:83:FF:C2:F4:89:71:84:16:BB:35:93:7A:D0:A1:A9:53:F5:69:2B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       269FDC8BCB83D368CA44DFB68BABD4DA4A99DEC5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7ff0a46-4c68-43b8-be33-3f3098623685.roa
Signing time:             Mon 31 Mar 2025 19:10:48 +0000
ROA not before:           Mon 31 Mar 2025 19:10:48 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:80d0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:9f:dc:8b:cb:83:d3:68:ca:44:df:b6:8b:ab:d4:da:4a:99:de:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:10:48 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fc:28:e1:22:1f:56:04:32:3f:7b:ae:9c:ff:
                    56:fd:b5:6f:ec:ca:7c:62:6a:af:0b:58:04:11:b4:
                    91:2e:9a:d6:b6:ce:84:51:e6:62:f5:99:27:ce:ea:
                    df:82:a3:cf:01:4f:05:d0:da:5a:10:90:15:d8:20:
                    8a:c7:b2:71:91:c9:03:ed:26:42:09:63:67:5b:2d:
                    98:21:25:66:b1:70:47:67:a8:b6:d7:49:2f:1b:ed:
                    a6:44:45:f0:34:e8:2f:3b:59:fa:30:95:b3:b2:f4:
                    0c:39:38:60:60:c5:af:6f:17:0a:e4:02:11:a4:f3:
                    bc:c9:85:a3:cc:8a:bd:2d:96:87:e5:09:e0:ac:8a:
                    98:5f:0e:c3:86:cc:dd:df:1c:b8:68:cc:f4:bd:7c:
                    90:d5:a2:03:c7:ee:42:01:37:51:55:57:92:70:e2:
                    66:d8:1d:45:01:64:05:b3:65:d8:e8:fc:e0:80:0b:
                    36:71:1a:05:32:3d:29:8f:85:62:e0:41:b3:21:c4:
                    a3:92:c3:13:6b:90:c2:a6:e5:1e:26:23:9f:37:44:
                    81:51:bd:29:96:f2:17:79:d2:73:b3:6d:e9:09:4f:
                    4e:35:be:7c:82:03:eb:b8:3b:1e:25:13:17:22:7c:
                    c4:db:fd:43:28:3b:3f:99:aa:94:1c:29:0d:57:d5:
                    e4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:83:FF:C2:F4:89:71:84:16:BB:35:93:7A:D0:A1:A9:53:F5:69:2B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7ff0a46-4c68-43b8-be33-3f3098623685.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:80d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:c0:3b:17:42:1c:a2:e2:ab:ca:d8:d2:54:da:56:44:17:7e:
         03:0e:33:32:05:f7:50:c5:d0:ba:9a:04:96:9c:8b:b1:b9:31:
         c5:7d:87:61:e7:59:66:ba:77:b6:61:72:71:06:cc:4f:68:74:
         da:51:2d:5d:38:39:e2:cd:d6:31:76:1e:5d:07:e7:37:90:84:
         ce:da:c8:d7:9e:c7:92:ab:83:0a:13:c0:89:27:3e:8b:08:ff:
         03:c2:b8:50:0c:a8:9b:ba:40:ca:88:83:c1:a3:7e:1f:34:67:
         6a:34:a4:7d:32:93:f5:bf:6a:8e:30:fb:8b:dc:74:47:10:1e:
         35:e4:f6:5d:10:99:ee:c0:57:69:e3:b6:09:e1:55:16:03:8c:
         e2:32:b9:a9:3e:d0:41:08:c9:4f:77:56:60:91:49:9d:d6:24:
         89:f8:a2:16:b9:d8:17:c8:c8:31:9a:70:0a:f5:af:0c:0f:e5:
         91:88:01:13:f8:56:1b:16:df:76:8e:f9:6f:55:1e:55:75:48:
         1b:fe:76:4b:c6:ad:04:b2:f5:ad:75:62:89:68:fa:df:d0:6a:
         b8:8b:ec:d7:bc:ae:2b:15:29:8c:0c:b1:61:f7:92:0e:2a:70:
         db:50:7a:81:1d:f9:36:16:1c:8d:2d:94:48:92:59:d1:f7:66:
         35:0f:db:b9
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJp/ci8uD02jKRN+2i6vU2kqZ3sUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTEwNDhaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhmYmE0ODA4NTYxYmM2YzViNzQ0ZTk4NTI4MWJkMTMzMThlNmUyYmI0MzZh
MjAyNWFkOGYwYzA5NTY5MjdkYTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM38KOEiH1YEMj97rpz/Vv21b+zKfGJqrwtYBBG0kS6a1rbOhFHmYvWZJ87q
34KjzwFPBdDaWhCQFdggiseycZHJA+0mQgljZ1stmCElZrFwR2eottdJLxvtpkRF
8DToLztZ+jCVs7L0DDk4YGDFr28XCuQCEaTzvMmFo8yKvS2Wh+UJ4KyKmF8Ow4bM
3d8cuGjM9L18kNWiA8fuQgE3UVVXknDiZtgdRQFkBbNl2Oj84IALNnEaBTI9KY+F
YuBBsyHEo5LDE2uQwqblHiYjnzdEgVG9KZbyF3nSc7Nt6QlPTjW+fIID67g7HiUT
FyJ8xNv9Qyg7P5mqlBwpDVfV5G8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSWg//C
9IlxhBa7NZN60KGpU/VpKzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDdmZjBhNDYtNGM2OC00M2I4LWJlMzMtM2YzMDk4NjIzNjg1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
0DANBgkqhkiG9w0BAQsFAAOCAQEAA8A7F0IcouKrytjSVNpWRBd+Aw4zMgX3UMXQ
upoElpyLsbkxxX2HYedZZrp3tmFycQbMT2h02lEtXTg54s3WMXYeXQfnN5CEztrI
157HkquDChPAiSc+iwj/A8K4UAyom7pAyoiDwaN+HzRnajSkfTKT9b9qjjD7i9x0
RxAeNeT2XRCZ7sBXaeO2CeFVFgOM4jK5qT7QQQjJT3dWYJFJndYkifiiFrnYF8jI
MZpwCvWvDA/lkYgBE/hWGxbfdo75b1UeVXVIG/52S8atBLL1rXViiWj639BquIvs
17yuKxUpjAyxYfeSDipw21B6gR35NhYcjS2USJJZ0fdmNQ/buQ==
-----END CERTIFICATE-----