Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ddbe6491-8b72-4a7b-a538-1d2f7866c8e3.roa
File:                     ddbe6491-8b72-4a7b-a538-1d2f7866c8e3.roa (raw, json)
Hash identifier:          wXE94Zi+dGwKTC0Kk5yFI1u2jtIKmaE3jA+Qkp+pJaQ=
Subject key identifier:   BB:F3:78:D3:03:BE:B0:CD:A1:64:9E:4F:07:A3:DD:19:4F:CD:EA:5F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1DBC02F6ADD52C97994941912D25FC676AE4793F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ddbe6491-8b72-4a7b-a538-1d2f7866c8e3.roa
Signing time:             Mon 31 Mar 2025 20:31:02 +0000
ROA not before:           Mon 31 Mar 2025 20:31:02 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:1040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:bc:02:f6:ad:d5:2c:97:99:49:41:91:2d:25:fc:67:6a:e4:79:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:02 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f7:74:f3:71:31:22:56:a7:02:75:49:6a:98:
                    6d:4c:3b:4f:2e:1d:18:cc:bf:49:d3:e4:1a:e6:25:
                    72:96:65:4f:36:f4:12:93:56:a4:0a:57:a5:70:35:
                    75:0e:9e:36:30:56:0e:72:ff:6d:7d:19:71:71:d1:
                    6e:02:a5:6f:c5:87:ee:01:29:dc:b8:79:64:ea:b1:
                    60:34:ab:1c:1d:9c:b1:c5:23:33:22:80:c4:00:40:
                    bf:d5:43:f4:1f:f4:ec:9f:27:5b:90:ad:f7:a6:46:
                    a3:4c:ca:c7:ad:98:43:2a:77:56:2d:71:d0:83:c5:
                    aa:50:a2:71:67:f6:ce:1d:f7:ba:0e:5c:3e:67:31:
                    48:21:17:46:b2:55:02:20:51:b7:b9:35:f7:ec:d8:
                    e8:09:e1:5e:98:ae:15:6f:50:ed:ea:7f:9d:54:16:
                    ce:11:f4:c9:81:91:ec:45:5e:43:08:e8:ef:bf:11:
                    2f:16:62:fd:5d:c2:09:7a:ae:52:cc:1f:4f:c0:60:
                    9b:ea:60:51:2c:51:85:6b:21:07:95:07:84:0c:fd:
                    d3:d1:d6:d1:0d:ff:0f:5b:ce:90:ac:a5:31:6c:f4:
                    2c:fb:6a:ec:ff:3f:4d:67:02:bf:84:3e:12:30:ae:
                    ea:d3:78:28:fd:2b:09:af:68:1d:92:0a:85:67:27:
                    7d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:F3:78:D3:03:BE:B0:CD:A1:64:9E:4F:07:A3:DD:19:4F:CD:EA:5F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ddbe6491-8b72-4a7b-a538-1d2f7866c8e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:1040::/46

    Signature Algorithm: sha256WithRSAEncryption
         b0:84:3f:9b:f0:26:b5:83:e4:3b:35:87:32:b8:3b:07:23:46:
         a0:4f:73:14:3e:60:d5:da:94:6a:dd:62:72:ea:28:13:3e:51:
         cf:6d:45:2e:00:84:a6:e5:ba:04:f0:7f:7d:7c:90:b9:4d:45:
         38:5b:bb:34:86:d8:23:ba:c7:fb:d3:d6:ea:b9:9a:1b:63:5b:
         1f:79:7d:c2:ab:3e:4b:78:4a:dc:c5:cb:1f:e2:b8:f4:3e:03:
         e8:a9:fd:64:bb:57:99:02:a8:04:15:9f:97:9e:dc:75:00:93:
         a6:e2:2b:6c:33:c0:2d:a5:b3:53:e9:73:31:b3:e9:f0:c0:31:
         a6:23:5a:ef:5b:65:29:96:2a:e8:ab:36:97:69:19:03:d5:15:
         fe:49:03:31:1e:ba:81:27:dd:47:a4:e2:1f:a7:b2:80:7f:5e:
         63:d5:b9:85:dc:35:69:23:26:82:51:4e:34:17:fb:08:a0:70:
         ef:13:71:21:15:b5:45:e8:fd:bd:fb:3c:7a:4c:d9:d7:eb:d8:
         e6:84:0a:ce:61:dc:d8:7c:2c:4e:45:97:0d:87:55:1b:a4:10:
         f5:d7:76:38:4a:d3:64:c1:96:7c:fd:e5:9d:bf:60:28:9d:f2:
         a5:60:5f:dc:2a:fb:d1:9d:cc:40:bf:71:5d:58:99:7a:95:ad:
         7c:a2:be:4e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUHbwC9q3VLJeZSUGRLSX8Z2rkeT8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxMDJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFkNDNlMjM3YTViNmQ5ZDA5MTIwNGVkZTdkMzBhMWY0ZmViOGI0Y2Y0MDBl
YTU1YTFjY2Q4ZjQ2ZmFiMDE2Y2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJv3dPNxMSJWpwJ1SWqYbUw7Ty4dGMy/SdPkGuYlcpZlTzb0EpNWpApXpXA1
dQ6eNjBWDnL/bX0ZcXHRbgKlb8WH7gEp3Lh5ZOqxYDSrHB2cscUjMyKAxABAv9VD
9B/07J8nW5Ct96ZGo0zKx62YQyp3Vi1x0IPFqlCicWf2zh33ug5cPmcxSCEXRrJV
AiBRt7k19+zY6AnhXpiuFW9Q7ep/nVQWzhH0yYGR7EVeQwjo778RLxZi/V3CCXqu
UswfT8Bgm+pgUSxRhWshB5UHhAz909HW0Q3/D1vOkKylMWz0LPtq7P8/TWcCv4Q+
EjCu6tN4KP0rCa9oHZIKhWcnfeMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS783jT
A76wzaFknk8Ho90ZT83qXzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGRiZTY0OTEtOGI3Mi00YTdiLWE1MzgtMWQyZjc4NjZjOGUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DUQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAsIQ/m/AmtYPkOzWHMrg7ByNGoE9zFD5g1dqU
at1icuooEz5Rz21FLgCEpuW6BPB/fXyQuU1FOFu7NIbYI7rH+9PW6rmaG2NbH3l9
wqs+S3hK3MXLH+K49D4D6Kn9ZLtXmQKoBBWfl57cdQCTpuIrbDPALaWzU+lzMbPp
8MAxpiNa71tlKZYq6Ks2l2kZA9UV/kkDMR66gSfdR6TiH6eygH9eY9W5hdw1aSMm
glFONBf7CKBw7xNxIRW1Rej9vfs8ekzZ1+vY5oQKzmHc2HwsTkWXDYdVG6QQ9dd2
OErTZMGWfP3lnb9gKJ3ypWBf3Cr70Z3MQL9xXViZepWtfKK+Tg==
-----END CERTIFICATE-----