Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de12834a-9370-4c63-969f-bf8eef4cd73b.roa
File:                     de12834a-9370-4c63-969f-bf8eef4cd73b.roa (raw, json)
Hash identifier:          CUmPW7Fr977f+pHaUzn73U16yYaW1QJr63/h9MuZIrw=
Subject key identifier:   C3:D4:C7:27:54:97:57:38:34:40:F1:3E:FA:19:67:82:BB:20:E5:CD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       69C78CB596833ECF79ED057B93F6DCBC67D821D3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de12834a-9370-4c63-969f-bf8eef4cd73b.roa
Signing time:             Mon 24 Mar 2025 19:30:12 +0000
ROA not before:           Mon 24 Mar 2025 19:30:12 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:4010::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:c7:8c:b5:96:83:3e:cf:79:ed:05:7b:93:f6:dc:bc:67:d8:21:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 24 19:30:12 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ef:f0:cf:6a:a9:1e:be:21:53:94:ed:16:07:
                    ef:dd:82:43:19:fd:f9:0b:94:3b:2f:51:f1:b7:a4:
                    a6:c7:1b:cc:9e:e6:dd:77:8f:89:c4:fb:a8:d7:89:
                    3f:74:31:18:49:a6:9d:23:21:8f:4a:98:19:97:96:
                    c2:2b:96:82:08:07:9e:8a:83:84:b3:17:85:28:29:
                    29:72:c6:9a:53:97:8a:be:d0:fc:99:02:de:0e:78:
                    b2:3b:d0:5a:a2:a9:c5:a7:e5:0c:29:f4:93:33:5c:
                    2e:cb:d8:4d:9f:a2:ca:21:83:17:ee:36:c1:d0:32:
                    93:db:89:cf:58:7e:c7:1b:fd:34:98:e8:d8:84:88:
                    e5:9d:56:7f:fb:46:3f:be:f1:78:67:4e:00:9a:15:
                    92:13:ae:10:da:0f:25:aa:8f:a0:fe:fe:b9:5b:54:
                    b3:f3:a1:25:a3:dc:2e:49:fe:bd:da:45:25:6d:f0:
                    83:c8:4a:ce:02:54:33:7a:1b:53:36:1d:d2:e1:00:
                    1e:1b:8f:41:a0:25:2f:98:ba:94:77:89:ef:c8:83:
                    7b:ed:ab:51:f3:25:64:ad:c5:04:ac:d6:eb:f8:4d:
                    c6:1d:0b:1c:dc:78:9c:dc:91:b5:08:73:ca:0d:3e:
                    ed:a3:d1:35:17:de:01:4b:09:54:a6:a3:10:8d:83:
                    3f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D4:C7:27:54:97:57:38:34:40:F1:3E:FA:19:67:82:BB:20:E5:CD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de12834a-9370-4c63-969f-bf8eef4cd73b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:4010::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:e5:ac:cb:b2:a2:78:e2:15:4b:fc:8b:bb:54:46:72:08:90:
         e9:28:8a:b4:10:0c:b5:ff:61:98:40:5c:96:e0:62:85:23:86:
         8b:e4:a2:b1:79:ee:86:13:a9:19:83:a3:6d:f5:41:fa:0f:9e:
         5d:d4:c2:6a:8c:4e:21:6c:62:f0:5f:00:80:57:f3:77:f8:68:
         6f:1d:5a:11:f0:ee:08:cd:a5:3a:f4:7e:47:0c:86:3a:89:ad:
         81:64:40:5e:6f:e0:cb:06:bb:6b:4f:4a:c6:5e:f9:19:b4:91:
         8d:23:11:32:6b:24:1d:45:28:6c:2a:c9:12:63:6e:fb:9b:03:
         cf:3b:5a:cd:68:75:2b:a4:5b:50:2f:48:73:ac:fa:92:2b:f9:
         f1:bf:d1:e5:7b:d5:4e:56:57:db:6a:55:f7:ae:97:6e:94:40:
         05:69:48:24:42:da:eb:b9:40:8f:a8:97:41:c3:18:db:8b:ec:
         99:82:65:13:33:c5:31:09:1c:16:35:fb:96:fb:70:92:da:0e:
         31:bd:94:f9:13:5f:a7:82:52:49:4b:4a:26:d1:bc:00:04:a5:
         e2:2e:17:f6:15:7f:2e:9f:71:9b:02:72:57:eb:f8:2c:82:5a:
         1e:26:2c:85:3d:c6:cb:a0:16:2c:fb:e7:99:8b:70:64:b4:48:
         33:f8:28:a5
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUaceMtZaDPs957QV7k/bcvGfYIdMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjQxOTMwMTJaFw0yNTA0MjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDU0ZmUzOGRjMGY1ZmFiMGQ3NzEyN2M1YjkyZGQyZDhlMGMzZDhiNzBlMGRi
NTlhOWExNTU2YjQxMWIxNTU0ZTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMbv8M9qqR6+IVOU7RYH792CQxn9+QuUOy9R8bekpscbzJ7m3XePicT7qNeJ
P3QxGEmmnSMhj0qYGZeWwiuWgggHnoqDhLMXhSgpKXLGmlOXir7Q/JkC3g54sjvQ
WqKpxaflDCn0kzNcLsvYTZ+iyiGDF+42wdAyk9uJz1h+xxv9NJjo2ISI5Z1Wf/tG
P77xeGdOAJoVkhOuENoPJaqPoP7+uVtUs/OhJaPcLkn+vdpFJW3wg8hKzgJUM3ob
UzYd0uEAHhuPQaAlL5i6lHeJ78iDe+2rUfMlZK3FBKzW6/hNxh0LHNx4nNyRtQhz
yg0+7aPRNRfeAUsJVKajEI2DP4ECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTD1Mcn
VJdXODRA8T76GWeCuyDlzTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGUxMjgzNGEtOTM3MC00YzYzLTk2OWYtYmY4ZWVmNGNkNzNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9A
EDANBgkqhkiG9w0BAQsFAAOCAQEAFuWsy7KieOIVS/yLu1RGcgiQ6SiKtBAMtf9h
mEBcluBihSOGi+SisXnuhhOpGYOjbfVB+g+eXdTCaoxOIWxi8F8AgFfzd/hobx1a
EfDuCM2lOvR+RwyGOomtgWRAXm/gywa7a09Kxl75GbSRjSMRMmskHUUobCrJEmNu
+5sDzztazWh1K6RbUC9Ic6z6kiv58b/R5XvVTlZX22pV966XbpRABWlIJELa67lA
j6iXQcMY24vsmYJlEzPFMQkcFjX7lvtwktoOMb2U+RNfp4JSSUtKJtG8AASl4i4X
9hV/Lp9xmwJyV+v4LIJaHiYshT3Gy6AWLPvnmYtwZLRIM/gopQ==
-----END CERTIFICATE-----