Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e20afb98-f3fb-45c2-9398-65129b8874f0.roa
File:                     e20afb98-f3fb-45c2-9398-65129b8874f0.roa (raw, json)
Hash identifier:          NHK78kAZqWDIylvVvMF5UKd5Or3m3SOoVNznPGZIqok=
Subject key identifier:   CB:E4:EF:E9:CA:DB:C1:2C:F5:CA:C9:DB:E9:1B:85:6A:CB:E5:2E:50
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0541BD75A688F4501A7B6305082503E43EA4CEC2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e20afb98-f3fb-45c2-9398-65129b8874f0.roa
Signing time:             Mon 31 Mar 2025 19:20:11 +0000
ROA not before:           Mon 31 Mar 2025 19:20:11 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:e0c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:41:bd:75:a6:88:f4:50:1a:7b:63:05:08:25:03:e4:3e:a4:ce:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:20:11 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d2:3a:36:c4:11:b3:69:c4:c5:43:96:e1:33:
                    f0:44:5b:37:17:1e:5f:1f:c2:7b:a2:fc:a5:27:94:
                    a0:f7:a2:14:ab:b1:f6:53:c4:08:88:c1:a0:f6:fd:
                    da:eb:42:d1:95:2e:28:e1:bc:f1:90:3a:47:8f:47:
                    8f:d8:6a:8e:e2:b4:e7:ae:75:6f:df:32:20:49:2b:
                    3f:3f:2c:f1:c6:ba:e5:df:4b:b8:d0:31:2e:be:90:
                    de:78:9a:f6:df:88:65:37:90:b1:3d:2a:df:f0:73:
                    ea:29:84:23:78:92:cf:2b:75:44:19:7e:4d:ae:34:
                    61:65:97:2b:fc:43:dd:e0:d2:f6:d8:b8:5b:df:eb:
                    51:97:dd:0a:e1:e2:95:5d:4d:02:86:9a:26:ed:9c:
                    66:7b:d4:02:84:6f:7d:eb:2a:45:61:f6:50:0b:82:
                    ff:54:6e:96:8a:f1:2c:ae:33:43:d0:14:25:4b:42:
                    d4:99:de:af:d1:d5:29:0a:d9:b8:63:71:4a:4e:9c:
                    82:4e:2c:9a:d2:db:92:5b:39:09:f4:17:f1:a4:b0:
                    39:c2:ae:a7:bc:39:e0:2c:a5:f5:8a:cc:34:59:a4:
                    0c:f9:81:f0:1e:6f:7c:16:ea:87:fe:10:99:63:a5:
                    7b:ea:ef:0f:6c:22:c4:5b:16:2a:ec:78:e9:b2:17:
                    65:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E4:EF:E9:CA:DB:C1:2C:F5:CA:C9:DB:E9:1B:85:6A:CB:E5:2E:50
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e20afb98-f3fb-45c2-9398-65129b8874f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:e0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:3d:15:aa:83:6d:fa:16:78:78:43:c6:be:e8:29:fb:13:d5:
         e9:25:95:0c:f1:67:9b:ff:db:69:4c:53:92:8d:59:a3:67:87:
         e1:d6:2b:98:61:2e:03:e5:32:5f:3f:b3:1b:d3:95:6b:1b:28:
         13:40:ea:98:17:fd:6d:2a:fc:b1:4b:d8:d0:10:22:88:06:35:
         66:24:5c:32:bf:14:1e:45:d9:79:14:cf:0b:ae:33:f7:6b:79:
         81:5e:f9:de:4a:c5:7f:f4:8c:c0:17:ec:f5:ec:f7:d7:fc:7e:
         58:ed:5f:9f:c2:c7:bf:22:72:97:07:f6:5a:d2:c2:44:10:61:
         af:50:4a:8e:96:34:62:27:6a:74:38:bc:0f:aa:b6:7f:18:a9:
         88:7e:f0:9e:ed:a0:4d:c7:d2:4d:fe:48:8a:3b:b5:35:c3:35:
         85:8d:78:60:8d:d0:f9:e9:29:0c:a3:e9:0b:29:b1:4a:85:0c:
         39:39:d0:b6:74:e3:9a:73:40:e8:db:40:9f:5f:4d:b1:64:f4:
         73:57:7e:a1:fb:c8:e9:b6:c5:b4:73:db:18:09:90:0d:20:d3:
         e8:93:85:dc:84:47:b1:5f:4a:be:46:19:50:ea:46:25:7c:55:
         3e:ab:a5:6b:4b:e4:4b:ac:96:0f:4b:cf:20:fb:0e:3b:0a:81:
         ae:bd:6c:5b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUBUG9daaI9FAae2MFCCUD5D6kzsIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTIwMTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZiNGMwM2IwNjk5OTA5MzgwZGNjNjU4OTIxNjY4NDk1N2FjNjhhYTIwNzk2
MjMzYzYzZmNjNjE2YTBjODZjM2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMrSOjbEEbNpxMVDluEz8ERbNxceXx/Ce6L8pSeUoPeiFKux9lPECIjBoPb9
2utC0ZUuKOG88ZA6R49Hj9hqjuK05651b98yIEkrPz8s8ca65d9LuNAxLr6Q3nia
9t+IZTeQsT0q3/Bz6imEI3iSzyt1RBl+Ta40YWWXK/xD3eDS9ti4W9/rUZfdCuHi
lV1NAoaaJu2cZnvUAoRvfesqRWH2UAuC/1RulorxLK4zQ9AUJUtC1Jner9HVKQrZ
uGNxSk6cgk4smtLbkls5CfQX8aSwOcKup7w54Cyl9YrMNFmkDPmB8B5vfBbqh/4Q
mWOle+rvD2wixFsWKux46bIXZYECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTL5O/p
ytvBLPXKydvpG4Vqy+UuUDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTIwYWZiOTgtZjNmYi00NWMyLTkzOTgtNjUxMjliODg3NGYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DHg
wDANBgkqhkiG9w0BAQsFAAOCAQEAlT0VqoNt+hZ4eEPGvugp+xPV6SWVDPFnm//b
aUxTko1Zo2eH4dYrmGEuA+UyXz+zG9OVaxsoE0DqmBf9bSr8sUvY0BAiiAY1ZiRc
Mr8UHkXZeRTPC64z92t5gV753krFf/SMwBfs9ez31/x+WO1fn8LHvyJylwf2WtLC
RBBhr1BKjpY0YidqdDi8D6q2fxipiH7wnu2gTcfSTf5Iiju1NcM1hY14YI3Q+ekp
DKPpCymxSoUMOTnQtnTjmnNA6NtAn19NsWT0c1d+ofvI6bbFtHPbGAmQDSDT6JOF
3IRHsV9KvkYZUOpGJXxVPqula0vkS6yWD0vPIPsOOwqBrr1sWw==
-----END CERTIFICATE-----