Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e396d806-dffa-4609-8ae4-1e8fdbde728e.roa
File:                     e396d806-dffa-4609-8ae4-1e8fdbde728e.roa (raw, json)
Hash identifier:          ITw7wxhnWuTJHt1ojdD2AjfBNq6P2fP03I2LZTBxn9M=
Subject key identifier:   EE:B1:BC:55:6E:82:B7:12:11:59:1A:98:75:30:9C:64:70:96:4B:55
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       13872A1B5F4F77A30FA71B3E3B91F2DE48973914
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e396d806-dffa-4609-8ae4-1e8fdbde728e.roa
Signing time:             Mon 31 Mar 2025 19:21:02 +0000
ROA not before:           Mon 31 Mar 2025 19:21:02 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:a0c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:87:2a:1b:5f:4f:77:a3:0f:a7:1b:3e:3b:91:f2:de:48:97:39:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:21:02 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9b:6f:3a:69:43:22:95:cb:1b:57:72:d6:dc:
                    8e:07:f6:cc:8e:60:cf:90:45:14:b9:42:51:6b:51:
                    db:98:4b:a4:f3:97:d8:13:11:c7:35:80:7c:a4:12:
                    74:1c:8d:12:22:dc:6e:9e:bb:9c:bb:20:ec:de:15:
                    ae:22:d3:70:91:a1:bf:a5:ce:cb:14:72:0e:35:95:
                    e6:6c:b3:eb:d3:31:16:e7:25:ef:fc:cf:c5:18:32:
                    98:cb:b4:6d:9a:12:79:3f:9a:6f:eb:e5:95:e0:7c:
                    b5:9c:45:ec:d3:ff:d5:d8:37:ea:7e:fc:9f:53:8c:
                    fd:fa:2a:00:02:5d:73:d3:29:45:54:62:53:e0:f4:
                    3a:00:15:82:c6:0c:7a:ee:64:0d:ee:98:8f:82:d3:
                    ba:34:79:4c:6b:b5:91:6b:09:29:98:35:28:da:bf:
                    e6:a9:3d:9a:32:b0:23:36:ee:3a:2a:0b:2e:6a:44:
                    4b:f8:da:2a:2b:13:22:1a:4f:61:e3:89:c3:f8:88:
                    44:6f:cd:ac:4f:e3:93:d5:59:fe:76:74:36:c5:38:
                    34:06:f0:b4:0e:12:12:f1:f0:92:01:d2:cb:cd:f4:
                    15:07:0b:c4:c8:24:e7:f9:eb:0b:38:bd:84:26:4a:
                    4d:78:7a:9e:db:29:59:ba:ba:60:96:3e:93:7d:60:
                    f3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B1:BC:55:6E:82:B7:12:11:59:1A:98:75:30:9C:64:70:96:4B:55
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e396d806-dffa-4609-8ae4-1e8fdbde728e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:a0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:92:02:b9:6b:87:9b:af:9d:36:2b:22:15:05:cb:ed:88:ae:
         d8:11:52:1c:bf:7e:0b:4f:6a:9c:85:50:61:48:17:89:be:0f:
         d5:8a:29:41:6d:19:78:45:fd:84:ca:5e:8e:d0:5b:41:28:16:
         b9:98:9d:ab:ca:05:66:c9:9f:8c:a7:db:20:07:a2:bd:af:c2:
         99:11:ce:15:e2:40:ce:3b:82:ee:dd:15:d2:78:5a:bc:f0:0c:
         91:d3:43:45:47:bd:aa:a3:67:b6:91:c6:84:0d:a0:c2:4e:94:
         79:ad:2b:68:9a:b0:10:78:0a:65:63:ff:a0:84:b5:e9:4f:2d:
         99:4e:39:e9:2d:0d:95:18:bf:46:39:35:42:47:07:e2:af:19:
         53:a8:ac:f2:a3:e4:13:5c:44:91:3a:13:49:19:b1:e7:31:d9:
         e4:d4:96:42:c9:b4:86:e2:66:a7:d5:2d:a2:b6:aa:58:2b:52:
         4d:f5:b5:2c:6e:11:e7:79:21:d8:4f:80:1b:ce:0d:cf:2c:14:
         ae:41:cd:40:73:5a:78:5b:fb:48:7d:4d:d0:c4:15:13:ad:ca:
         3a:23:16:0e:ef:39:24:73:2c:ae:61:96:99:6b:14:38:82:76:
         b7:a4:52:01:36:9f:ee:fa:f5:31:a0:0d:7e:11:7c:c9:09:c1:
         35:11:b3:59
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUE4cqG19Pd6MPpxs+O5Hy3kiXORQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTIxMDJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiM2JmOTIwNGRhMmViYzUyNTNjMWJjOWJlNWQ1YWNkN2VlY2U4NWQzY2Fh
Mjg5MTk5YTlkNTlkODdmMWY0MmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKKbbzppQyKVyxtXctbcjgf2zI5gz5BFFLlCUWtR25hLpPOX2BMRxzWAfKQS
dByNEiLcbp67nLsg7N4VriLTcJGhv6XOyxRyDjWV5myz69MxFucl7/zPxRgymMu0
bZoSeT+ab+vlleB8tZxF7NP/1dg36n78n1OM/foqAAJdc9MpRVRiU+D0OgAVgsYM
eu5kDe6Yj4LTujR5TGu1kWsJKZg1KNq/5qk9mjKwIzbuOioLLmpES/jaKisTIhpP
YeOJw/iIRG/NrE/jk9VZ/nZ0NsU4NAbwtA4SEvHwkgHSy830FQcLxMgk5/nrCzi9
hCZKTXh6ntspWbq6YJY+k31g8xcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTusbxV
boK3EhFZGph1MJxkcJZLVTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTM5NmQ4MDYtZGZmYS00NjA5LThhZTQtMWU4ZmRiZGU3MjhlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKg
wDANBgkqhkiG9w0BAQsFAAOCAQEAVpICuWuHm6+dNisiFQXL7Yiu2BFSHL9+C09q
nIVQYUgXib4P1YopQW0ZeEX9hMpejtBbQSgWuZidq8oFZsmfjKfbIAeiva/CmRHO
FeJAzjuC7t0V0nhavPAMkdNDRUe9qqNntpHGhA2gwk6Uea0raJqwEHgKZWP/oIS1
6U8tmU456S0NlRi/Rjk1QkcH4q8ZU6is8qPkE1xEkToTSRmx5zHZ5NSWQsm0huJm
p9UtoraqWCtSTfW1LG4R53kh2E+AG84NzywUrkHNQHNaeFv7SH1N0MQVE63KOiMW
Du85JHMsrmGWmWsUOIJ2t6RSATaf7vr1MaANfhF8yQnBNRGzWQ==
-----END CERTIFICATE-----