Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e437969a-a36c-4417-88bd-c48ac88d9a5c.roa
File:                     e437969a-a36c-4417-88bd-c48ac88d9a5c.roa (raw, json)
Hash identifier:          KsUEYHwGi9RUnX/16CC35E11RWd7VukF+wk7EFNE1+0=
Subject key identifier:   46:22:63:5A:E4:41:3A:37:1D:2D:5F:3A:4F:D2:BE:C8:F9:09:D5:DF
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0A93DC65F65E89789374CD053424C8DBC911B045
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e437969a-a36c-4417-88bd-c48ac88d9a5c.roa
Signing time:             Mon 31 Mar 2025 19:50:07 +0000
ROA not before:           Mon 31 Mar 2025 19:50:07 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:b080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:93:dc:65:f6:5e:89:78:93:74:cd:05:34:24:c8:db:c9:11:b0:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:50:07 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f9:0d:54:f3:5c:8c:22:25:00:e4:9b:a4:85:
                    96:cf:95:68:72:41:58:55:e6:16:33:dc:82:52:48:
                    de:d0:a2:8e:54:b3:58:3a:cb:3a:1e:e2:e8:19:a0:
                    b7:e2:03:3d:3b:8f:c1:6c:48:49:0b:1f:4e:e5:e2:
                    52:15:9d:5d:39:3a:1e:3f:fb:c4:37:6b:50:5e:3f:
                    26:ff:12:c9:f4:ac:5c:c2:15:6f:8f:e6:02:48:a3:
                    15:3c:e8:c1:d4:7d:f2:26:c8:15:44:d3:ba:c7:b1:
                    7b:8e:d3:74:b9:ee:e1:8b:ad:05:6c:87:21:67:ab:
                    f7:4d:a8:33:c9:ea:92:44:3e:64:08:3e:ff:c6:26:
                    58:6b:34:a7:bc:c3:7c:7a:72:85:34:4c:9a:87:e2:
                    23:1c:a9:de:f7:e7:9f:94:c3:17:69:b6:17:78:0d:
                    c5:25:0b:6d:79:eb:0e:16:ae:1a:08:72:04:13:d6:
                    55:28:0d:ad:90:fa:92:68:99:ff:8d:03:30:41:38:
                    44:e2:e7:45:3c:c9:53:18:8d:ab:1f:21:fd:4a:97:
                    ea:86:29:aa:81:13:87:c1:02:73:42:f7:26:6a:14:
                    4a:17:55:f4:f1:e7:b4:09:db:d2:69:6f:dc:ff:a0:
                    1e:18:04:79:cf:ee:e5:42:6b:9b:9e:f0:53:26:7b:
                    65:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:22:63:5A:E4:41:3A:37:1D:2D:5F:3A:4F:D2:BE:C8:F9:09:D5:DF
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e437969a-a36c-4417-88bd-c48ac88d9a5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:b080::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:b3:56:bb:84:78:0d:53:f4:d4:39:29:62:aa:c4:3d:00:ef:
         25:95:c1:00:18:3c:2d:74:52:df:8c:7c:eb:84:2d:47:38:3a:
         fe:3d:fe:72:2f:7b:00:02:70:4d:69:10:10:0a:73:e6:a4:b5:
         cc:3d:e9:86:8e:41:51:59:6f:80:ec:ae:33:77:3f:9d:1c:ad:
         d7:5d:92:03:21:2e:88:b5:69:90:f8:d3:5c:79:22:2f:43:7a:
         dc:49:95:c3:4e:05:28:71:39:e1:fa:0c:f6:84:d4:41:a0:30:
         7c:69:95:93:28:9f:06:82:97:9f:42:b9:d4:20:3f:ea:47:c8:
         1c:4b:43:b4:0b:63:7e:e4:0f:74:3c:a6:69:e8:ed:ea:62:df:
         ec:cf:db:2e:17:59:16:a7:ac:77:87:3c:4e:30:36:98:ce:71:
         81:36:e7:53:81:9b:5e:23:dd:58:3f:01:5f:11:ec:cc:d5:de:
         98:58:08:1f:68:23:80:ed:c4:9e:e2:55:36:70:cc:d5:47:e8:
         74:86:79:4e:fa:4a:50:b1:99:34:c9:4c:8c:55:1e:03:86:a4:
         9a:a9:6e:6d:bd:6f:9b:95:70:c3:4d:a1:eb:3e:46:93:83:f0:
         1d:1e:96:2f:6a:1d:bc:5c:7f:9c:57:76:cd:fe:c1:9f:d5:ce:
         25:dc:c5:c4
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCpPcZfZeiXiTdM0FNCTI28kRsEUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUwMDdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZmZDI2MTdlYWQyMDhmZDliYTExMGJkYWRjM2Q0MDhiMTk5NGRiODAyNDNj
MmQxMmZhZWE1MGE1N2VkNDA0OWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALD5DVTzXIwiJQDkm6SFls+VaHJBWFXmFjPcglJI3tCijlSzWDrLOh7i6Bmg
t+IDPTuPwWxISQsfTuXiUhWdXTk6Hj/7xDdrUF4/Jv8SyfSsXMIVb4/mAkijFTzo
wdR98ibIFUTTusexe47TdLnu4YutBWyHIWer902oM8nqkkQ+ZAg+/8YmWGs0p7zD
fHpyhTRMmofiIxyp3vfnn5TDF2m2F3gNxSULbXnrDhauGghyBBPWVSgNrZD6kmiZ
/40DMEE4ROLnRTzJUxiNqx8h/UqX6oYpqoETh8ECc0L3JmoUShdV9PHntAnb0mlv
3P+gHhgEec/u5UJrm57wUyZ7ZfkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRGImNa
5EE6Nx0tXzpP0r7I+QnV3zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTQzNzk2OWEtYTM2Yy00NDE3LTg4YmQtYzQ4YWM4OGQ5YTVjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0Diw
gDANBgkqhkiG9w0BAQsFAAOCAQEADLNWu4R4DVP01DkpYqrEPQDvJZXBABg8LXRS
34x864QtRzg6/j3+ci97AAJwTWkQEApz5qS1zD3pho5BUVlvgOyuM3c/nRyt112S
AyEuiLVpkPjTXHkiL0N63EmVw04FKHE54foM9oTUQaAwfGmVkyifBoKXn0K51CA/
6kfIHEtDtAtjfuQPdDymaejt6mLf7M/bLhdZFqesd4c8TjA2mM5xgTbnU4GbXiPd
WD8BXxHszNXemFgIH2gjgO3EnuJVNnDM1UfodIZ5TvpKULGZNMlMjFUeA4akmqlu
bb1vm5Vww02h6z5Gk4PwHR6WL2odvFx/nFd2zf7Bn9XOJdzFxA==
-----END CERTIFICATE-----