Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e6ac0def-833f-4e1b-a75d-2d1fb3b8c3d6.roa
File:                     e6ac0def-833f-4e1b-a75d-2d1fb3b8c3d6.roa (raw, json)
Hash identifier:          vzhFSsVAUxWY5z53hTZA4jO9bMC6SyNSKhaXdgRH9LU=
Subject key identifier:   55:B8:A6:FD:F9:3F:4E:D7:0B:CA:80:55:D5:B2:52:CE:26:54:B6:C5
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       447FBC5D19302F7B43D9E5FB25CC06A202168AC4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e6ac0def-833f-4e1b-a75d-2d1fb3b8c3d6.roa
Signing time:             Mon 31 Mar 2025 20:40:40 +0000
ROA not before:           Mon 31 Mar 2025 20:40:40 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:7f:bc:5d:19:30:2f:7b:43:d9:e5:fb:25:cc:06:a2:02:16:8a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:40:40 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b3:12:33:b2:8b:2d:02:64:12:d3:37:6a:59:
                    86:74:ce:81:72:3d:1c:b0:8c:4a:49:c8:be:14:0f:
                    e4:9a:a4:41:72:a2:78:8c:a1:5b:4e:bc:54:fd:0b:
                    9e:db:4f:49:fb:39:0c:20:bc:f5:99:cc:7f:15:12:
                    c1:21:56:6b:97:bc:75:ae:6a:8f:3b:ba:2b:78:cc:
                    c9:b5:71:42:7d:2c:ab:68:d1:6c:26:b3:9d:83:02:
                    38:16:46:f6:5f:58:e6:f4:ce:f7:46:9d:82:f6:7e:
                    42:f7:83:2a:36:aa:fc:5c:ce:87:50:c5:90:6e:76:
                    85:91:97:f6:c4:b9:0f:b0:b3:63:d9:2a:1a:46:e7:
                    80:cd:e2:6c:39:56:18:e3:a5:da:4a:af:79:76:51:
                    61:15:c0:32:86:d1:6f:b3:8b:53:74:e4:89:ad:2a:
                    e0:03:ba:b1:a8:52:1d:ca:fe:0d:b5:e3:83:88:2b:
                    b7:e1:3d:3e:16:c0:f1:58:f6:eb:99:87:ef:f4:68:
                    38:44:36:b0:90:1d:bd:77:68:6f:04:ba:bc:b7:00:
                    b9:eb:fa:8c:13:30:61:b0:11:e3:e2:c7:42:cb:7c:
                    d5:68:fd:c2:91:1a:48:13:ff:df:96:bf:c0:e2:98:
                    d4:f1:ec:7d:ca:61:ef:b8:0a:0d:25:57:1f:cb:f6:
                    71:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B8:A6:FD:F9:3F:4E:D7:0B:CA:80:55:D5:B2:52:CE:26:54:B6:C5
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e6ac0def-833f-4e1b-a75d-2d1fb3b8c3d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         17:11:3b:31:f2:1b:e5:52:03:62:de:5d:49:b2:ba:fe:fa:2a:
         43:b8:af:41:44:de:24:41:cf:a3:ee:11:43:44:7c:69:be:5f:
         59:b7:ab:59:d8:dc:67:81:9c:d8:83:ff:d4:7e:2c:33:f9:55:
         4e:21:79:42:8f:4f:98:67:37:27:23:c5:2f:22:dd:76:81:a1:
         15:68:dd:93:a2:2e:bd:68:17:b5:8e:a8:7a:b2:85:c1:58:1b:
         fe:0b:a0:ec:ac:70:b2:e7:7c:a2:f0:75:99:14:72:47:14:d6:
         50:42:57:5b:b8:9d:8f:9e:d2:c5:17:87:f6:60:68:d1:b4:84:
         85:49:6b:d3:8d:1b:97:c7:c5:a8:04:5f:c9:a0:7a:60:a3:54:
         73:72:9f:24:2f:5d:11:63:0d:36:46:c6:8d:91:c4:39:84:3a:
         c5:7b:91:39:b9:05:86:41:9f:fb:88:b4:66:48:96:69:8d:e8:
         db:ea:d1:f5:4a:5c:4f:8d:eb:f6:51:b5:0a:02:f8:ac:4f:06:
         b7:54:08:80:0f:2d:aa:f1:51:77:2d:fe:29:56:36:54:c4:60:
         bc:6e:85:55:e8:43:05:c3:e2:3c:58:62:11:76:02:1f:6f:d0:
         77:64:6e:eb:79:d9:1d:f8:9d:65:ef:80:ec:65:a9:01:64:de:
         e7:35:41:25
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURH+8XRkwL3tD2eX7JcwGogIWisQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDQwNDBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNiZmI3NGRjMWI4ZDM3ZmFjMWNiZjU4MzM3ZDZmZmIxMTVmNjQ2ODM0ZmI1
MzkxZTc5NmY1MGNkNWI0NTRlNjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKezEjOyiy0CZBLTN2pZhnTOgXI9HLCMSknIvhQP5JqkQXKieIyhW068VP0L
nttPSfs5DCC89ZnMfxUSwSFWa5e8da5qjzu6K3jMybVxQn0sq2jRbCaznYMCOBZG
9l9Y5vTO90adgvZ+QveDKjaq/FzOh1DFkG52hZGX9sS5D7CzY9kqGkbngM3ibDlW
GOOl2kqveXZRYRXAMobRb7OLU3Tkia0q4AO6sahSHcr+DbXjg4grt+E9PhbA8Vj2
65mH7/RoOEQ2sJAdvXdobwS6vLcAuev6jBMwYbAR4+LHQst81Wj9wpEaSBP/35a/
wOKY1PHsfcph77gKDSVXH8v2cXcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRVuKb9
+T9O1wvKgFXVslLOJlS2xTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTZhYzBkZWYtODMzZi00ZTFiLWE3NWQtMmQxZmIzYjhjM2Q2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H7A
MA0GCSqGSIb3DQEBCwUAA4IBAQAXETsx8hvlUgNi3l1Jsrr++ipDuK9BRN4kQc+j
7hFDRHxpvl9Zt6tZ2NxngZzYg//Ufiwz+VVOIXlCj0+YZzcnI8UvIt12gaEVaN2T
oi69aBe1jqh6soXBWBv+C6DsrHCy53yi8HWZFHJHFNZQQldbuJ2PntLFF4f2YGjR
tISFSWvTjRuXx8WoBF/JoHpgo1Rzcp8kL10RYw02RsaNkcQ5hDrFe5E5uQWGQZ/7
iLRmSJZpjejb6tH1SlxPjev2UbUKAvisTwa3VAiADy2q8VF3Lf4pVjZUxGC8boVV
6EMFw+I8WGIRdgIfb9B3ZG7redkd+J1l74DsZakBZN7nNUEl
-----END CERTIFICATE-----