Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f4392a9b-4dbd-4966-b39c-0f1163c52611.roa
File:                     f4392a9b-4dbd-4966-b39c-0f1163c52611.roa (raw, json)
Hash identifier:          YfDjesY5QwVi5mAZPzoJTmVlWbxwmhixYhay0hKYRNk=
Subject key identifier:   CB:10:22:C1:0A:54:70:88:C6:B0:46:12:EE:14:07:89:A9:1C:E8:13
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3D4A760F9E38AA621CBB40D6F273D07F78870254
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f4392a9b-4dbd-4966-b39c-0f1163c52611.roa
Signing time:             Mon 31 Mar 2025 20:10:15 +0000
ROA not before:           Mon 31 Mar 2025 20:10:15 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:a040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:4a:76:0f:9e:38:aa:62:1c:bb:40:d6:f2:73:d0:7f:78:87:02:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:10:15 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c0:e4:9c:f0:a7:a3:09:ff:11:bd:c9:2f:e5:
                    d9:04:fe:13:72:03:83:5d:04:56:76:47:c3:f2:83:
                    73:6a:1e:eb:96:83:53:2d:02:ca:a6:b0:57:82:e6:
                    09:d5:ca:b0:5f:08:da:3f:08:f0:68:28:f8:ac:27:
                    65:a1:b6:83:6b:cd:28:80:04:5e:33:fe:73:49:b9:
                    de:dd:34:b5:35:69:62:41:9a:64:5a:5b:76:53:bf:
                    89:01:3f:f2:c8:38:ed:b6:d4:1e:9f:8b:81:0b:dc:
                    20:55:93:f1:16:3f:b7:89:cf:ad:4d:39:a9:27:4a:
                    f3:22:49:f7:4f:bc:48:2b:f3:75:9d:a5:3e:dc:48:
                    79:e0:79:41:86:3f:96:f6:d9:44:eb:3e:26:01:44:
                    0e:96:3c:0a:cd:7a:28:ff:2d:ae:18:78:41:8a:56:
                    e4:a7:7e:2e:a2:8d:fe:80:cf:a9:8b:72:1c:50:e1:
                    d5:a4:4e:2a:ec:25:af:43:e3:4b:24:36:63:4a:5b:
                    05:98:35:b8:0d:b7:72:a0:c5:04:c7:dd:25:ed:01:
                    06:58:0c:28:1e:07:a3:1f:b5:a8:ff:97:c4:03:0d:
                    4e:0a:55:b8:69:05:8f:11:79:db:30:9d:eb:1b:ec:
                    34:49:15:17:3b:f2:ff:79:44:8a:1b:d5:4a:f3:7c:
                    4a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:10:22:C1:0A:54:70:88:C6:B0:46:12:EE:14:07:89:A9:1C:E8:13
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f4392a9b-4dbd-4966-b39c-0f1163c52611.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:a040::/46

    Signature Algorithm: sha256WithRSAEncryption
         57:19:c6:b7:66:66:0b:37:b0:0b:90:00:d6:0c:cf:ed:cd:c6:
         45:47:75:5b:ca:d7:6a:b4:2e:31:ac:1b:0a:1c:78:81:30:99:
         ad:ca:31:93:4a:fb:8c:b1:27:cf:e3:1d:53:61:54:46:99:10:
         fe:0c:ce:54:ad:d5:ce:16:4e:d5:ef:7e:de:eb:07:7e:fb:35:
         37:02:c0:38:3f:81:d7:26:9e:d7:52:0a:f7:51:27:4b:c5:42:
         07:60:29:5c:cd:93:cc:04:59:68:77:8b:33:41:24:d0:2e:a9:
         bc:bd:47:5e:36:dd:44:8c:33:1f:10:b0:47:5d:9a:9b:49:2a:
         ef:6d:51:b0:1e:ea:15:9f:04:eb:2a:78:18:8b:9d:ff:fa:89:
         da:b5:fb:a3:6a:36:15:4b:af:b6:55:76:79:f1:e8:47:ef:ba:
         d4:51:0b:9d:2f:5d:5f:86:fe:2c:b5:ff:66:85:e6:21:38:ef:
         54:eb:7c:81:bf:56:ab:b9:54:d9:3c:7d:c1:90:2c:6c:71:d4:
         39:0d:72:42:a9:69:30:91:a1:79:04:13:16:65:79:ca:4e:9f:
         93:e6:9a:e5:8b:2b:41:65:91:7e:e4:3e:6a:44:ab:ae:21:89:
         2c:5f:07:77:36:3c:d8:23:3f:c0:9f:27:09:cd:33:26:d1:e6:
         c3:50:7e:7e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUPUp2D544qmIcu0DW8nPQf3iHAlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDEwMTVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1NmIzZjk0NzJlZDk0ZGNiZGU3MzAxNjAxZWUyYmE1MzY4YTkxOTE1NmVm
MWQ1YzA4YWMyYzE0ZjUxNGEwZjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXA5Jzwp6MJ/xG9yS/l2QT+E3IDg10EVnZHw/KDc2oe65aDUy0CyqawV4Lm
CdXKsF8I2j8I8Ggo+KwnZaG2g2vNKIAEXjP+c0m53t00tTVpYkGaZFpbdlO/iQE/
8sg47bbUHp+LgQvcIFWT8RY/t4nPrU05qSdK8yJJ90+8SCvzdZ2lPtxIeeB5QYY/
lvbZROs+JgFEDpY8Cs16KP8trhh4QYpW5Kd+LqKN/oDPqYtyHFDh1aROKuwlr0Pj
SyQ2Y0pbBZg1uA23cqDFBMfdJe0BBlgMKB4Hox+1qP+XxAMNTgpVuGkFjxF52zCd
6xvsNEkVFzvy/3lEihvVSvN8St8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTLECLB
ClRwiMawRhLuFAeJqRzoEzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjQzOTJhOWItNGRiZC00OTY2LWIzOWMtMGYxMTYzYzUyNjExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0Hug
QDANBgkqhkiG9w0BAQsFAAOCAQEAVxnGt2ZmCzewC5AA1gzP7c3GRUd1W8rXarQu
MawbChx4gTCZrcoxk0r7jLEnz+MdU2FURpkQ/gzOVK3VzhZO1e9+3usHfvs1NwLA
OD+B1yae11IK91EnS8VCB2ApXM2TzARZaHeLM0Ek0C6pvL1HXjbdRIwzHxCwR12a
m0kq721RsB7qFZ8E6yp4GIud//qJ2rX7o2o2FUuvtlV2efHoR++61FELnS9dX4b+
LLX/ZoXmITjvVOt8gb9Wq7lU2Tx9wZAsbHHUOQ1yQqlpMJGheQQTFmV5yk6fk+aa
5YsrQWWRfuQ+akSrriGJLF8HdzY82CM/wJ8nCc0zJtHmw1B+fg==
-----END CERTIFICATE-----