Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f51bf20f-531a-411e-baff-37a38bc29ce9.roa
File:                     f51bf20f-531a-411e-baff-37a38bc29ce9.roa (raw, json)
Hash identifier:          HkGasRzmkFua3wHNXQ5wOUfdw4Bz8jP6tYAcTVDNNx8=
Subject key identifier:   2F:7C:36:CD:D7:C4:10:1F:21:14:63:19:12:7C:DC:32:A4:6B:44:B9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4D981730492C9317D021030EDC34F50113CDECBB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f51bf20f-531a-411e-baff-37a38bc29ce9.roa
Signing time:             Mon 31 Mar 2025 19:30:10 +0000
ROA not before:           Mon 31 Mar 2025 19:30:10 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:8020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:98:17:30:49:2c:93:17:d0:21:03:0e:dc:34:f5:01:13:cd:ec:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:30:10 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7a:2e:6d:97:ec:db:50:4e:57:3d:8c:66:f9:
                    c5:ef:f4:74:55:b4:94:96:4f:58:73:ea:cc:37:b3:
                    11:46:7d:c7:82:f3:ce:4a:2e:05:49:27:e8:93:9a:
                    3b:78:e9:ce:0f:6d:4f:78:86:fe:10:2e:eb:e9:5f:
                    c6:2f:d9:9d:14:ec:19:69:e9:03:30:8e:7f:1c:a1:
                    40:ec:de:b1:d8:e6:4c:eb:9f:52:44:0c:d1:0c:6d:
                    b0:47:b1:c9:db:61:db:f7:95:94:65:70:0d:08:03:
                    12:8a:08:1e:03:8f:6d:cc:b0:00:27:a4:e7:53:8e:
                    bc:c9:d6:aa:ec:05:cb:34:5c:69:77:8c:6d:be:21:
                    ee:c8:bc:27:de:ad:bb:ff:9e:c2:62:75:25:9b:74:
                    3f:13:7a:78:3c:d3:d6:d3:c0:23:1a:d8:1f:f0:92:
                    e5:34:c7:a4:d0:67:31:25:22:38:52:1f:17:7d:f1:
                    d1:c0:74:ca:76:4d:04:34:c2:20:98:03:17:a6:68:
                    fe:e0:31:71:92:41:f7:97:94:ae:ac:49:79:dc:9c:
                    4e:d5:57:50:f7:b7:2a:03:f0:31:39:2a:6e:12:ba:
                    03:52:93:df:bd:06:6f:af:8c:7e:df:42:ba:99:5d:
                    56:28:58:b6:a6:d2:96:3d:44:15:9a:c7:7c:f2:b7:
                    88:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:7C:36:CD:D7:C4:10:1F:21:14:63:19:12:7C:DC:32:A4:6B:44:B9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f51bf20f-531a-411e-baff-37a38bc29ce9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:0e:f9:38:76:fa:83:4e:75:ed:af:ae:d1:42:cd:3f:50:55:
         68:b9:b9:46:3f:eb:0b:e6:23:25:1e:77:75:11:a2:5b:9b:6a:
         cd:90:8e:d0:6a:18:b9:ea:b7:09:60:f8:c3:6c:c2:9b:cf:51:
         9b:15:c3:e9:29:82:b4:88:dc:1b:b6:bb:81:0b:aa:fd:4c:66:
         6f:78:4e:10:8f:c9:7b:55:46:4d:ee:82:09:3f:fe:74:c9:b4:
         c4:92:f3:1d:4d:a3:2d:35:2c:4a:1c:80:b2:f4:02:7b:de:60:
         ad:a3:b1:0d:be:de:c2:bf:00:f8:e5:41:07:76:02:66:ed:18:
         00:bd:35:ef:57:c6:da:00:ec:df:f1:95:73:7f:95:61:7f:78:
         11:56:a9:b8:f2:94:4a:3d:07:68:50:d1:33:e1:92:3b:69:ef:
         1e:f9:25:f1:d2:bc:ba:83:bb:04:b2:ec:b1:97:f8:15:b0:f4:
         c6:24:b0:68:dc:08:35:49:8d:e0:d4:79:2c:11:b1:2b:03:41:
         ed:3e:cd:75:79:1a:8a:b2:91:db:1d:e0:19:f2:52:18:c2:33:
         2c:29:67:99:55:68:43:06:b7:eb:46:f6:bf:e4:83:66:15:97:
         8c:cd:a1:3e:b5:f8:08:1d:f4:06:29:75:4f:6e:7b:76:aa:0d:
         4d:89:bd:a1
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUTZgXMEkskxfQIQMO3DT1ARPN7LswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTMwMTBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyYmM2ODFmZGZmMTM2NWUyNDI2ODNlNTg0YTE4YWI5MjJjMGVjZDQ3ZGE4
MDJmN2Q2NzY1OGQ0ZjE5ZmZlNDYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMB6Lm2X7NtQTlc9jGb5xe/0dFW0lJZPWHPqzDezEUZ9x4LzzkouBUkn6JOa
O3jpzg9tT3iG/hAu6+lfxi/ZnRTsGWnpAzCOfxyhQOzesdjmTOufUkQM0QxtsEex
ydth2/eVlGVwDQgDEooIHgOPbcywACek51OOvMnWquwFyzRcaXeMbb4h7si8J96t
u/+ewmJ1JZt0PxN6eDzT1tPAIxrYH/CS5TTHpNBnMSUiOFIfF33x0cB0ynZNBDTC
IJgDF6Zo/uAxcZJB95eUrqxJedycTtVXUPe3KgPwMTkqbhK6A1KT370Gb6+Mft9C
upldVihYtqbSlj1EFZrHfPK3iI0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQvfDbN
18QQHyEUYxkSfNwypGtEuTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjUxYmYyMGYtNTMxYS00MTFlLWJhZmYtMzdhMzhiYzI5Y2U5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
IDANBgkqhkiG9w0BAQsFAAOCAQEAsg75OHb6g0517a+u0ULNP1BVaLm5Rj/rC+Yj
JR53dRGiW5tqzZCO0GoYueq3CWD4w2zCm89RmxXD6SmCtIjcG7a7gQuq/Uxmb3hO
EI/Je1VGTe6CCT/+dMm0xJLzHU2jLTUsShyAsvQCe95graOxDb7ewr8A+OVBB3YC
Zu0YAL0171fG2gDs3/GVc3+VYX94EVapuPKUSj0HaFDRM+GSO2nvHvkl8dK8uoO7
BLLssZf4FbD0xiSwaNwINUmN4NR5LBGxKwNB7T7NdXkairKR2x3gGfJSGMIzLCln
mVVoQwa360b2v+SDZhWXjM2hPrX4CB30Bil1T257dqoNTYm9oQ==
-----END CERTIFICATE-----