Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa
File:                     fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa (raw, json)
Hash identifier:          WDLyQ9kBsIXj913XNhTIlwCRZ+7F3tFPk0ckShUDS2A=
Subject key identifier:   49:C5:8C:A1:CD:54:EC:F3:B9:F6:26:98:77:99:49:E8:1E:E7:54:75
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5CDAC7F6F87488964BE6D71CD5DEFE3F52DF5C55
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa
Signing time:             Mon 31 Mar 2025 19:30:18 +0000
ROA not before:           Mon 31 Mar 2025 19:30:18 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:8000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:da:c7:f6:f8:74:88:96:4b:e6:d7:1c:d5:de:fe:3f:52:df:5c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:30:18 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:81:d3:59:45:09:6a:8f:34:e6:f8:04:f6:10:
                    00:0d:6a:ab:5b:c7:4d:94:32:41:ef:a8:4d:6e:5f:
                    f9:93:e3:e9:16:ae:d8:e9:b9:60:fe:12:2a:e7:43:
                    b5:a3:d2:9b:fb:ed:36:c2:a7:66:51:ac:f5:56:4c:
                    d1:de:42:2f:25:4d:c1:05:85:09:85:e5:ba:de:79:
                    cb:5b:81:18:5e:75:9b:78:00:22:00:62:88:7d:89:
                    b2:57:1a:01:ce:c3:b8:9c:a6:6c:c0:c1:36:a9:c3:
                    04:ae:61:63:f4:32:62:8a:b9:dc:71:8b:0f:22:28:
                    59:16:16:cb:06:ad:1a:cd:24:be:0b:a4:a9:e1:74:
                    c5:76:e2:76:4c:28:ab:1a:e4:10:30:e1:21:cd:bf:
                    81:cc:19:c1:9d:2b:f2:12:b6:8b:76:87:5b:c6:2e:
                    e7:b9:cd:71:30:8c:6e:54:1b:8a:f3:a8:b9:9c:9a:
                    47:12:24:b1:34:8e:b9:ad:08:7d:ab:39:ef:22:88:
                    48:75:1d:ea:f4:c9:45:1d:64:42:5a:eb:a7:ae:5c:
                    0b:8a:23:19:9d:31:bb:dd:2c:65:2b:21:63:6c:c3:
                    d1:3e:c9:b2:17:13:9c:10:65:f3:5a:42:a7:42:45:
                    ca:db:d9:1b:af:6e:9e:8c:14:67:06:db:dd:06:f8:
                    6b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:C5:8C:A1:CD:54:EC:F3:B9:F6:26:98:77:99:49:E8:1E:E7:54:75
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:90:62:db:0b:87:78:26:54:be:6f:45:3c:bd:df:9f:c2:5b:
         39:8c:17:22:56:0a:ef:f3:d8:04:01:a4:44:02:93:fe:6b:e9:
         ee:6d:7a:41:79:b0:8d:49:48:45:15:53:92:4a:c6:d3:78:61:
         cc:01:9d:b4:c3:ab:3d:9b:9e:b4:f5:fa:c4:43:25:39:3b:a4:
         4a:87:3e:43:7b:c4:cf:e5:57:93:72:04:d8:29:e2:73:3b:c2:
         d2:00:12:55:72:9c:50:55:44:58:49:6a:c2:f4:ed:bc:b8:89:
         c3:9d:68:26:59:db:82:3d:3c:57:50:d2:75:73:e4:ec:eb:65:
         7a:8f:ce:ac:dd:50:ba:a2:8f:9b:2a:e2:ab:86:a5:ea:e4:3b:
         dd:69:4c:9d:e8:c2:67:86:dc:88:61:a4:7a:ef:08:9f:a3:cd:
         4b:07:f6:91:c7:1f:ff:48:56:9d:9c:b2:46:52:cc:13:e1:fc:
         b5:70:ae:ce:71:ad:ae:82:36:82:a3:38:4f:ad:17:26:d1:61:
         4c:20:db:b0:f7:b3:8f:86:32:e5:95:d9:e1:c2:3a:ef:c1:06:
         49:fb:65:09:eb:d7:48:7f:60:84:df:66:4f:c8:ce:6a:20:ba:
         50:47:57:fe:c5:a6:ae:11:6f:c1:aa:ce:4e:aa:53:9a:c9:bd:
         98:53:b0:50
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXNrH9vh0iJZL5tcc1d7+P1LfXFUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTMwMThaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDkwMzA5ZWQ1ZjQzY2MxNTA3ZjI0MzYxNDIyODlkMWQxZmUwOTYwNTVlYTE5
NTNiYjllYTIwMzdmNTNiNGI1NGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJmB01lFCWqPNOb4BPYQAA1qq1vHTZQyQe+oTW5f+ZPj6Rau2Om5YP4SKudD
taPSm/vtNsKnZlGs9VZM0d5CLyVNwQWFCYXlut55y1uBGF51m3gAIgBiiH2Jslca
Ac7DuJymbMDBNqnDBK5hY/QyYoq53HGLDyIoWRYWywatGs0kvgukqeF0xXbidkwo
qxrkEDDhIc2/gcwZwZ0r8hK2i3aHW8Yu57nNcTCMblQbivOouZyaRxIksTSOua0I
fas57yKISHUd6vTJRR1kQlrrp65cC4ojGZ0xu90sZSshY2zD0T7JshcTnBBl81pC
p0JFytvZG69unowUZwbb3Qb4a3UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRJxYyh
zVTs87n2Jph3mUnoHudUdTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmMzY2YxZmYtMjA5ZC00NmY2LWE3ZGQtYTdiYTVkNWJmYmE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DiA
MA0GCSqGSIb3DQEBCwUAA4IBAQBjkGLbC4d4JlS+b0U8vd+fwls5jBciVgrv89gE
AaREApP+a+nubXpBebCNSUhFFVOSSsbTeGHMAZ20w6s9m5609frEQyU5O6RKhz5D
e8TP5VeTcgTYKeJzO8LSABJVcpxQVURYSWrC9O28uInDnWgmWduCPTxXUNJ1c+Ts
62V6j86s3VC6oo+bKuKrhqXq5DvdaUyd6MJnhtyIYaR67wifo81LB/aRxx//SFad
nLJGUswT4fy1cK7Oca2ugjaCozhPrRcm0WFMINuw97OPhjLlldnhwjrvwQZJ+2UJ
69dIf2CE32ZPyM5qILpQR1f+xaauEW/Bqs5OqlOayb2YU7BQ
-----END CERTIFICATE-----