Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
File:                     fc40321f-72c2-43a4-8c42-0e935f8f1943.roa (raw, json)
Hash identifier:          yBbT95UUN5IO0sKzqOmVR/3macKO9xEXOloEoM/bgyQ=
Subject key identifier:   D0:9C:93:E7:25:B9:2F:6A:4D:00:A8:AA:47:1F:C8:5C:CB:CC:8E:63
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       529D6647790F88506B8D02A7349ECE83B9AEC144
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
Signing time:             Mon 31 Mar 2025 19:31:44 +0000
ROA not before:           Mon 31 Mar 2025 19:31:44 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:20c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:9d:66:47:79:0f:88:50:6b:8d:02:a7:34:9e:ce:83:b9:ae:c1:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:31:44 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:08:12:76:e3:00:88:ef:83:33:cc:3d:ac:61:
                    a2:dd:88:95:fc:c8:b3:d6:0d:87:5c:16:9a:31:ca:
                    f1:65:96:5d:51:fe:bc:37:97:d3:96:ee:e1:af:f9:
                    53:5a:32:0f:f1:0e:32:73:99:90:c0:d7:fa:9a:5b:
                    b4:ab:b6:77:3f:d9:ac:26:e1:4b:7c:03:0d:55:e5:
                    6a:a5:70:cd:95:c6:ab:ce:b2:d1:20:7a:16:cf:1d:
                    c8:60:d2:ea:e5:99:f3:ee:40:15:32:af:f8:e1:b7:
                    d0:ef:de:4b:48:ce:00:34:a1:37:8a:da:a5:60:e8:
                    d2:c8:b7:f5:1f:df:da:03:d7:79:2b:f8:f3:e0:f9:
                    f9:db:7b:e9:5c:c5:8d:f7:85:71:17:e1:b8:24:52:
                    2b:45:97:df:39:63:dc:fd:ce:01:e2:65:a4:09:8a:
                    a4:44:19:de:be:8f:9e:91:e5:a3:1b:a3:40:59:39:
                    96:31:8d:4e:60:07:10:96:b6:98:7b:db:fe:a3:8a:
                    1e:5d:c5:6c:53:31:6c:6f:4c:ce:a4:3f:c5:84:c6:
                    89:ed:53:8b:41:5b:56:e9:32:20:87:5d:12:ed:e5:
                    93:6d:d8:40:6c:9e:83:d6:54:dd:43:08:a3:81:b4:
                    f8:cc:aa:f9:c9:51:45:1b:d4:1e:13:18:a2:0c:06:
                    f1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9C:93:E7:25:B9:2F:6A:4D:00:A8:AA:47:1F:C8:5C:CB:CC:8E:63
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:20c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:d0:51:42:ef:6a:e7:a9:9d:71:b3:b1:0a:24:03:da:b1:87:
         c6:cc:99:84:8e:a4:d3:d2:fa:d6:73:3a:6e:63:52:fc:d3:0d:
         c3:4e:12:3a:2d:d9:60:66:ae:ae:bb:07:c7:fd:a9:43:54:dc:
         5f:29:d0:9f:cb:2a:21:8f:f8:45:4f:44:be:28:db:d0:39:9a:
         d1:7c:52:06:d0:8c:23:33:fa:ae:65:87:90:22:d1:53:fc:63:
         e4:5b:c4:f8:cd:2f:6a:8f:8b:55:e6:6d:54:c4:e4:51:02:0b:
         cc:86:ce:ff:57:ab:59:08:5f:9c:fc:7b:8f:1e:35:ec:72:2b:
         9f:08:1f:26:9c:42:99:50:69:3f:01:1d:3c:d2:6e:93:2d:90:
         0b:24:34:a5:84:96:d7:e2:ff:ab:1c:cc:ad:6b:bb:07:6e:63:
         6c:7c:96:c7:96:67:b0:a3:53:e8:26:3a:cb:25:a5:c6:10:25:
         87:d0:7a:17:f2:49:fb:08:5a:79:cd:1e:97:9d:a6:80:45:06:
         a6:bc:3e:d7:29:e4:4c:53:38:f6:52:a8:8c:ca:b3:51:2c:85:
         0e:e4:a3:62:1a:ec:0e:c4:b0:62:97:dc:05:5e:c6:7c:68:2a:
         d0:64:27:07:0c:06:d0:a5:2c:c6:5c:e8:61:81:40:83:77:5b:
         2f:7f:6e:f1
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUUp1mR3kPiFBrjQKnNJ7Og7muwUQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTMxNDRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhlMDlmMmEyNGNmZmJkMDIyY2FkYjI3MzBhOWZiOGVmNWYwZWExMjczM2Vl
OTM4YzNjMDRiYWQwZWExMTRlYTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMQIEnbjAIjvgzPMPaxhot2IlfzIs9YNh1wWmjHK8WWWXVH+vDeX05bu4a/5
U1oyD/EOMnOZkMDX+ppbtKu2dz/ZrCbhS3wDDVXlaqVwzZXGq86y0SB6Fs8dyGDS
6uWZ8+5AFTKv+OG30O/eS0jOADShN4rapWDo0si39R/f2gPXeSv48+D5+dt76VzF
jfeFcRfhuCRSK0WX3zlj3P3OAeJlpAmKpEQZ3r6PnpHloxujQFk5ljGNTmAHEJa2
mHvb/qOKHl3FbFMxbG9MzqQ/xYTGie1Ti0FbVukyIIddEu3lk23YQGyeg9ZU3UMI
o4G0+Myq+clRRRvUHhMYogwG8a8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTQnJPn
Jbkvak0AqKpHH8hcy8yOYzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmM0MDMyMWYtNzJjMi00M2E0LThjNDItMGU5MzVmOGYxOTQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAg
wDANBgkqhkiG9w0BAQsFAAOCAQEAr9BRQu9q56mdcbOxCiQD2rGHxsyZhI6k09L6
1nM6bmNS/NMNw04SOi3ZYGaurrsHx/2pQ1TcXynQn8sqIY/4RU9Evijb0Dma0XxS
BtCMIzP6rmWHkCLRU/xj5FvE+M0vao+LVeZtVMTkUQILzIbO/1erWQhfnPx7jx41
7HIrnwgfJpxCmVBpPwEdPNJuky2QCyQ0pYSW1+L/qxzMrWu7B25jbHyWx5ZnsKNT
6CY6yyWlxhAlh9B6F/JJ+whaec0el52mgEUGprw+1ynkTFM49lKojMqzUSyFDuSj
YhrsDsSwYpfcBV7GfGgq0GQnBwwG0KUsxlzoYYFAg3dbL39u8Q==
-----END CERTIFICATE-----