Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/58699fff-50fe-46a7-8e85-38dbafe34c1b.roa
File:                     58699fff-50fe-46a7-8e85-38dbafe34c1b.roa (raw, json)
Hash identifier:          3vjsI+KIsTHbwCvaWsK9r2AhNBH+sKZi09WEqzMCVxQ=
Subject key identifier:   83:BB:D8:16:74:90:E9:C2:CA:8C:6E:B3:41:70:2B:CF:D2:78:7D:63
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       60AAF28FCEA20B0F8ABB0C164E9B3CDC96349B50
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/58699fff-50fe-46a7-8e85-38dbafe34c1b.roa
Signing time:             Wed 02 Apr 2025 00:30:28 +0000
ROA not before:           Wed 02 Apr 2025 00:30:28 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d06f:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:aa:f2:8f:ce:a2:0b:0f:8a:bb:0c:16:4e:9b:3c:dc:96:34:9b:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  2 00:30:28 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1d:11:e5:20:71:94:9a:f6:1e:15:3e:8d:db:
                    fb:f8:3e:3d:9b:34:79:59:34:00:78:44:dd:b0:37:
                    64:72:23:53:e0:3d:ca:27:5f:5f:0c:c1:73:5e:24:
                    0f:13:73:c4:64:cf:3a:ae:89:76:00:7f:c8:4c:44:
                    3c:59:e7:8d:e1:b6:e1:e6:36:44:00:f4:28:59:ee:
                    24:28:a8:dc:64:5f:39:db:8f:2c:a0:89:0d:cd:9d:
                    7e:fa:84:c3:e5:1c:bc:85:cd:47:9f:fd:f4:a5:0b:
                    3f:d2:3f:e4:7c:aa:3d:2d:40:90:d0:d6:75:c0:73:
                    c9:01:7d:09:d3:15:91:d6:1a:ba:f4:a4:e4:15:41:
                    fb:5c:ee:64:e0:92:7c:ad:59:a8:e7:9e:0a:35:df:
                    1e:d0:25:23:f3:27:c7:68:16:eb:5c:df:1f:17:05:
                    a4:87:cd:a3:d2:66:6b:b7:98:07:86:d6:87:2a:6e:
                    66:53:e5:5f:f8:4a:c5:f3:49:0e:a5:6c:d2:28:f1:
                    2f:29:48:0a:18:89:ef:26:78:bb:a3:0e:1b:d0:2b:
                    c0:3e:cf:25:80:92:25:ba:27:b3:39:4c:e5:1c:d9:
                    0e:42:dd:6c:c4:3c:ef:a8:83:1b:7a:c7:ca:a2:dc:
                    71:2c:d0:e3:05:33:cd:49:ea:3a:e0:d9:ea:11:2b:
                    0d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BB:D8:16:74:90:E9:C2:CA:8C:6E:B3:41:70:2B:CF:D2:78:7D:63
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/58699fff-50fe-46a7-8e85-38dbafe34c1b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         34:9b:0a:6c:fb:f7:c2:64:e5:a2:15:43:d3:f7:3d:20:10:35:
         ea:53:72:fa:ec:76:2c:57:c5:ae:0d:6f:c1:a3:5e:0b:48:cf:
         59:8d:9f:3b:ec:64:b7:98:61:dc:49:d0:68:cc:cc:cf:5c:95:
         2b:79:20:85:0f:ea:6e:dd:4c:9d:14:fa:b7:1d:02:63:69:16:
         db:49:fb:08:ae:90:50:ab:d2:b4:e5:51:66:b0:13:1c:1d:52:
         f6:a1:47:01:97:99:b9:85:a4:7a:66:59:40:cf:3c:3e:74:bd:
         09:09:30:34:f0:7b:7f:d8:48:75:eb:95:66:fb:7c:6a:6d:d7:
         8d:a6:00:49:53:23:5e:29:4e:86:f6:6a:23:9e:c6:22:da:9d:
         a9:08:f1:20:0b:c5:7a:8c:cd:c7:fa:8d:19:da:1c:04:2e:29:
         e6:1f:98:2f:44:bd:b7:1d:e3:37:b8:a6:bc:93:08:38:7f:35:
         67:4b:65:4e:64:2d:cc:6f:30:51:7c:83:96:00:c7:f9:dc:c5:
         e3:77:ec:cb:b0:4f:da:d8:ee:2c:0e:30:1a:8a:13:d0:96:4a:
         2a:ed:13:d1:30:61:13:17:de:18:df:69:f6:4b:35:33:e8:0a:
         bc:d1:27:14:4d:8b:ee:cd:f7:19:04:8a:c6:fd:54:c7:10:f9:
         07:2b:96:d4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYKryj86iCw+KuwwWTps83JY0m1AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDIwMDMwMjhaFw0yNTA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlYTZlNDRlZTUwMjU5YzIyODQ3M2FlZTRkYjZkZWFjNWQ4N2Y4NjU4NDE4
NWVkYjk3ZDc1ZGViNDc3ZTgxYTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMUdEeUgcZSa9h4VPo3b+/g+PZs0eVk0AHhE3bA3ZHIjU+A9yidfXwzBc14k
DxNzxGTPOq6JdgB/yExEPFnnjeG24eY2RAD0KFnuJCio3GRfOduPLKCJDc2dfvqE
w+UcvIXNR5/99KULP9I/5HyqPS1AkNDWdcBzyQF9CdMVkdYauvSk5BVB+1zuZOCS
fK1ZqOeeCjXfHtAlI/Mnx2gW61zfHxcFpIfNo9Jma7eYB4bWhypuZlPlX/hKxfNJ
DqVs0ijxLylIChiJ7yZ4u6MOG9ArwD7PJYCSJbonszlM5RzZDkLdbMQ876iDG3rH
yqLccSzQ4wUzzUnqOuDZ6hErDaUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSDu9gW
dJDpwsqMbrNBcCvP0nh9YzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTg2OTlmZmYtNTBmZS00NmE3LThlODUtMzhkYmFmZTM0YzFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G/g
MA0GCSqGSIb3DQEBCwUAA4IBAQA0mwps+/fCZOWiFUPT9z0gEDXqU3L67HYsV8Wu
DW/Bo14LSM9ZjZ877GS3mGHcSdBozMzPXJUreSCFD+pu3UydFPq3HQJjaRbbSfsI
rpBQq9K05VFmsBMcHVL2oUcBl5m5haR6ZllAzzw+dL0JCTA08Ht/2Eh165Vm+3xq
bdeNpgBJUyNeKU6G9mojnsYi2p2pCPEgC8V6jM3H+o0Z2hwELinmH5gvRL23HeM3
uKa8kwg4fzVnS2VOZC3MbzBRfIOWAMf53MXjd+zLsE/a2O4sDjAaihPQlkoq7RPR
MGETF94Y32n2SzUz6Aq80ScUTYvuzfcZBIrG/VTHEPkHK5bU
-----END CERTIFICATE-----