Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/689f17ea-2ccc-4beb-bf91-0695da802222.roa
File:                     689f17ea-2ccc-4beb-bf91-0695da802222.roa (raw, json)
Hash identifier:          AEQ+XiW3SgjxH5Ctg11VGM9b5r/NXKPlYTpMLPaBspw=
Subject key identifier:   BB:0F:48:8D:F3:B2:17:45:1B:1C:55:72:46:51:33:A9:0C:98:15:44
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2C537BBEBEE4F13E40AEB171C8548F201BA905C9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/689f17ea-2ccc-4beb-bf91-0695da802222.roa
Signing time:             Fri 21 Mar 2025 15:00:16 +0000
ROA not before:           Fri 21 Mar 2025 15:00:16 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d030:1000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:53:7b:be:be:e4:f1:3e:40:ae:b1:71:c8:54:8f:20:1b:a9:05:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:00:16 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:65:6a:f0:43:1e:1f:f5:06:ab:2c:d8:44:34:
                    31:2d:ad:dc:40:ff:91:5f:c4:93:3f:8d:3b:db:38:
                    c8:89:4a:33:28:c2:69:52:e2:db:98:f9:88:b1:43:
                    db:d5:0c:f6:53:2a:33:2b:c8:13:f8:01:da:2d:ce:
                    a8:1a:04:f6:21:b4:6b:85:eb:67:1f:38:03:74:51:
                    e2:e6:33:4c:98:d1:1b:fa:dd:d5:f8:01:ce:00:9b:
                    f3:82:b2:c9:bd:df:9f:bb:c5:57:e8:58:1d:20:e7:
                    f2:20:a5:e7:84:64:c8:89:f6:b5:90:13:0f:9d:90:
                    eb:b8:13:3d:af:28:6a:2f:8c:1a:a6:8c:2a:3c:3f:
                    46:22:f4:07:69:2c:c0:da:a9:4c:8f:1f:da:48:72:
                    b7:5d:52:48:ef:9a:ee:6e:b7:6e:82:58:eb:b1:6b:
                    5e:01:fe:8b:86:0a:4d:48:de:ff:79:f7:28:cc:db:
                    32:db:57:2f:62:72:f9:aa:ba:18:ca:0f:a7:9e:9a:
                    8b:5b:aa:d6:00:af:f5:d6:a1:3d:71:82:10:47:1b:
                    08:37:e2:23:1f:7b:1d:f7:96:cc:cd:2a:18:bb:40:
                    41:e1:15:37:f6:25:78:88:46:f4:1e:8e:73:9a:e0:
                    92:b5:4a:d7:a0:4f:0e:ba:7c:57:aa:2d:6b:1c:0b:
                    5e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:0F:48:8D:F3:B2:17:45:1B:1C:55:72:46:51:33:A9:0C:98:15:44
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/689f17ea-2ccc-4beb-bf91-0695da802222.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         73:b2:c2:5f:77:e7:0c:54:b6:2c:d6:63:eb:a0:56:69:79:eb:
         8f:ef:0e:6b:fd:cd:f5:5b:50:b5:4d:e6:3d:4e:1d:03:1b:3a:
         0a:a8:16:5f:ac:ff:6c:d9:19:82:a7:c6:30:83:e5:1d:a5:66:
         1b:15:c0:76:c4:e6:b0:6c:d8:7c:a8:34:b1:54:7f:4b:97:d4:
         c2:39:2d:0f:44:28:a5:97:1d:18:46:c5:c3:0d:96:b4:d2:b2:
         ed:5f:70:8a:e0:26:ce:af:bc:01:32:e8:ec:c4:ce:fc:a3:f6:
         a2:55:95:fe:80:d9:c4:0c:7b:88:90:32:17:4b:28:e3:f2:61:
         ef:02:ed:d6:4c:c9:43:4c:4f:c2:c4:6e:c1:3d:64:12:96:9a:
         60:cb:83:58:7a:55:ff:be:6e:09:98:ab:69:5e:9b:67:01:02:
         c5:f2:69:d4:d1:c4:1f:7a:12:fe:0a:55:1d:ba:a1:e2:16:4d:
         23:14:e9:2d:dd:07:81:1a:de:61:0d:c3:13:85:45:5a:91:95:
         b2:ff:a3:50:db:b5:fa:6c:7b:f7:c7:5d:7f:f7:9c:ac:f1:b1:
         e5:a0:b4:89:3e:3f:f3:27:fb:3c:54:c8:25:14:da:79:82:7b:
         a5:52:42:92:ba:99:f5:61:e8:a0:38:88:4a:8e:42:4f:45:ea:
         ef:d8:28:dc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULFN7vr7k8T5ArrFxyFSPIBupBckwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAwMTZaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3ODIxOGJlNzBlYzYzMWQ4NDZkYmRjMGNlOGYyODlhYmE1ZjNhODcyZmIw
ZWMxZTI5ZWQ5NDJlMmNiNmM0YWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOJlavBDHh/1Bqss2EQ0MS2t3ED/kV/Ekz+NO9s4yIlKMyjCaVLi25j5iLFD
29UM9lMqMyvIE/gB2i3OqBoE9iG0a4XrZx84A3RR4uYzTJjRG/rd1fgBzgCb84Ky
yb3fn7vFV+hYHSDn8iCl54RkyIn2tZATD52Q67gTPa8oai+MGqaMKjw/RiL0B2ks
wNqpTI8f2khyt11SSO+a7m63boJY67FrXgH+i4YKTUje/3n3KMzbMttXL2Jy+aq6
GMoPp56ai1uq1gCv9dahPXGCEEcbCDfiIx97HfeWzM0qGLtAQeEVN/YleIhG9B6O
c5rgkrVK16BPDrp8V6otaxwLXtkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS7D0iN
87IXRRscVXJGUTOpDJgVRDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Njg5ZjE3ZWEtMmNjYy00YmViLWJmOTEtMDY5NWRhODAyMjIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBzssJfd+cMVLYs1mProFZpeeuP7w5r/c31W1C1
TeY9Th0DGzoKqBZfrP9s2RmCp8Ywg+UdpWYbFcB2xOawbNh8qDSxVH9Ll9TCOS0P
RCillx0YRsXDDZa00rLtX3CK4CbOr7wBMujsxM78o/aiVZX+gNnEDHuIkDIXSyjj
8mHvAu3WTMlDTE/CxG7BPWQSlppgy4NYelX/vm4JmKtpXptnAQLF8mnU0cQfehL+
ClUduqHiFk0jFOkt3QeBGt5hDcMThUVakZWy/6NQ27X6bHv3x11/95ys8bHloLSJ
Pj/zJ/s8VMglFNp5gnulUkKSupn1YeigOIhKjkJPRerv2Cjc
-----END CERTIFICATE-----