Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a1ea1f2-685a-4073-b22a-0a37f133b9dc.roa
File:                     7a1ea1f2-685a-4073-b22a-0a37f133b9dc.roa (raw, json)
Hash identifier:          fRfgtHH9WW7YPaIPsITuEYe0Ht9kIW1/vKqvyBzBl5A=
Subject key identifier:   6E:63:5A:F6:2C:1E:85:BA:3F:69:19:D5:D3:1E:F1:A4:75:92:2E:BC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       09E46506F97860ABB095CB62D26EDCAFFBF814F3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a1ea1f2-685a-4073-b22a-0a37f133b9dc.roa
Signing time:             Fri 21 Mar 2025 15:10:11 +0000
ROA not before:           Fri 21 Mar 2025 15:10:11 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d030:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:e4:65:06:f9:78:60:ab:b0:95:cb:62:d2:6e:dc:af:fb:f8:14:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:10:11 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:be:8c:13:8a:1f:45:db:10:b3:7b:89:c6:04:
                    70:3d:76:c0:45:b4:19:f8:d9:07:7f:5d:4f:cc:42:
                    e2:12:a8:8a:ce:15:79:34:7b:4b:62:5c:4c:5c:97:
                    fd:3a:1c:b5:ac:11:6c:c2:fa:d1:73:c2:88:f4:9f:
                    7b:a4:f8:f2:1d:00:9f:87:a4:28:ac:f1:4d:d0:62:
                    0c:32:41:fa:a1:ee:ba:07:05:e4:5e:8c:21:71:e8:
                    85:f2:06:d7:0b:06:69:b7:70:e7:0d:9a:59:84:23:
                    07:8e:68:56:99:1e:63:35:d7:5c:54:f4:07:e9:05:
                    0d:8f:fd:f1:08:5e:b6:39:b2:42:b7:ba:12:7c:52:
                    e6:0c:a3:d7:45:b9:78:53:de:37:2d:91:a4:ff:ee:
                    f3:0a:68:54:59:e4:65:cf:72:94:16:dc:a6:65:a1:
                    9e:a2:0f:26:24:9f:68:cf:8c:c8:9d:d1:18:f6:d7:
                    ec:6d:0a:25:85:64:05:ee:36:61:98:a0:50:b0:00:
                    bd:38:cb:e6:13:0d:b5:2d:51:80:17:32:4f:90:11:
                    09:5c:70:1b:16:cc:4a:0b:91:38:d0:07:af:4d:8a:
                    1c:46:98:d1:a6:4d:c2:28:bc:f9:90:39:94:36:53:
                    5c:8d:f9:8e:1b:23:99:60:ca:7b:64:ef:9a:2c:1c:
                    00:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:63:5A:F6:2C:1E:85:BA:3F:69:19:D5:D3:1E:F1:A4:75:92:2E:BC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a1ea1f2-685a-4073-b22a-0a37f133b9dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         20:46:7f:60:ce:20:9a:60:17:f9:18:49:15:4e:78:bb:fe:01:
         ac:f3:dd:a3:dc:51:96:94:d3:70:c9:68:84:2b:2f:1c:7a:7a:
         ac:ca:31:5b:90:e0:b2:66:88:1d:a3:21:b5:93:83:be:fb:57:
         de:95:ec:40:3a:09:08:c8:d2:80:4a:cc:e2:f7:7e:b7:7c:51:
         44:07:75:3d:f2:73:10:54:bf:40:e7:3b:46:b9:64:49:94:49:
         c5:3f:f0:d5:dd:36:e3:db:12:80:9d:9e:8f:ff:06:a3:a3:f3:
         99:59:02:5d:0d:98:cb:17:eb:a0:ae:a9:5a:57:e9:e7:17:47:
         40:f5:4f:8f:c4:24:9f:ee:18:1d:31:9b:5f:7f:6f:70:86:57:
         59:7c:cd:60:af:fe:c3:6a:f5:bd:0b:21:9f:b6:ac:8e:64:8e:
         a2:67:97:7b:1d:71:ad:38:b1:fb:18:28:a4:ea:2e:c7:27:38:
         41:78:a2:29:87:a8:0b:1b:be:d4:25:38:5a:1d:4b:2f:fb:6b:
         1b:fd:e4:d5:9d:92:62:8f:40:e8:2b:fe:9a:ce:41:88:62:c9:
         c5:2d:74:7a:ff:f7:d4:12:ba:3b:3a:36:2f:92:6e:18:c0:8c:
         7c:29:58:a5:98:6e:07:85:d9:dc:18:b5:88:81:3d:1a:33:08:
         87:b2:47:63
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCeRlBvl4YKuwlcti0m7cr/v4FPMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTEwMTFaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg0MjY1MjA4MzEzNTcwY2VhMTkxMDlmMDEyZGQzY2NkM2FjYzJkNjJiZDU5
NzIzODllZGEwYzM5YmVhODk1ZWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANG+jBOKH0XbELN7icYEcD12wEW0GfjZB39dT8xC4hKois4VeTR7S2JcTFyX
/ToctawRbML60XPCiPSfe6T48h0An4ekKKzxTdBiDDJB+qHuugcF5F6MIXHohfIG
1wsGabdw5w2aWYQjB45oVpkeYzXXXFT0B+kFDY/98QhetjmyQre6EnxS5gyj10W5
eFPeNy2RpP/u8wpoVFnkZc9ylBbcpmWhnqIPJiSfaM+MyJ3RGPbX7G0KJYVkBe42
YZigULAAvTjL5hMNtS1RgBcyT5ARCVxwGxbMSguRONAHr02KHEaY0aZNwii8+ZA5
lDZTXI35jhsjmWDKe2TvmiwcAK8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRuY1r2
LB6Fuj9pGdXTHvGkdZIuvDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2ExZWExZjItNjg1YS00MDczLWIyMmEtMGEzN2YxMzNiOWRjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAgRn9gziCaYBf5GEkVTni7/gGs892j3FGWlNNw
yWiEKy8cenqsyjFbkOCyZogdoyG1k4O++1felexAOgkIyNKASszi9363fFFEB3U9
8nMQVL9A5ztGuWRJlEnFP/DV3Tbj2xKAnZ6P/wajo/OZWQJdDZjLF+ugrqlaV+nn
F0dA9U+PxCSf7hgdMZtff29whldZfM1gr/7DavW9CyGftqyOZI6iZ5d7HXGtOLH7
GCik6i7HJzhBeKIph6gLG77UJThaHUsv+2sb/eTVnZJij0DoK/6azkGIYsnFLXR6
//fUEro7OjYvkm4YwIx8KVilmG4HhdncGLWIgT0aMwiHskdj
-----END CERTIFICATE-----