Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
File:                     90bd72ba-b30d-4433-a47e-e0543a4ea451.roa (raw, json)
Hash identifier:          NLIOf20zLfMRHz1+kgQ65O3+LyM3Q9CmY1MIa/wC98s=
Subject key identifier:   FE:89:A5:50:89:C3:8B:88:60:50:0B:11:D3:53:26:BB:F3:C6:55:C5
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       60E0B7C0A09965BA3ED26E39DD9B8A36B1B8ED98
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
Signing time:             Wed 05 Mar 2025 17:21:37 +0000
ROA not before:           Wed 05 Mar 2025 17:21:37 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:e0:b7:c0:a0:99:65:ba:3e:d2:6e:39:dd:9b:8a:36:b1:b8:ed:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:21:37 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:69:81:ad:8c:f1:30:b1:ed:31:82:83:1f:8f:
                    21:cb:d7:87:d7:da:5d:87:be:b3:57:50:4a:52:ac:
                    c1:07:56:0a:9d:46:3d:3c:00:9d:05:a4:6c:1d:8a:
                    87:9a:0d:bc:f4:cd:35:fa:c8:1e:4d:af:eb:60:ae:
                    5d:49:3f:e4:fc:88:bd:46:39:99:21:06:c1:1d:b4:
                    ca:ae:a2:52:01:c4:72:23:92:b2:34:17:49:eb:a7:
                    cf:72:be:7e:a8:c1:af:95:e0:62:8b:3e:bf:83:1f:
                    46:a3:54:f9:d9:95:f0:fd:99:01:2e:40:7c:19:e0:
                    96:3a:1e:33:d2:2f:ee:60:2b:76:54:08:3c:73:b5:
                    87:0e:9a:77:bd:b1:9c:b4:77:04:40:87:9a:5b:a2:
                    32:94:4f:5c:ef:62:f5:cb:52:f3:ba:50:68:3d:13:
                    f3:1b:12:e2:dd:e8:59:08:fb:82:b1:32:00:0f:3a:
                    01:86:36:d9:f4:69:04:df:e1:8b:ac:3c:60:c7:09:
                    32:b4:b7:8e:34:43:46:c8:a2:cd:1e:d3:b8:14:30:
                    57:f6:ac:f6:cf:37:aa:9c:20:40:17:d7:7c:d8:92:
                    34:ff:77:d1:be:2e:ef:81:2b:bc:2b:6d:2f:73:b8:
                    b7:63:fd:c4:f3:5b:64:71:16:06:a2:00:55:c0:b1:
                    01:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:89:A5:50:89:C3:8B:88:60:50:0B:11:D3:53:26:BB:F3:C6:55:C5
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         33:ef:2e:26:49:c9:db:47:c2:07:fa:e7:aa:13:c7:ef:9c:04:
         bb:23:95:87:36:7e:33:e0:87:06:6f:23:19:dc:be:95:6b:22:
         ac:0f:af:ee:1e:4f:01:9c:48:a0:55:80:51:ca:44:4c:57:cb:
         9f:df:22:03:7d:b7:05:b3:1a:5a:a4:23:15:d3:21:ac:71:be:
         5b:c2:f8:a4:c8:db:43:0e:3b:70:58:c7:94:69:a4:85:4a:24:
         fb:f6:57:08:36:1e:6e:99:21:c4:72:18:68:0f:2f:a8:a2:fb:
         70:e9:12:bd:03:62:f9:6b:23:ba:d4:58:bb:1a:da:2d:13:e1:
         48:b1:32:ab:05:f3:5b:dd:2e:a9:15:0c:22:21:49:a0:ee:9c:
         94:6c:5d:35:a8:fa:59:6c:21:9c:d6:27:ba:31:46:07:02:a7:
         8f:33:47:3b:66:c1:c7:76:f9:cc:e2:3e:09:26:bb:86:3d:93:
         58:8b:16:1f:8a:b1:99:8b:3e:35:91:70:c5:88:75:7c:30:7e:
         28:2b:d9:f8:f9:f7:7d:31:ec:ec:56:9e:83:a3:40:b8:e9:c6:
         cd:40:c8:1e:b8:97:aa:07:14:db:98:49:22:af:71:a9:00:46:
         93:64:9a:45:10:69:ce:96:c8:a0:6b:eb:a8:56:43:2b:da:7f:
         d4:53:56:17
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYOC3wKCZZbo+0m453ZuKNrG47ZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzIxMzdaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDJhZDg1M2VhOWRlYjA3MzU2ZmE3YjVmMWVhZWQ0Y2ZmYzc5MjVmMDAzYjQ2
MDAwNThkODZkNDNmZGIzOGM1M2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO1pga2M8TCx7TGCgx+PIcvXh9faXYe+s1dQSlKswQdWCp1GPTwAnQWkbB2K
h5oNvPTNNfrIHk2v62CuXUk/5PyIvUY5mSEGwR20yq6iUgHEciOSsjQXSeunz3K+
fqjBr5XgYos+v4MfRqNU+dmV8P2ZAS5AfBngljoeM9Iv7mArdlQIPHO1hw6ad72x
nLR3BECHmluiMpRPXO9i9ctS87pQaD0T8xsS4t3oWQj7grEyAA86AYY22fRpBN/h
i6w8YMcJMrS3jjRDRsiizR7TuBQwV/as9s83qpwgQBfXfNiSNP930b4u74ErvCtt
L3O4t2P9xPNbZHEWBqIAVcCxAd0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT+iaVQ
icOLiGBQCxHTUya788ZVxTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTBiZDcyYmEtYjMwZC00NDMzLWE0N2UtZTA1NDNhNGVhNDUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTg
MA0GCSqGSIb3DQEBCwUAA4IBAQAz7y4mScnbR8IH+ueqE8fvnAS7I5WHNn4z4IcG
byMZ3L6VayKsD6/uHk8BnEigVYBRykRMV8uf3yIDfbcFsxpapCMV0yGscb5bwvik
yNtDDjtwWMeUaaSFSiT79lcINh5umSHEchhoDy+oovtw6RK9A2L5ayO61Fi7Gtot
E+FIsTKrBfNb3S6pFQwiIUmg7pyUbF01qPpZbCGc1ie6MUYHAqePM0c7ZsHHdvnM
4j4JJruGPZNYixYfirGZiz41kXDFiHV8MH4oK9n4+fd9MezsVp6Do0C46cbNQMge
uJeqBxTbmEkir3GpAEaTZJpFEGnOlsiga+uoVkMr2n/UU1YX
-----END CERTIFICATE-----