Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b67c662a-6e73-47c9-9455-74ad9ce3cdb3.roa
File:                     b67c662a-6e73-47c9-9455-74ad9ce3cdb3.roa (raw, json)
Hash identifier:          l7NaJVReH/Nx+dvNFkOu2PBhnB00OP0D885MUndz0v8=
Subject key identifier:   1F:AA:74:8D:10:F7:06:ED:26:C3:90:8B:6F:AB:55:B9:20:2F:B9:CF
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3D8F28413D3E4088C183DF0EB6F3955D14166AEF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b67c662a-6e73-47c9-9455-74ad9ce3cdb3.roa
Signing time:             Wed 19 Feb 2025 00:30:47 +0000
ROA not before:           Wed 19 Feb 2025 00:30:47 +0000
ROA not after:            Wed 26 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d032:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:8f:28:41:3d:3e:40:88:c1:83:df:0e:b6:f3:95:5d:14:16:6a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb 19 00:30:47 2025 GMT
            Not After : Mar 26 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:bb:12:a3:06:8b:cb:40:51:d9:19:1b:ad:df:
                    a3:67:5f:a0:d7:22:93:7e:e6:7d:5d:94:30:48:de:
                    d1:09:63:93:65:46:f2:e8:6e:7b:96:6c:29:da:cd:
                    56:88:0e:72:b4:fb:ca:e3:ba:0d:2a:6a:6b:96:30:
                    b6:a9:bd:88:8b:86:cf:10:09:25:53:e9:9e:88:70:
                    91:29:8f:f5:3d:8c:e6:46:97:39:c8:b4:e4:11:92:
                    40:57:c8:18:e8:be:cf:a2:9b:4d:ea:7c:56:67:f2:
                    49:5a:cb:c8:26:be:fd:7d:4d:fc:7b:b1:42:db:75:
                    d3:e5:7f:02:1c:33:41:dc:a8:7c:3d:3a:58:96:74:
                    fb:9a:e0:69:f6:77:4e:98:61:67:fa:03:e6:db:b5:
                    47:27:18:97:13:03:f5:01:62:10:66:9d:aa:b8:c8:
                    a3:54:ba:53:e2:42:75:46:ca:72:4d:83:f5:a1:b2:
                    61:6e:59:17:46:9f:07:03:1c:a7:9a:07:21:7b:d5:
                    4b:10:9b:bb:ac:d1:e7:15:ca:84:22:db:14:b0:99:
                    15:bf:6f:45:bb:f4:9f:eb:c1:cd:f1:61:7f:93:3b:
                    3a:fd:df:94:3f:3c:2c:9e:cf:28:c8:a3:c0:b5:67:
                    46:42:67:c6:45:b4:3d:63:1e:96:b0:df:82:81:97:
                    50:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AA:74:8D:10:F7:06:ED:26:C3:90:8B:6F:AB:55:B9:20:2F:B9:CF
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b67c662a-6e73-47c9-9455-74ad9ce3cdb3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d032:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ae:45:47:7e:76:a8:88:bd:a3:2b:d9:3e:62:27:56:14:ed:c0:
         ee:85:a4:22:a5:b3:ee:ff:7b:a4:11:1c:d2:bd:6c:71:90:6b:
         00:3a:0c:4c:c7:0e:e6:8b:01:96:d0:d5:9e:64:e5:6b:34:ad:
         2c:5c:6a:db:32:b0:90:e4:5b:8e:aa:3a:20:ef:37:f2:15:33:
         6f:9e:70:be:7b:3d:ad:f8:79:3b:13:93:35:eb:ae:eb:ef:10:
         24:6f:da:86:85:f1:39:52:99:ca:7b:98:f4:b7:e0:9a:f4:9c:
         5d:4f:28:e4:2c:31:3d:2c:34:06:95:e6:ad:80:88:66:db:ce:
         82:b4:48:2e:3a:31:d2:d8:a8:51:36:28:d7:8a:7c:ab:26:f1:
         54:8a:41:2c:bb:de:9f:83:bf:3c:51:ca:22:2b:b2:b6:8c:b8:
         72:f8:e5:c6:c7:56:37:ca:da:d7:01:de:43:12:45:b6:54:be:
         9e:09:18:91:fa:a1:22:1b:6e:ba:d9:9a:12:ea:8b:be:10:51:
         7a:ff:ad:a8:6b:46:2d:15:0c:5b:77:77:26:83:ca:19:24:5b:
         1f:9c:02:f0:cb:77:03:1e:be:74:a1:1e:6d:8e:f4:a2:3c:61:
         56:0b:02:28:a6:28:72:71:61:1d:d0:f9:db:be:0d:1a:76:ba:
         2e:4a:59:27
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPY8oQT0+QIjBg98OtvOVXRQWau8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMTkwMDMwNDdaFw0yNTAzMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQGZkYzgxMGFkY2UwOWRkN2E3NDhiY2ZiOWZlNjU0MDFiYTMxNDY2MzFjYzY3
ZmY4NTYwZTg1ZGRlOTNkNTUxNjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJu7EqMGi8tAUdkZG63fo2dfoNcik37mfV2UMEje0Qljk2VG8uhue5ZsKdrN
VogOcrT7yuO6DSpqa5Ywtqm9iIuGzxAJJVPpnohwkSmP9T2M5kaXOci05BGSQFfI
GOi+z6KbTep8VmfySVrLyCa+/X1N/HuxQtt10+V/AhwzQdyofD06WJZ0+5rgafZ3
TphhZ/oD5tu1RycYlxMD9QFiEGadqrjIo1S6U+JCdUbKck2D9aGyYW5ZF0afBwMc
p5oHIXvVSxCbu6zR5xXKhCLbFLCZFb9vRbv0n+vBzfFhf5M7Ov3flD88LJ7PKMij
wLVnRkJnxkW0PWMelrDfgoGXUM8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQfqnSN
EPcG7SbDkItvq1W5IC+5zzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjY3YzY2MmEtNmU3My00N2M5LTk0NTUtNzRhZDljZTNjZGIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DKA
MA0GCSqGSIb3DQEBCwUAA4IBAQCuRUd+dqiIvaMr2T5iJ1YU7cDuhaQipbPu/3uk
ERzSvWxxkGsAOgxMxw7miwGW0NWeZOVrNK0sXGrbMrCQ5FuOqjog7zfyFTNvnnC+
ez2t+Hk7E5M1667r7xAkb9qGhfE5UpnKe5j0t+Ca9JxdTyjkLDE9LDQGleatgIhm
286CtEguOjHS2KhRNijXinyrJvFUikEsu96fg788UcoiK7K2jLhy+OXGx1Y3ytrX
Ad5DEkW2VL6eCRiR+qEiG2662ZoS6ou+EFF6/62oa0YtFQxbd3cmg8oZJFsfnALw
y3cDHr50oR5tjvSiPGFWCwIopihycWEd0Pnbvg0adrouSlkn
-----END CERTIFICATE-----