Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bb21710a-a37a-4476-ab6b-3d079e9d1cc9.roa
File:                     bb21710a-a37a-4476-ab6b-3d079e9d1cc9.roa (raw, json)
Hash identifier:          8MH1tgaqUr1Afcmet6vqgS+DRzJwFNeW/ORKSSh93TA=
Subject key identifier:   76:6F:2B:0F:66:67:55:E8:1A:B8:D9:C5:09:8F:C4:CE:B2:8D:31:09
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4BFB6820392F186D6A0B831E165A9F62BACF134D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bb21710a-a37a-4476-ab6b-3d079e9d1cc9.roa
Signing time:             Wed 05 Mar 2025 17:32:02 +0000
ROA not before:           Wed 05 Mar 2025 17:32:02 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:fb:68:20:39:2f:18:6d:6a:0b:83:1e:16:5a:9f:62:ba:cf:13:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:32:02 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:24:40:c9:b3:74:5b:ef:a4:54:1e:75:db:34:
                    17:2a:74:d1:b3:1a:9d:1a:9e:fb:a4:a2:72:c2:87:
                    1a:84:48:19:92:2b:65:5b:63:e1:e3:f8:3b:eb:4d:
                    e0:43:3b:4b:d4:b3:75:78:c0:34:d7:fc:41:a1:16:
                    14:90:5b:2e:fe:f5:1f:0e:a3:e1:f3:57:cc:03:7e:
                    04:f8:39:85:75:e2:48:c6:a6:4e:a9:1a:a7:9f:5a:
                    fb:c0:d9:07:0d:55:54:c2:e8:31:c7:5e:49:41:0d:
                    51:0f:f4:1c:35:47:69:4b:24:ca:20:23:57:69:0e:
                    fc:da:79:e2:cc:bf:67:f6:b1:97:4b:89:42:11:e8:
                    cf:3f:b6:49:11:57:d8:e0:d3:6a:ea:ef:5c:2d:e2:
                    af:f2:83:98:e1:5b:9b:37:92:6c:9f:e1:f7:c9:24:
                    7d:23:d2:84:4f:8a:05:de:5c:41:1c:0d:d8:e2:12:
                    a5:de:13:18:f5:a8:bf:81:24:49:20:0f:81:f8:ae:
                    f2:07:ce:ba:e4:5f:9c:e1:b5:a8:bd:cb:5a:f2:c2:
                    23:e3:52:a4:a7:34:de:ae:8d:c9:3e:44:42:bf:71:
                    c1:1d:e3:14:a1:fe:34:90:d7:8d:3a:23:3b:1a:89:
                    d4:aa:74:b4:57:02:14:4f:d6:f2:2e:e2:92:56:d0:
                    ff:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:6F:2B:0F:66:67:55:E8:1A:B8:D9:C5:09:8F:C4:CE:B2:8D:31:09
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bb21710a-a37a-4476-ab6b-3d079e9d1cc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:b9:22:bb:63:52:eb:d7:8a:ad:db:8f:39:4f:2d:94:ec:f7:
         43:32:99:98:11:6f:f6:62:af:8f:38:89:43:30:55:36:db:52:
         0a:ec:4d:88:ad:66:ba:ee:34:ab:a6:3c:7f:d2:24:41:90:ed:
         d5:c9:b6:50:cd:53:89:7e:6a:48:11:99:d0:2c:aa:06:69:65:
         9b:d0:07:d9:33:f4:08:a5:bc:df:21:5b:21:96:5b:7f:2e:a1:
         69:42:e6:e5:2e:82:60:00:d2:a8:36:14:d5:86:31:5e:79:17:
         1f:2e:8c:84:df:76:7b:36:d1:57:4b:7d:89:e5:e2:9d:9b:9c:
         50:81:9b:99:a2:f8:5a:20:56:dd:fc:c3:a9:34:10:d2:f8:cc:
         ff:f5:06:44:e4:29:ff:9d:13:34:26:1c:ef:d0:10:68:7a:3c:
         27:70:ac:e1:6e:4e:80:f2:62:e9:af:4c:c3:d7:9a:b6:a0:a5:
         60:e9:2f:9d:bb:8c:98:af:b7:a5:0d:b1:8c:a7:bc:32:5f:98:
         83:4a:66:25:78:33:e8:17:7b:06:40:df:5e:85:82:e9:37:a1:
         44:56:43:88:13:42:28:63:b6:1f:05:30:74:05:b5:c7:e8:ef:
         7d:62:06:c4:e1:f2:96:df:41:90:48:48:83:e0:02:4c:de:4c:
         1d:4a:e6:f6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUS/toIDkvGG1qC4MeFlqfYrrPE00wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzMyMDJaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDc2OWNmN2NhOGVlYTYxNzAwMGM4Mzc0YjVlYmM1NmJmMTQxMDE5YTRiMmI5
YTI4YTZmY2Q3OGFlOTkxZWJiZjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJMkQMmzdFvvpFQedds0Fyp00bManRqe+6SicsKHGoRIGZIrZVtj4eP4O+tN
4EM7S9SzdXjANNf8QaEWFJBbLv71Hw6j4fNXzAN+BPg5hXXiSMamTqkap59a+8DZ
Bw1VVMLoMcdeSUENUQ/0HDVHaUskyiAjV2kO/Np54sy/Z/axl0uJQhHozz+2SRFX
2ODTaurvXC3ir/KDmOFbmzeSbJ/h98kkfSPShE+KBd5cQRwN2OISpd4TGPWov4Ek
SSAPgfiu8gfOuuRfnOG1qL3LWvLCI+NSpKc03q6NyT5EQr9xwR3jFKH+NJDXjToj
OxqJ1Kp0tFcCFE/W8i7iklbQ/4cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR2bysP
ZmdV6Bq42cUJj8TOso0xCTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmIyMTcxMGEtYTM3YS00NDc2LWFiNmItM2QwNzllOWQxY2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H5A
MA0GCSqGSIb3DQEBCwUAA4IBAQDCuSK7Y1Lr14qt2485Ty2U7PdDMpmYEW/2Yq+P
OIlDMFU221IK7E2IrWa67jSrpjx/0iRBkO3VybZQzVOJfmpIEZnQLKoGaWWb0AfZ
M/QIpbzfIVshllt/LqFpQublLoJgANKoNhTVhjFeeRcfLoyE33Z7NtFXS32J5eKd
m5xQgZuZovhaIFbd/MOpNBDS+Mz/9QZE5Cn/nRM0Jhzv0BBoejwncKzhbk6A8mLp
r0zD15q2oKVg6S+du4yYr7elDbGMp7wyX5iDSmYleDPoF3sGQN9ehYLpN6FEVkOI
E0IoY7YfBTB0BbXH6O99YgbE4fKW30GQSEiD4AJM3kwdSub2
-----END CERTIFICATE-----