Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fd329ab5-ae5c-4b68-a4c6-b82f6ea29dd6.roa
File:                     fd329ab5-ae5c-4b68-a4c6-b82f6ea29dd6.roa (raw, json)
Hash identifier:          hjWHz/VeNhjAaieVE7uUo9c1/uhSQsVapIsSvknhpwc=
Subject key identifier:   95:B6:50:62:BB:E6:BE:DB:84:BD:79:7D:44:1E:A0:AE:B3:83:75:98
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1AC8A0DC0F73A776E5E58622FD7B6EECCC6428E7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fd329ab5-ae5c-4b68-a4c6-b82f6ea29dd6.roa
Signing time:             Wed 02 Apr 2025 00:30:35 +0000
ROA not before:           Wed 02 Apr 2025 00:30:35 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d06f:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:c8:a0:dc:0f:73:a7:76:e5:e5:86:22:fd:7b:6e:ec:cc:64:28:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  2 00:30:35 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:87:be:7e:1a:64:6b:da:13:dd:bf:a9:c2:9f:
                    30:6c:f8:7e:4c:44:03:76:9b:c0:01:19:56:ec:62:
                    d6:1b:ad:f8:80:51:46:3c:24:54:5b:1e:57:38:4a:
                    47:5e:65:f4:87:81:ff:82:49:4a:e0:62:56:6b:d3:
                    d9:77:96:78:52:39:dd:84:9f:fc:69:d1:21:f4:d5:
                    3d:cf:03:ec:ff:0a:79:34:0a:a5:a8:a5:b1:1b:4a:
                    48:c2:6b:36:d0:90:79:cd:36:6c:46:f8:22:cb:3d:
                    2f:cc:a6:cb:9c:f7:a1:e3:f7:54:76:3d:4d:4e:22:
                    11:e2:ce:f3:91:7c:71:e7:e0:88:bc:0d:6f:c4:51:
                    7e:15:22:87:3f:8f:16:4e:52:91:16:34:ac:f2:84:
                    3c:52:ba:aa:b2:79:59:14:70:86:ac:12:b3:44:31:
                    7e:29:33:dc:11:29:1a:b9:a4:0e:66:a2:8c:01:2f:
                    fa:56:c0:6f:21:2d:2e:77:32:f8:4e:44:d3:39:f0:
                    df:9e:bf:9e:14:60:ab:12:4a:31:b6:53:ab:be:12:
                    41:8d:5d:23:52:21:41:a9:24:42:bb:17:e8:fa:32:
                    2b:9c:e7:cd:ae:3a:7b:3e:9e:c3:76:57:ec:b4:51:
                    39:87:ae:96:91:0f:e8:30:2d:eb:79:54:24:40:c6:
                    5f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B6:50:62:BB:E6:BE:DB:84:BD:79:7D:44:1E:A0:AE:B3:83:75:98
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fd329ab5-ae5c-4b68-a4c6-b82f6ea29dd6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8e:9a:48:73:34:af:17:01:f6:a3:1e:c9:ac:60:4a:54:fb:2c:
         b2:1f:5b:18:8a:1b:e7:a9:4a:8f:5b:f5:54:97:9c:b4:1a:0f:
         7e:d3:06:86:86:fa:a9:04:9a:f9:3e:3f:c7:f9:b0:a6:a2:03:
         96:b7:79:66:e9:00:75:9c:60:cd:08:9d:7d:40:ce:90:59:42:
         c8:a0:d8:20:e8:8c:a9:cb:a6:34:fb:68:f5:82:95:bb:f9:bf:
         c2:67:d8:25:8a:04:59:89:e9:e8:18:c3:b9:1e:a4:89:96:63:
         18:79:e0:45:ea:cc:7e:b8:22:b9:26:51:a5:9d:c6:c1:02:fe:
         76:97:da:2c:75:18:94:23:2c:31:12:6a:93:09:11:5d:64:4d:
         f6:00:cb:dd:27:e1:f6:72:ec:ce:63:b1:9f:16:2c:e7:6c:77:
         a1:7d:f7:78:1e:c5:6a:3a:b6:93:58:08:0e:90:9b:45:d0:0b:
         fe:8c:15:77:7a:74:8e:5e:4c:2b:97:34:15:0b:3a:f9:4e:9e:
         2c:16:5b:2d:46:12:c6:d3:13:7b:fd:80:f2:d5:91:3f:44:a5:
         0f:71:a8:64:80:15:2e:76:70:1d:44:30:4e:3a:b8:fe:4f:11:
         db:9d:f5:1e:2e:36:12:68:c5:4f:e6:6c:ea:a9:85:88:2f:aa:
         13:ee:b4:7a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGsig3A9zp3bl5YYi/Xtu7MxkKOcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDIwMDMwMzVaFw0yNTA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0MzE2NTY0YjY4OTA3ODFkMzJmOTQzYmZkNzE4N2FiZjZlYjE2ZGI0NGM5
MDFmZjU3NzFiNGI2YTkyYjZjYTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMmHvn4aZGvaE92/qcKfMGz4fkxEA3abwAEZVuxi1hut+IBRRjwkVFseVzhK
R15l9IeB/4JJSuBiVmvT2XeWeFI53YSf/GnRIfTVPc8D7P8KeTQKpailsRtKSMJr
NtCQec02bEb4Iss9L8ymy5z3oeP3VHY9TU4iEeLO85F8cefgiLwNb8RRfhUihz+P
Fk5SkRY0rPKEPFK6qrJ5WRRwhqwSs0Qxfikz3BEpGrmkDmaijAEv+lbAbyEtLncy
+E5E0znw356/nhRgqxJKMbZTq74SQY1dI1IhQakkQrsX6PoyK5znza46ez6ew3ZX
7LRROYeulpEP6DAt63lUJEDGX48CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSVtlBi
u+a+24S9eX1EHqCus4N1mDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmQzMjlhYjUtYWU1Yy00YjY4LWE0YzYtYjgyZjZlYTI5ZGQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCOmkhzNK8XAfajHsmsYEpU+yyyH1sYihvnqUqP
W/VUl5y0Gg9+0waGhvqpBJr5Pj/H+bCmogOWt3lm6QB1nGDNCJ19QM6QWULIoNgg
6Iypy6Y0+2j1gpW7+b/CZ9gligRZienoGMO5HqSJlmMYeeBF6sx+uCK5JlGlncbB
Av52l9osdRiUIywxEmqTCRFdZE32AMvdJ+H2cuzOY7GfFiznbHehffd4HsVqOraT
WAgOkJtF0Av+jBV3enSOXkwrlzQVCzr5Tp4sFlstRhLG0xN7/YDy1ZE/RKUPcahk
gBUudnAdRDBOOrj+TxHbnfUeLjYSaMVP5mzqqYWIL6oT7rR6
-----END CERTIFICATE-----