Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec4786d-f73f-4e64-99a3-0377bdf5c566.roa
File:                     fec4786d-f73f-4e64-99a3-0377bdf5c566.roa (raw, json)
Hash identifier:          qLPuMHh9+bknbVCVdGZalb0GezbDhQPvX7Yc9EX2xBY=
Subject key identifier:   7C:ED:09:AD:27:80:1A:31:7A:B7:95:44:30:9A:A5:DA:9F:1C:EF:9D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       451E3682AB34A253BFA43507BCB87B0BDD59481F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec4786d-f73f-4e64-99a3-0377bdf5c566.roa
Signing time:             Wed 05 Mar 2025 17:50:22 +0000
ROA not before:           Wed 05 Mar 2025 17:50:22 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d02e::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:1e:36:82:ab:34:a2:53:bf:a4:35:07:bc:b8:7b:0b:dd:59:48:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:50:22 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ea:a2:2d:0c:63:16:0a:f5:0d:ed:71:12:ef:
                    29:b6:46:b6:c1:01:74:24:2d:d3:cd:c4:64:d7:3b:
                    36:7d:5a:ed:7d:5c:d5:1e:9d:97:95:0e:ac:c6:3c:
                    50:17:3b:94:a6:e5:67:3a:8b:79:f7:1e:ca:56:ce:
                    63:bf:be:17:93:38:c2:77:f5:16:89:c4:de:d6:00:
                    dc:4b:f3:62:59:55:f0:e2:e6:d8:ec:66:92:63:35:
                    c6:7e:53:91:82:71:e4:1a:37:48:c9:f9:ae:67:77:
                    93:41:42:a8:6f:6c:3c:78:77:4b:77:45:76:7d:da:
                    1b:a1:64:d8:61:dc:8d:31:85:5a:a3:f2:9e:f4:08:
                    98:92:80:b1:ac:e5:e1:1a:89:8e:3b:38:6f:db:6c:
                    64:3e:57:17:e2:eb:b7:b2:11:86:bd:ec:7e:08:1e:
                    05:c1:a7:67:89:52:b6:29:2a:a2:89:02:c4:e6:3e:
                    e4:4c:e9:79:b4:1d:9e:f7:c8:f4:44:70:d1:88:6b:
                    1f:86:f1:ec:de:fb:b7:35:9a:0f:d5:f2:0b:d2:7b:
                    5d:7e:4b:54:95:95:36:e6:69:89:92:69:3f:d5:77:
                    8b:f3:a1:84:60:07:62:ee:eb:a6:ae:08:0d:53:bf:
                    f1:85:f4:db:dd:6f:74:ca:1c:20:48:e2:fd:d5:cb:
                    c7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:ED:09:AD:27:80:1A:31:7A:B7:95:44:30:9A:A5:DA:9F:1C:EF:9D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec4786d-f73f-4e64-99a3-0377bdf5c566.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d02e::/36

    Signature Algorithm: sha256WithRSAEncryption
         12:e4:d7:4e:2c:69:f6:a7:84:3c:c7:20:74:f5:3d:c6:ef:19:
         17:c4:f5:08:78:82:b0:46:ce:69:c0:aa:b8:29:18:76:34:21:
         f0:3e:d4:19:9e:09:07:c3:39:22:df:03:7c:b7:5c:77:e0:c1:
         d2:fb:4f:cb:5c:5e:f3:5c:c9:06:87:ce:18:1a:55:33:8d:96:
         d4:4b:24:5b:4c:a0:76:53:76:40:8f:4a:ed:cf:73:08:e8:d1:
         f2:79:fe:8b:29:88:ba:b3:da:23:ab:f5:d2:0f:b7:a1:93:6d:
         62:4c:e9:72:ad:d6:a4:ac:29:39:2a:5e:89:e0:eb:ff:00:27:
         a5:84:3b:e1:94:81:b3:ac:0d:15:2d:1c:9c:21:0b:3f:4e:28:
         e0:61:ab:bc:ca:e3:f2:d5:b3:83:f7:c2:9e:d4:a2:5f:b2:e8:
         ea:85:52:3b:80:5a:4f:b1:2f:f0:13:ad:c9:7b:c0:2f:1c:7f:
         2a:57:18:05:d6:f2:0d:9a:80:a5:83:57:50:a8:3a:88:17:8b:
         2e:2e:83:97:36:08:19:6f:84:e4:02:e0:41:89:00:d6:eb:f0:
         ba:72:4e:40:23:e4:27:5b:ba:7d:40:4b:b2:28:52:0f:04:39:
         fd:b3:71:56:b6:0e:6c:2a:0c:f8:66:42:c7:22:f5:8c:7c:68:
         51:a2:cd:68
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURR42gqs0olO/pDUHvLh7C91ZSB8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzUwMjJaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGFjNDIxNGViZWMwYTUxNmMxNjY3ODA3ZGY3YWJlY2M0ZmVjYWUzNDNmNDE4
MjY3MWJlYzJjM2EyMjJmNDJhMjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJzqoi0MYxYK9Q3tcRLvKbZGtsEBdCQt083EZNc7Nn1a7X1c1R6dl5UOrMY8
UBc7lKblZzqLefceylbOY7++F5M4wnf1FonE3tYA3EvzYllV8OLm2OxmkmM1xn5T
kYJx5Bo3SMn5rmd3k0FCqG9sPHh3S3dFdn3aG6Fk2GHcjTGFWqPynvQImJKAsazl
4RqJjjs4b9tsZD5XF+Lrt7IRhr3sfggeBcGnZ4lStikqookCxOY+5EzpebQdnvfI
9ERw0YhrH4bx7N77tzWaD9XyC9J7XX5LVJWVNuZpiZJpP9V3i/OhhGAHYu7rpq4I
DVO/8YX0291vdMocIEji/dXLx8cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR87Qmt
J4AaMXq3lUQwmqXanxzvnTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmVjNDc4NmQtZjczZi00ZTY0LTk5YTMtMDM3N2JkZjVjNTY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0C4A
MA0GCSqGSIb3DQEBCwUAA4IBAQAS5NdOLGn2p4Q8xyB09T3G7xkXxPUIeIKwRs5p
wKq4KRh2NCHwPtQZngkHwzki3wN8t1x34MHS+0/LXF7zXMkGh84YGlUzjZbUSyRb
TKB2U3ZAj0rtz3MI6NHyef6LKYi6s9ojq/XSD7ehk21iTOlyrdakrCk5Kl6J4Ov/
ACelhDvhlIGzrA0VLRycIQs/TijgYau8yuPy1bOD98Ke1KJfsujqhVI7gFpPsS/w
E63Je8AvHH8qVxgF1vINmoClg1dQqDqIF4suLoOXNggZb4TkAuBBiQDW6/C6ck5A
I+QnW7p9QEuyKFIPBDn9s3FWtg5sKgz4ZkLHIvWMfGhRos1o
-----END CERTIFICATE-----