Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/06cf9d14-d513-496c-9a8e-a1898978658a.roa
File:                     06cf9d14-d513-496c-9a8e-a1898978658a.roa (raw, json)
Hash identifier:          ApEyQ8fcyfFm9dXt6tJ9NbyU4QRR/LdaRIIG59fL6vg=
Subject key identifier:   9C:69:09:EF:AE:97:E1:56:52:CE:00:CE:E4:FD:73:A7:F3:C0:19:E9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0D6813104AA471AD7E9D3BD85A0BF69A7BEF79E7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/06cf9d14-d513-496c-9a8e-a1898978658a.roa
Signing time:             Mon 31 Mar 2025 20:31:13 +0000
ROA not before:           Mon 31 Mar 2025 20:31:13 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:8040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:68:13:10:4a:a4:71:ad:7e:9d:3b:d8:5a:0b:f6:9a:7b:ef:79:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:13 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:28:fa:93:b3:0d:0f:78:b5:a5:f2:bb:7d:52:
                    17:76:9f:44:ea:1d:dc:9b:e4:c7:32:32:d0:cb:c1:
                    52:fa:eb:9c:9a:53:58:c2:03:52:82:d8:a7:ec:88:
                    96:ae:f7:37:48:3c:24:fc:ed:84:fd:5f:43:88:db:
                    f3:22:b3:72:de:0f:87:49:ec:17:fc:3d:ff:37:f7:
                    81:64:4f:d7:d0:71:53:26:64:83:48:f7:b7:d0:23:
                    e9:08:c9:74:ba:42:d4:50:f4:63:1e:27:76:48:f2:
                    8b:7d:3f:2d:e0:8c:32:df:ed:c4:13:63:18:ef:45:
                    28:7c:86:59:3c:fa:6f:3c:3b:c7:d3:7e:01:c9:18:
                    3c:e5:9d:d2:07:9a:a4:11:82:c7:e3:79:e9:d1:fe:
                    1e:de:f6:c0:c9:9c:20:0e:9b:07:6a:49:62:96:c5:
                    e9:4e:23:60:92:85:27:84:d5:49:fc:23:85:5c:9b:
                    6e:a7:b5:66:65:2c:96:2f:19:d4:67:25:fb:85:35:
                    74:05:a3:2f:43:08:08:0f:a9:d1:f8:8e:75:51:79:
                    b2:ae:d6:7c:e7:f8:05:d1:9b:b7:fd:4f:7b:c8:42:
                    52:c3:01:6a:52:c6:e7:8a:75:25:ef:9d:1f:e5:be:
                    42:3d:30:96:b2:a9:fc:7b:9e:a0:c6:17:bf:96:7b:
                    63:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:69:09:EF:AE:97:E1:56:52:CE:00:CE:E4:FD:73:A7:F3:C0:19:E9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/06cf9d14-d513-496c-9a8e-a1898978658a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:8040::/46

    Signature Algorithm: sha256WithRSAEncryption
         6f:f4:35:70:b1:83:74:4d:ed:1c:1b:e6:88:e7:34:72:19:98:
         42:a1:e4:a1:dc:14:a0:1f:bc:a0:36:55:7a:52:b1:0e:2c:d4:
         18:0c:23:1e:27:4c:9c:cf:00:f0:6a:38:44:26:48:da:47:68:
         da:02:e7:8a:04:b8:bf:03:2f:e6:2a:34:3e:4a:63:df:94:ed:
         84:a1:08:78:16:f9:a7:0b:27:2c:9a:c9:91:7f:87:9d:06:cd:
         8c:27:3d:0d:a4:87:80:e4:20:e8:8c:32:45:31:85:21:36:d8:
         b2:9a:f8:11:37:a7:0c:4c:a3:4a:cb:2d:b9:99:b5:d3:09:c5:
         87:84:db:85:d4:98:dc:2e:9f:f8:62:3f:0c:9f:e5:0b:f9:ce:
         aa:03:c4:d5:e3:4b:b2:ce:cb:eb:02:31:64:da:a3:1d:75:27:
         a5:80:44:d0:28:42:29:65:a3:f9:19:43:4b:17:a0:d4:37:d0:
         77:27:a0:25:dd:7c:7d:6b:24:b4:03:70:4e:8a:7f:69:39:57:
         b4:19:e0:20:27:63:e8:1c:28:00:44:fa:84:bd:e8:c5:7b:6b:
         f2:8b:e8:e3:6d:3d:7a:40:77:09:b0:4f:05:91:b7:e8:b6:7c:
         44:ca:00:39:2c:fe:2e:16:96:f5:27:df:26:cc:35:27:8b:af:
         7a:0e:3d:44
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUDWgTEEqkca1+nTvYWgv2mnvveecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxMTNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJlM2Y0Nzg0NjZhYzlmZDQ2YjQ1NGQ3OGUzMmEzMWNhZGZkZWExY2JmNTRh
ZDQ1MDYwY2M1Nzk4OTNiYjk3MmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMko+pOzDQ94taXyu31SF3afROod3JvkxzIy0MvBUvrrnJpTWMIDUoLYp+yI
lq73N0g8JPzthP1fQ4jb8yKzct4Ph0nsF/w9/zf3gWRP19BxUyZkg0j3t9Aj6QjJ
dLpC1FD0Yx4ndkjyi30/LeCMMt/txBNjGO9FKHyGWTz6bzw7x9N+AckYPOWd0gea
pBGCx+N56dH+Ht72wMmcIA6bB2pJYpbF6U4jYJKFJ4TVSfwjhVybbqe1ZmUsli8Z
1Gcl+4U1dAWjL0MICA+p0fiOdVF5sq7WfOf4BdGbt/1Pe8hCUsMBalLG54p1Je+d
H+W+Qj0wlrKp/HueoMYXv5Z7YzsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBScaQnv
rpfhVlLOAM7k/XOn88AZ6TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDZjZjlkMTQtZDUxMy00OTZjLTlhOGUtYTE4OTg5Nzg2NThhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HeA
QDANBgkqhkiG9w0BAQsFAAOCAQEAb/Q1cLGDdE3tHBvmiOc0chmYQqHkodwUoB+8
oDZVelKxDizUGAwjHidMnM8A8Go4RCZI2kdo2gLnigS4vwMv5io0Pkpj35TthKEI
eBb5pwsnLJrJkX+HnQbNjCc9DaSHgOQg6IwyRTGFITbYspr4ETenDEyjSsstuZm1
0wnFh4TbhdSY3C6f+GI/DJ/lC/nOqgPE1eNLss7L6wIxZNqjHXUnpYBE0ChCKWWj
+RlDSxeg1DfQdyegJd18fWsktANwTop/aTlXtBngICdj6BwoAET6hL3oxXtr8ovo
4209ekB3CbBPBZG36LZ8RMoAOSz+LhaW9SffJsw1J4uveg49RA==
-----END CERTIFICATE-----