Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0a30ed8c-d021-436c-b923-753b22158048.roa
File:                     0a30ed8c-d021-436c-b923-753b22158048.roa (raw, json)
Hash identifier:          fnXCO388a44e21Nlt7HV50rGrX7fRIKg4CJk6c7R9Ho=
Subject key identifier:   8F:7C:84:FE:3F:B4:3D:4C:95:FC:E0:6B:7E:D6:14:AD:FE:8B:83:F4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       45B495E0CDA24BBE10E1E728420D99C6702067FB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0a30ed8c-d021-436c-b923-753b22158048.roa
Signing time:             Mon 31 Mar 2025 20:30:11 +0000
ROA not before:           Mon 31 Mar 2025 20:30:11 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:b4:95:e0:cd:a2:4b:be:10:e1:e7:28:42:0d:99:c6:70:20:67:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:30:11 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:26:66:c6:93:8a:c4:c1:28:a7:d0:ca:d2:c4:
                    be:89:6c:d8:c8:b9:d1:39:75:50:db:7b:fa:7c:f7:
                    db:89:45:83:22:0f:44:57:95:a5:11:34:f0:5b:43:
                    00:a5:9e:eb:d8:6c:2c:b8:44:0a:b7:5b:2e:f6:5e:
                    95:9e:9d:3b:de:c7:c1:94:be:c7:8a:b8:3c:fd:ad:
                    96:31:15:4d:70:b3:b4:9a:7e:4e:c8:42:02:86:0b:
                    43:15:76:cf:d7:d1:12:66:7d:6b:b2:5e:b4:7e:98:
                    f0:4a:f2:b0:ea:90:00:48:1c:c9:5a:08:79:4e:ee:
                    70:e0:64:fd:bf:30:7e:65:21:ae:d8:59:77:34:39:
                    05:ad:5d:ba:26:34:ff:b7:75:39:cf:d9:6d:92:e5:
                    36:df:2e:07:50:ad:19:17:b9:66:43:7a:e5:b9:23:
                    45:b6:81:d3:b4:ad:02:39:e9:4c:bc:7d:95:1b:90:
                    8d:45:d5:b4:7f:a9:d7:ac:12:e3:ee:bf:88:0f:a5:
                    27:4c:b6:80:9b:87:c5:46:ef:bb:e9:82:5b:f0:80:
                    c3:b9:10:2c:0a:04:c1:2a:b2:0e:b3:1f:84:d6:4b:
                    52:d0:60:40:4c:e2:de:31:f7:dd:06:70:4a:7d:36:
                    da:01:73:b0:33:fd:b1:a7:d4:8c:32:9c:c9:9f:f1:
                    9d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7C:84:FE:3F:B4:3D:4C:95:FC:E0:6B:7E:D6:14:AD:FE:8B:83:F4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0a30ed8c-d021-436c-b923-753b22158048.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a1:a9:13:9b:c3:ee:da:56:d6:1a:50:a3:ef:74:ab:0e:d3:70:
         6c:83:d7:84:71:c0:cb:75:23:c3:70:ad:bd:e6:fe:32:36:cd:
         58:db:1d:c4:d6:e8:27:c3:c4:fc:64:6e:f8:83:80:6c:a1:db:
         d6:07:8e:5f:4a:1f:93:31:1c:d0:47:22:fa:c1:93:e4:37:90:
         31:e7:21:44:33:f0:a3:03:40:fd:42:a3:08:c5:a9:41:0d:20:
         df:57:2f:8c:cb:c6:49:6b:83:7e:78:f3:9c:32:7e:75:b3:83:
         d7:bc:d2:3c:37:c3:13:99:68:e7:02:94:d8:ea:97:86:60:b1:
         50:10:cc:8f:74:0a:5b:81:2d:2b:0b:79:05:21:13:c2:cf:35:
         5f:2a:9f:a5:bd:55:0e:ba:a8:b6:b7:89:a7:8b:a1:51:a0:be:
         1b:f2:c3:04:8b:15:5f:be:c3:ac:53:8c:36:af:2a:02:1b:7b:
         17:0f:d1:97:a7:94:36:8c:2c:89:16:af:78:98:f9:7a:25:a5:
         c1:1b:05:3a:4c:a0:42:67:0b:bf:ed:96:c4:f2:b3:99:22:76:
         76:e5:1d:dd:7b:33:5e:11:d9:c0:70:b9:ad:08:b8:1e:dd:e2:
         9b:f3:7d:44:0e:d2:44:20:26:5c:3d:72:74:d6:f3:96:c0:d7:
         13:92:fe:d5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURbSV4M2iS74Q4ecoQg2ZxnAgZ/swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMwMTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDRhZmYyZmU2NDQzMmE3ZWEzNDgyNjQzNzk5ODVkODNhNTliYzJmYTE1ZmYw
MjNjZjZiMGQwMzk2ZmFlNWJiNWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALkmZsaTisTBKKfQytLEvols2Mi50Tl1UNt7+nz324lFgyIPRFeVpRE08FtD
AKWe69hsLLhECrdbLvZelZ6dO97HwZS+x4q4PP2tljEVTXCztJp+TshCAoYLQxV2
z9fREmZ9a7JetH6Y8ErysOqQAEgcyVoIeU7ucOBk/b8wfmUhrthZdzQ5Ba1duiY0
/7d1Oc/ZbZLlNt8uB1CtGRe5ZkN65bkjRbaB07StAjnpTLx9lRuQjUXVtH+p16wS
4+6/iA+lJ0y2gJuHxUbvu+mCW/CAw7kQLAoEwSqyDrMfhNZLUtBgQEzi3jH33QZw
Sn022gFzsDP9safUjDKcyZ/xnZ0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSPfIT+
P7Q9TJX84Gt+1hSt/ouD9DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGEzMGVkOGMtZDAyMS00MzZjLWI5MjMtNzUzYjIyMTU4MDQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DXg
MA0GCSqGSIb3DQEBCwUAA4IBAQChqRObw+7aVtYaUKPvdKsO03Bsg9eEccDLdSPD
cK295v4yNs1Y2x3E1ugnw8T8ZG74g4BsodvWB45fSh+TMRzQRyL6wZPkN5Ax5yFE
M/CjA0D9QqMIxalBDSDfVy+My8ZJa4N+ePOcMn51s4PXvNI8N8MTmWjnApTY6peG
YLFQEMyPdApbgS0rC3kFIRPCzzVfKp+lvVUOuqi2t4mni6FRoL4b8sMEixVfvsOs
U4w2ryoCG3sXD9GXp5Q2jCyJFq94mPl6JaXBGwU6TKBCZwu/7ZbE8rOZInZ25R3d
ezNeEdnAcLmtCLge3eKb831EDtJEICZcPXJ01vOWwNcTkv7V
-----END CERTIFICATE-----