Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/14c60b75-8947-47da-9c6d-7045cbbbea55.roa
File:                     14c60b75-8947-47da-9c6d-7045cbbbea55.roa (raw, json)
Hash identifier:          cElRjih/KxFWaljyKuwdlUm7N8Aj/sZrshshyae1KIc=
Subject key identifier:   F0:6B:22:8F:5F:33:B2:54:B2:70:FC:0D:48:6B:06:5D:26:C6:2D:7C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5E73767A3BFC12E367AC2C61F5564A0075A00EBE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/14c60b75-8947-47da-9c6d-7045cbbbea55.roa
Signing time:             Wed 02 Apr 2025 00:30:40 +0000
ROA not before:           Wed 02 Apr 2025 00:30:40 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d06f:1000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:73:76:7a:3b:fc:12:e3:67:ac:2c:61:f5:56:4a:00:75:a0:0e:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  2 00:30:40 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0a:fa:c3:71:50:81:13:62:9b:86:86:a4:27:
                    ff:ec:09:19:07:a0:fe:22:34:2b:c7:f7:80:b7:fa:
                    b6:02:b7:d6:f5:f3:26:79:a1:37:45:78:a8:2f:c6:
                    dc:fc:4b:55:3e:bf:e8:ac:28:01:e1:b0:1b:2a:f2:
                    24:63:6f:e3:2e:74:32:0d:b7:27:98:f0:1b:2f:6d:
                    43:97:5b:00:3f:dc:78:bf:48:59:18:21:b2:81:d6:
                    ab:c4:f7:14:c1:45:e3:e5:62:03:49:c2:6f:24:85:
                    29:7e:d5:3c:7f:30:11:62:dd:a3:63:50:ce:d4:77:
                    01:69:cd:de:8d:13:f4:45:e8:02:7e:22:a3:8b:90:
                    42:c9:80:98:0b:e1:20:e5:0c:66:e9:23:60:f8:c7:
                    e2:f2:cc:96:30:a6:c7:58:0a:be:9e:de:0c:cd:11:
                    5d:8b:ef:39:c5:df:f4:3b:84:3a:d6:d7:61:c5:17:
                    56:29:59:06:b1:10:d7:a8:0a:af:97:d1:f7:f8:c7:
                    1c:47:28:a6:9a:15:ff:aa:e8:3b:1e:37:21:df:98:
                    5b:1b:79:e7:b9:8f:2a:f9:bb:75:0c:20:29:4b:32:
                    37:4b:2d:fc:52:85:9d:f8:f9:0c:e5:46:cc:38:a7:
                    ad:0c:ee:37:6f:4e:b8:7f:64:dc:b3:16:36:9a:4e:
                    a5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:6B:22:8F:5F:33:B2:54:B2:70:FC:0D:48:6B:06:5D:26:C6:2D:7C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/14c60b75-8947-47da-9c6d-7045cbbbea55.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         04:18:66:b4:94:7a:68:02:25:63:38:d0:8d:ce:61:b7:d9:0a:
         6f:26:a9:41:b7:c5:aa:39:77:ae:ac:94:5e:7f:8e:f4:c9:62:
         65:63:0f:18:63:e2:58:2c:25:92:7f:e2:34:bf:79:c6:68:e2:
         eb:0b:11:7b:d7:12:3b:79:60:da:13:19:56:ca:01:bc:b5:84:
         d3:74:4b:66:76:e5:87:2c:a0:6f:12:81:9a:ac:e6:de:6c:11:
         ad:41:62:1d:55:85:23:bd:cd:91:52:04:fe:6a:ea:4f:af:8f:
         be:aa:ee:6f:7d:32:46:bd:14:fe:39:4b:e3:a3:b7:1c:90:54:
         5c:ea:9c:3c:f7:7b:f9:31:e9:8c:28:4b:3c:1e:e2:c3:a6:aa:
         b7:44:a8:c1:c1:4c:b2:13:29:e7:94:cb:e3:46:5f:6d:ab:3e:
         b8:b8:2c:dd:ba:40:f2:cb:91:07:73:7c:a0:5d:7b:f5:46:35:
         c0:78:06:81:4f:d8:b4:bf:03:17:e3:ea:34:8b:97:f3:91:96:
         75:97:d9:33:01:d6:10:d2:dd:ef:00:3c:66:1d:ea:67:94:b1:
         07:a0:eb:a6:2e:26:2a:0c:60:b9:bf:89:11:75:f6:8c:ce:ca:
         2e:a5:a4:32:a0:f1:d2:05:2d:22:2f:f5:9c:7a:2b:51:78:a1:
         3b:42:57:b4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXnN2ejv8EuNnrCxh9VZKAHWgDr4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDIwMDMwNDBaFw0yNTA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGNjYjM2ZTgwNTFlMmU4YmZmOTI2Nzk4NzdhZjY2OTU5ZDE1OTMyOGFjM2Vk
MDQ3NDZjMjE4NGEyNjg3N2Q5ZWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYK+sNxUIETYpuGhqQn/+wJGQeg/iI0K8f3gLf6tgK31vXzJnmhN0V4qC/G
3PxLVT6/6KwoAeGwGyryJGNv4y50Mg23J5jwGy9tQ5dbAD/ceL9IWRghsoHWq8T3
FMFF4+ViA0nCbySFKX7VPH8wEWLdo2NQztR3AWnN3o0T9EXoAn4io4uQQsmAmAvh
IOUMZukjYPjH4vLMljCmx1gKvp7eDM0RXYvvOcXf9DuEOtbXYcUXVilZBrEQ16gK
r5fR9/jHHEcoppoV/6roOx43Id+YWxt557mPKvm7dQwgKUsyN0st/FKFnfj5DOVG
zDinrQzuN29OuH9k3LMWNppOpQUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTwayKP
XzOyVLJw/A1IawZdJsYtfDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTRjNjBiNzUtODk0Ny00N2RhLTljNmQtNzA0NWNiYmJlYTU1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G8Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAEGGa0lHpoAiVjONCNzmG32QpvJqlBt8WqOXeu
rJRef470yWJlYw8YY+JYLCWSf+I0v3nGaOLrCxF71xI7eWDaExlWygG8tYTTdEtm
duWHLKBvEoGarObebBGtQWIdVYUjvc2RUgT+aupPr4++qu5vfTJGvRT+OUvjo7cc
kFRc6pw893v5MemMKEs8HuLDpqq3RKjBwUyyEynnlMvjRl9tqz64uCzdukDyy5EH
c3ygXXv1RjXAeAaBT9i0vwMX4+o0i5fzkZZ1l9kzAdYQ0t3vADxmHepnlLEHoOum
LiYqDGC5v4kRdfaMzsoupaQyoPHSBS0iL/WceitReKE7Qle0
-----END CERTIFICATE-----