Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/17057de1-0841-47c5-9f52-f4f803d5e2d4.roa
File:                     17057de1-0841-47c5-9f52-f4f803d5e2d4.roa (raw, json)
Hash identifier:          cyXaUi/pA/lEtt3Frg7hneVp0XtygXvhmsoch66no6c=
Subject key identifier:   DD:A2:E4:C5:D3:08:E6:34:42:E5:34:93:19:CC:64:FB:9F:AB:7A:A8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1A8D43982CFD7D610E5D9E15D94EB958957DDECA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/17057de1-0841-47c5-9f52-f4f803d5e2d4.roa
Signing time:             Mon 31 Mar 2025 20:51:44 +0000
ROA not before:           Mon 31 Mar 2025 20:51:44 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d03a:6000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:8d:43:98:2c:fd:7d:61:0e:5d:9e:15:d9:4e:b9:58:95:7d:de:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:51:44 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:07:df:33:85:b6:6f:75:86:ed:d7:7c:84:56:
                    e1:85:70:68:3f:ee:6b:46:3d:6a:88:34:6c:63:f9:
                    9b:27:8e:4b:a7:cb:2c:0f:04:98:bb:a7:4d:c4:ee:
                    28:a9:38:4c:37:54:68:57:76:58:2a:5b:6e:5f:e9:
                    52:5b:a6:70:9d:9f:fb:44:68:5a:1a:64:be:3a:60:
                    48:93:a4:bb:fc:ee:c6:fd:7a:e2:30:b2:0a:36:74:
                    77:f4:a5:ec:b0:d9:35:42:e4:81:65:4c:a5:bb:d8:
                    29:22:60:f2:08:21:9c:31:c2:d2:0e:6a:49:d0:af:
                    2c:f7:57:1c:1f:03:75:b6:ce:30:87:81:95:81:e7:
                    1d:5a:f4:40:82:47:40:3a:29:78:fe:26:d8:5f:07:
                    7e:68:62:9a:29:ae:4d:99:6a:0f:aa:ea:40:25:c9:
                    3e:27:98:9b:17:ad:38:5e:ec:1c:34:a3:26:71:be:
                    f3:c2:59:ed:e5:20:69:6a:db:8c:92:8e:d6:0b:32:
                    b0:07:a0:67:0b:4e:52:41:30:fb:44:fc:5b:2f:ac:
                    0c:89:f9:9f:d8:67:e7:c4:72:c1:67:fb:5d:59:96:
                    1a:70:13:4e:42:6b:51:7c:bf:0c:81:e7:47:ec:96:
                    b7:dd:e5:87:b4:bc:36:da:44:c9:dd:82:98:fe:2e:
                    e0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A2:E4:C5:D3:08:E6:34:42:E5:34:93:19:CC:64:FB:9F:AB:7A:A8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/17057de1-0841-47c5-9f52-f4f803d5e2d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d03a:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4d:6d:ea:23:3c:8b:74:83:4a:1e:14:83:70:41:9a:18:44:ae:
         9a:15:48:af:90:57:cb:f7:7a:ff:02:c7:dd:c2:db:c3:a2:a2:
         ea:fd:e0:a8:30:51:4f:b9:f6:3a:92:37:2c:98:8e:11:59:e9:
         09:4f:69:4e:0c:d5:6f:cd:86:f5:e6:f3:2d:4b:ba:58:43:0d:
         28:ce:9d:0f:67:84:27:c7:54:6e:7e:db:1f:7d:ab:26:9b:20:
         2e:41:5d:03:94:d3:6a:38:b0:f2:a8:a3:07:1c:11:04:74:75:
         20:ab:46:20:2e:ea:0e:dc:8b:4d:e1:18:20:94:3c:82:78:9f:
         21:73:d0:5d:af:a4:d4:77:f9:53:91:c7:09:45:2b:d1:52:bb:
         71:7c:92:7c:46:fc:b6:67:d2:0e:ce:b3:2e:31:72:fc:27:33:
         03:55:28:f7:91:6f:32:85:54:f7:26:c3:00:a3:79:51:1e:13:
         e6:61:d5:71:01:4d:d7:79:83:9e:e7:38:be:e3:b8:fb:1d:03:
         ec:cc:23:cb:63:59:8c:ed:43:d5:59:a7:0a:d9:d5:f2:01:0f:
         e4:23:56:6e:ca:9a:69:e1:22:44:f8:2b:b2:b1:ee:e0:13:9f:
         dc:21:1e:9a:38:7b:d3:bf:8d:76:45:7c:b9:f9:e8:a3:4c:c7:
         f8:56:76:f4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGo1DmCz9fWEOXZ4V2U65WJV93sowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDUxNDRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk2ZTE4YzI2MWFlNjY4OTg1ZDczOGVmM2U4M2QzMWFlNzliODBlN2NkYWQ3
NWUxYzJmNGM1YjM3OTNmMWQ3Y2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsH3zOFtm91hu3XfIRW4YVwaD/ua0Y9aog0bGP5myeOS6fLLA8EmLunTcTu
KKk4TDdUaFd2WCpbbl/pUlumcJ2f+0RoWhpkvjpgSJOku/zuxv164jCyCjZ0d/Sl
7LDZNULkgWVMpbvYKSJg8gghnDHC0g5qSdCvLPdXHB8DdbbOMIeBlYHnHVr0QIJH
QDopeP4m2F8HfmhimimuTZlqD6rqQCXJPieYmxetOF7sHDSjJnG+88JZ7eUgaWrb
jJKO1gsysAegZwtOUkEw+0T8Wy+sDIn5n9hn58RywWf7XVmWGnATTkJrUXy/DIHn
R+yWt93lh7S8NtpEyd2CmP4u4LkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTdouTF
0wjmNELlNJMZzGT7n6t6qDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTcwNTdkZTEtMDg0MS00N2M1LTlmNTItZjRmODAzZDVlMmQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dpg
MA0GCSqGSIb3DQEBCwUAA4IBAQBNbeojPIt0g0oeFINwQZoYRK6aFUivkFfL93r/
AsfdwtvDoqLq/eCoMFFPufY6kjcsmI4RWekJT2lODNVvzYb15vMtS7pYQw0ozp0P
Z4Qnx1RuftsffasmmyAuQV0DlNNqOLDyqKMHHBEEdHUgq0YgLuoO3ItN4RgglDyC
eJ8hc9Bdr6TUd/lTkccJRSvRUrtxfJJ8Rvy2Z9IOzrMuMXL8JzMDVSj3kW8yhVT3
JsMAo3lRHhPmYdVxAU3XeYOe5zi+47j7HQPszCPLY1mM7UPVWacK2dXyAQ/kI1Zu
yppp4SJE+Cuyse7gE5/cIR6aOHvTv412RXy5+eijTMf4Vnb0
-----END CERTIFICATE-----