Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1977ffde-7d26-418c-800c-ccacd18fe560.roa
File:                     1977ffde-7d26-418c-800c-ccacd18fe560.roa (raw, json)
Hash identifier:          V7jn16ZbGGMunM3KVPeMMIgm8T0SYokMxXwOC8slzks=
Subject key identifier:   1E:53:FF:09:EC:14:67:1F:87:C2:CC:16:D5:6B:B3:0D:27:22:FA:C9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5CC5231B81DEF29FDACD76FF42F1227F37642E4F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1977ffde-7d26-418c-800c-ccacd18fe560.roa
Signing time:             Fri 14 Mar 2025 15:00:40 +0000
ROA not before:           Fri 14 Mar 2025 15:00:40 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2a05:d040::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:c5:23:1b:81:de:f2:9f:da:cd:76:ff:42:f1:22:7f:37:64:2e:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 14 15:00:40 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:d1:99:88:86:7d:2f:53:a0:e4:bb:53:2a:4f:
                    0a:78:42:76:7f:5b:9e:c7:68:c8:44:64:d7:fe:19:
                    e7:17:75:24:56:dc:37:06:ed:37:51:8b:37:cf:a6:
                    4b:90:bf:cb:43:94:4a:51:52:21:23:61:46:07:f4:
                    92:4b:05:a8:b4:60:bd:f1:45:60:8e:da:bd:53:65:
                    e3:d6:1e:ef:45:c3:e2:b0:07:30:2f:60:94:bc:08:
                    bf:73:89:6e:81:b3:1f:91:75:d7:6f:ce:5f:cb:41:
                    71:6e:ac:9f:74:c5:4f:b5:dc:e6:72:7b:c9:e1:e0:
                    1f:7e:88:70:8d:bd:99:3c:3d:0d:10:af:47:5a:62:
                    f7:5c:70:b7:4a:38:e4:5c:99:61:7e:a0:f7:55:14:
                    2a:10:f2:5c:de:45:b7:18:b0:be:bf:61:e0:25:4d:
                    47:84:9f:59:fe:32:5e:cb:24:3d:de:c3:9e:8e:a2:
                    c8:43:6c:48:8a:2a:65:90:e2:d4:19:12:a4:e0:cf:
                    86:11:25:25:1c:fc:6e:82:81:5f:ab:66:0d:fd:4b:
                    ab:2f:f9:c4:bf:63:4f:99:eb:03:fb:cb:31:06:8c:
                    d3:df:65:12:1a:b9:09:c9:58:0a:bd:8d:f4:39:df:
                    77:98:70:c2:8f:bc:16:96:33:6a:f1:d6:d1:0f:c1:
                    1a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:53:FF:09:EC:14:67:1F:87:C2:CC:16:D5:6B:B3:0D:27:22:FA:C9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1977ffde-7d26-418c-800c-ccacd18fe560.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d040::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:00:55:91:e1:98:38:41:99:dc:ed:7d:58:2d:df:d1:39:ff:
         02:0f:44:a6:c6:55:ba:a2:83:a7:4d:92:09:72:e6:af:78:55:
         70:40:cc:7f:91:8c:13:a3:2e:6e:c4:e9:c2:43:51:aa:49:30:
         bf:cb:d1:44:6d:4c:84:80:97:bc:8e:ad:6d:89:3a:4f:f6:8f:
         68:3e:59:4c:8e:f7:b3:48:4e:55:9d:6a:d4:e6:4d:55:96:85:
         12:8a:21:f6:d5:c1:4d:fb:4a:95:20:70:5a:ad:af:e7:46:75:
         f4:bd:00:a0:e0:66:79:83:ee:2a:11:af:91:fc:6e:b8:db:5c:
         a5:b1:9c:c7:41:ee:24:2a:ce:dc:a7:02:d0:60:fb:85:67:76:
         71:4c:2c:40:cc:28:93:d0:9a:8b:8a:99:9b:23:75:a5:c9:4e:
         ab:ea:ca:83:53:41:b2:f2:15:16:e6:ed:50:c1:d2:34:1c:70:
         cb:3b:af:0f:ee:00:fd:fc:ea:ca:02:44:4c:b9:26:0d:94:37:
         86:32:26:62:47:e8:99:d8:9f:10:74:62:6a:48:8a:79:7f:cc:
         e2:63:11:f2:97:3b:08:1f:11:ea:de:7d:9f:78:87:fc:20:f8:
         5b:a7:c5:28:b7:91:3e:f1:6d:b7:44:f5:ce:78:7c:4c:81:c5:
         62:d4:29:48
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUXMUjG4He8p/azXb/QvEifzdkLk8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTQxNTAwNDBaFw0yNTA0MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDYwOTY2YzYzYWRiOGNkNmRkYTQ2NDVlNDQ3MTkyOTIzMzczZjQ3MWQ4ZmNl
OTcyNTMxZDgzNDYyZGExYjQ3MGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPjRmYiGfS9ToOS7UypPCnhCdn9bnsdoyERk1/4Z5xd1JFbcNwbtN1GLN8+m
S5C/y0OUSlFSISNhRgf0kksFqLRgvfFFYI7avVNl49Ye70XD4rAHMC9glLwIv3OJ
boGzH5F112/OX8tBcW6sn3TFT7Xc5nJ7yeHgH36IcI29mTw9DRCvR1pi91xwt0o4
5FyZYX6g91UUKhDyXN5Ftxiwvr9h4CVNR4SfWf4yXsskPd7Dno6iyENsSIoqZZDi
1BkSpODPhhElJRz8boKBX6tmDf1Lqy/5xL9jT5nrA/vLMQaM099lEhq5CclYCr2N
9Dnfd5hwwo+8FpYzavHW0Q/BGmsCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBQeU/8J
7BRnH4fCzBbVa7MNJyL6yTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTk3N2ZmZGUtN2QyNi00MThjLTgwMGMtY2NhY2QxOGZlNTYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0EAw
DQYJKoZIhvcNAQELBQADggEBAHIAVZHhmDhBmdztfVgt39E5/wIPRKbGVbqig6dN
kgly5q94VXBAzH+RjBOjLm7E6cJDUapJML/L0URtTISAl7yOrW2JOk/2j2g+WUyO
97NITlWdatTmTVWWhRKKIfbVwU37SpUgcFqtr+dGdfS9AKDgZnmD7ioRr5H8brjb
XKWxnMdB7iQqztynAtBg+4VndnFMLEDMKJPQmouKmZsjdaXJTqvqyoNTQbLyFRbm
7VDB0jQccMs7rw/uAP386soCREy5Jg2UN4YyJmJH6JnYnxB0YmpIinl/zOJjEfKX
OwgfEerefZ94h/wg+FunxSi3kT7xbbdE9c54fEyBxWLUKUg=
-----END CERTIFICATE-----