Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1aa38486-cd53-4f48-891d-a0191edf04a1.roa
File:                     1aa38486-cd53-4f48-891d-a0191edf04a1.roa (raw, json)
Hash identifier:          0bWedW3DyPCPcT30X5hzcv6veCiRAiZXfNmmJI+nyVo=
Subject key identifier:   CB:53:23:7F:17:40:BE:6A:72:40:41:E7:21:2E:D9:25:1D:CB:3C:73
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       410D3AD54D763FF49756FA4D91C8E5746CF73191
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1aa38486-cd53-4f48-891d-a0191edf04a1.roa
Signing time:             Mon 31 Mar 2025 19:21:37 +0000
ROA not before:           Mon 31 Mar 2025 19:21:37 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:90c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:0d:3a:d5:4d:76:3f:f4:97:56:fa:4d:91:c8:e5:74:6c:f7:31:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:21:37 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d4:bf:d7:df:7c:dc:af:b0:bd:f7:e0:b0:79:
                    e0:2f:b8:60:44:95:91:cd:ee:d4:ee:76:3e:7b:33:
                    13:1c:c1:73:ac:be:a4:3a:02:9a:97:29:a1:b4:01:
                    63:c9:a7:63:2d:c3:e8:83:34:9e:83:b7:ad:ac:7d:
                    c7:b7:51:04:e9:61:01:51:5f:52:05:44:33:91:2a:
                    d2:cb:ff:1f:70:b9:e1:d2:0f:7d:70:2e:2b:26:4c:
                    45:5e:3e:94:b1:bd:08:57:ce:3b:c0:a4:e4:78:30:
                    b7:ab:93:4a:b6:4d:cf:b1:20:a7:f7:23:cd:40:24:
                    01:c7:5c:2d:05:99:e8:37:e4:87:4e:7d:ae:dc:c3:
                    d8:8e:7b:e5:9d:09:9a:a5:cd:7c:bb:ed:bb:6a:d8:
                    89:10:6d:c4:4d:26:f4:b7:bd:66:1f:5b:ed:32:e3:
                    1f:1b:ba:29:c1:ff:32:87:36:24:31:be:8f:c1:65:
                    d7:44:58:72:4f:b8:5a:a7:56:42:a0:7a:fd:18:ad:
                    d1:f1:31:ab:09:2f:99:81:1e:78:ce:1c:f9:48:97:
                    3c:b4:b8:9c:f3:c4:3e:a6:07:29:7b:eb:08:19:3b:
                    da:fa:0f:99:3c:b0:e2:67:bb:5f:17:2e:b9:af:0c:
                    b4:fc:b7:bc:91:99:c1:30:b8:fc:7d:ab:6e:f9:2e:
                    37:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:53:23:7F:17:40:BE:6A:72:40:41:E7:21:2E:D9:25:1D:CB:3C:73
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1aa38486-cd53-4f48-891d-a0191edf04a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:90c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:dd:71:56:06:82:6b:d9:fc:a4:33:1e:89:cc:02:75:52:7d:
         d7:7d:e5:03:de:3f:91:b9:f3:af:73:8b:c3:33:15:76:a8:ee:
         b8:4a:72:19:09:7a:ce:d5:63:c0:48:89:17:ae:7e:90:8c:04:
         8b:09:ae:5e:4a:ed:38:b9:64:06:dd:09:4c:31:55:60:be:45:
         eb:a3:4e:ea:43:cf:26:de:5c:14:c4:e6:ec:e1:cc:da:8f:0b:
         2e:d9:7c:2f:88:c9:e1:ab:ec:49:61:0c:d8:8a:ac:c5:f1:7d:
         d5:23:22:2f:b5:9a:c8:c0:7c:e7:d0:ba:e5:92:97:49:d1:f4:
         4b:76:9b:06:17:21:2d:0f:4e:55:2e:d7:55:0c:ef:11:7a:19:
         80:3a:f7:d2:d2:26:d6:88:aa:d8:2c:24:b3:0a:4f:2b:55:e1:
         05:56:33:84:9d:07:0a:e3:9a:71:49:5c:9b:9c:3b:e0:dc:71:
         98:a7:c5:df:dc:d8:61:46:74:d4:d7:b6:bf:86:fb:42:1f:44:
         9f:b8:e8:d8:70:cf:fe:fa:63:99:ac:0a:1f:22:65:74:19:71:
         29:a1:49:d4:b1:ec:62:76:87:c0:85:c5:83:d1:0e:d6:85:f1:
         26:97:d6:36:7a:b9:70:b2:8f:6b:2c:e6:20:36:d5:a0:dd:25:
         30:a6:6b:f2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQQ061U12P/SXVvpNkcjldGz3MZEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTIxMzdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZjMDhhZDQ0NzJhNWRkYmVhMzQ1N2IzZTZhOTk1NzMyY2NmM2VlZGIwMTk1
OGQ4NWJjN2JlOGQxYWI4ZDc0NjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMTUv9fffNyvsL334LB54C+4YESVkc3u1O52PnszExzBc6y+pDoCmpcpobQB
Y8mnYy3D6IM0noO3rax9x7dRBOlhAVFfUgVEM5Eq0sv/H3C54dIPfXAuKyZMRV4+
lLG9CFfOO8Ck5Hgwt6uTSrZNz7Egp/cjzUAkAcdcLQWZ6Dfkh059rtzD2I575Z0J
mqXNfLvtu2rYiRBtxE0m9Le9Zh9b7TLjHxu6KcH/Moc2JDG+j8Fl10RYck+4WqdW
QqB6/Rit0fExqwkvmYEeeM4c+UiXPLS4nPPEPqYHKXvrCBk72voPmTyw4me7Xxcu
ua8MtPy3vJGZwTC4/H2rbvkuN2MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTLUyN/
F0C+anJAQechLtklHcs8czAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWFhMzg0ODYtY2Q1My00ZjQ4LTg5MWQtYTAxOTFlZGYwNGExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAgd1xVgaCa9n8pDMeicwCdVJ9133lA94/kbnz
r3OLwzMVdqjuuEpyGQl6ztVjwEiJF65+kIwEiwmuXkrtOLlkBt0JTDFVYL5F66NO
6kPPJt5cFMTm7OHM2o8LLtl8L4jJ4avsSWEM2IqsxfF91SMiL7WayMB859C65ZKX
SdH0S3abBhchLQ9OVS7XVQzvEXoZgDr30tIm1oiq2CwkswpPK1XhBVYzhJ0HCuOa
cUlcm5w74NxxmKfF39zYYUZ01Ne2v4b7Qh9En7jo2HDP/vpjmawKHyJldBlxKaFJ
1LHsYnaHwIXFg9EO1oXxJpfWNnq5cLKPayzmIDbVoN0lMKZr8g==
-----END CERTIFICATE-----