Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
File:                     1d9a8425-e89b-4598-a680-84c5b341edfd.roa (raw, json)
Hash identifier:          xTcLM5qLlFnJ4mOtACmuDXbStDeaW/vFbFkD5jk2ScM=
Subject key identifier:   A9:E0:FA:E6:02:62:E4:E1:84:15:75:9D:5B:70:B1:5A:70:46:3A:8B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       33B1BC041BC00BC466F6A2475C939980760F9B6F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
Signing time:             Mon 31 Mar 2025 20:40:50 +0000
ROA not before:           Mon 31 Mar 2025 20:40:50 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:b1:bc:04:1b:c0:0b:c4:66:f6:a2:47:5c:93:99:80:76:0f:9b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:40:50 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a7:d5:08:75:63:85:03:a9:cc:48:ab:1b:9b:
                    f8:cd:6d:f4:eb:d1:3e:6d:70:4a:fe:f5:0b:d2:9a:
                    8a:52:fd:13:ef:11:f0:34:84:76:90:9c:af:57:85:
                    d2:41:e9:34:69:33:c9:69:88:8e:11:02:d6:84:bf:
                    18:96:fa:96:e1:e0:d1:9a:c0:48:b8:86:d4:8a:6a:
                    93:27:cc:31:22:a4:0e:e1:29:9d:62:e1:ad:db:94:
                    6f:c4:62:0d:18:75:90:19:90:32:bf:43:da:8b:59:
                    c1:b8:c4:e6:0b:e1:3a:be:ee:cd:7e:39:f4:6b:75:
                    ef:86:ae:b7:48:11:20:78:64:3a:95:dd:88:4e:8a:
                    c5:af:c3:1f:fd:9b:f5:08:c9:58:0a:8e:fc:0e:39:
                    2e:22:c4:eb:43:76:41:5e:ed:a6:16:40:e3:92:8a:
                    3c:4b:34:a2:78:99:da:24:30:41:b7:af:1b:68:81:
                    e0:7b:9c:6b:91:11:33:27:5a:d1:8c:1d:b4:4e:59:
                    85:a9:15:1f:1c:b5:44:1a:4e:02:a4:29:78:39:2d:
                    58:45:c6:f5:f6:c2:5b:cc:3d:81:c0:5c:2c:7e:62:
                    22:20:83:a0:9f:ad:c4:5f:2b:11:61:09:19:f5:8d:
                    c1:44:2f:f4:6c:59:7b:d6:15:ff:22:f4:4f:03:ed:
                    46:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E0:FA:E6:02:62:E4:E1:84:15:75:9D:5B:70:B1:5A:70:46:3A:8B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         28:2a:83:7d:3b:75:d0:51:2b:db:7f:23:f1:e7:cc:09:cd:86:
         7b:0c:83:98:55:8f:08:a2:fa:cf:f6:67:23:9a:31:e0:c6:f8:
         e2:c8:0b:2e:c7:f9:1b:08:dd:63:70:3b:bc:bf:79:76:c5:cf:
         2c:6c:9a:e6:db:3a:36:81:92:59:d2:1e:8e:10:b7:b9:8d:96:
         86:e8:22:c8:36:66:db:ab:33:1a:8e:96:8e:e4:6f:c7:fc:6c:
         33:74:b2:89:d6:2e:2c:0e:ab:2a:65:25:83:2d:d1:14:16:a6:
         bd:7e:91:2a:c9:b7:32:a0:80:32:9e:f8:0e:47:00:4e:f5:c2:
         9c:24:83:04:3b:c3:91:1e:d2:7f:3a:5b:b7:d1:05:64:29:ab:
         53:cd:e1:5c:0f:a3:3f:58:3c:ca:c3:3c:2c:11:72:c9:43:c3:
         0e:97:91:cd:bd:1b:14:72:5c:08:2e:5b:b9:a1:1d:af:36:e5:
         5d:08:22:b5:a5:bd:43:23:6e:cd:f7:30:f5:df:54:3f:53:32:
         51:1d:65:30:04:05:79:60:b0:94:1b:be:c1:48:f4:78:32:09:
         cc:0f:1c:ed:f3:8e:8b:bd:69:3e:83:9d:38:09:da:c1:81:b3:
         84:f3:b0:4b:44:37:17:91:fe:c5:c4:1b:38:8c:8f:46:9f:4d:
         1f:ce:8a:03
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUM7G8BBvAC8Rm9qJHXJOZgHYPm28wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDQwNTBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM0OGQ0ZGM3YzUzYWNhZmU3ZjY0MTUyNjM2NGYyNWNiODRhM2MxNWM1NmQ0
MTJhYzdhMzdjYzFhNzI0ZWMzYzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANOn1Qh1Y4UDqcxIqxub+M1t9OvRPm1wSv71C9KailL9E+8R8DSEdpCcr1eF
0kHpNGkzyWmIjhEC1oS/GJb6luHg0ZrASLiG1IpqkyfMMSKkDuEpnWLhrduUb8Ri
DRh1kBmQMr9D2otZwbjE5gvhOr7uzX459Gt174aut0gRIHhkOpXdiE6Kxa/DH/2b
9QjJWAqO/A45LiLE60N2QV7tphZA45KKPEs0oniZ2iQwQbevG2iB4Huca5ERMyda
0YwdtE5ZhakVHxy1RBpOAqQpeDktWEXG9fbCW8w9gcBcLH5iIiCDoJ+txF8rEWEJ
GfWNwUQv9GxZe9YV/yL0TwPtRj8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSp4Prm
AmLk4YQVdZ1bcLFacEY6izAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWQ5YTg0MjUtZTg5Yi00NTk4LWE2ODAtODRjNWIzNDFlZGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAoKoN9O3XQUSvbfyPx58wJzYZ7DIOYVY8IovrP
9mcjmjHgxvjiyAsux/kbCN1jcDu8v3l2xc8sbJrm2zo2gZJZ0h6OELe5jZaG6CLI
NmbbqzMajpaO5G/H/GwzdLKJ1i4sDqsqZSWDLdEUFqa9fpEqybcyoIAynvgORwBO
9cKcJIMEO8ORHtJ/Olu30QVkKatTzeFcD6M/WDzKwzwsEXLJQ8MOl5HNvRsUclwI
Llu5oR2vNuVdCCK1pb1DI27N9zD131Q/UzJRHWUwBAV5YLCUG77BSPR4MgnMDxzt
846LvWk+g504CdrBgbOE87BLRDcXkf7FxBs4jI9Gn00fzooD
-----END CERTIFICATE-----