Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
File:                     25d38479-752d-418e-a4fb-397c5aa432f8.roa (raw, json)
Hash identifier:          IV0MpTrMZR3S8lPof6mVANppVjH0winMgjhdd5ff/p4=
Subject key identifier:   F2:B1:FA:E8:DB:74:33:7F:D2:F2:0D:DB:51:07:93:B8:0C:D7:B3:DC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       44DB552A262FA6B66E662FEFEC5332BF818E8CA0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
Signing time:             Wed 26 Mar 2025 19:23:35 +0000
ROA not before:           Wed 26 Mar 2025 19:23:35 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d032:800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:db:55:2a:26:2f:a6:b6:6e:66:2f:ef:ec:53:32:bf:81:8e:8c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:23:35 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:36:99:48:2c:3c:09:fc:58:62:e7:36:8f:7e:
                    24:fc:01:de:91:77:48:28:8f:59:6f:83:f3:7a:d4:
                    66:c4:b2:0a:0e:9d:2c:e7:56:1d:04:aa:89:27:b3:
                    68:6b:b6:8b:b1:f9:fb:05:dc:ef:2e:8f:5a:ae:e0:
                    fc:5f:7d:92:ae:ea:0f:83:c5:4d:5b:9f:64:fc:40:
                    55:7f:71:f2:a3:a6:3e:28:f6:8b:0c:75:bb:0b:53:
                    c7:b6:f5:fe:63:31:ee:aa:c3:de:ce:83:b5:3d:81:
                    a9:a3:74:b3:8b:34:6c:00:a1:8e:4f:16:2c:4a:ca:
                    2b:5b:1b:2b:9e:2e:24:bc:72:3c:99:38:c4:10:fc:
                    b7:c9:a2:3a:ce:8e:56:6f:ed:53:04:3b:e3:44:09:
                    77:2d:11:ce:03:38:c6:82:52:21:55:37:e0:cf:07:
                    7b:6f:4e:d1:1f:ab:0b:38:1a:99:db:0a:75:f6:c2:
                    70:98:8f:d0:c1:87:dc:6d:58:d0:7b:fd:8a:3f:29:
                    fa:67:a1:30:a5:bc:38:ab:b7:24:a5:cd:d8:db:9d:
                    83:6a:0c:64:b7:c3:b5:34:86:c4:67:6b:bf:28:1b:
                    ad:91:ad:8e:26:6e:03:19:4c:c4:45:39:8d:1b:28:
                    17:52:4e:6f:8a:c4:40:cb:c3:3e:d0:73:fd:95:75:
                    3a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B1:FA:E8:DB:74:33:7F:D2:F2:0D:DB:51:07:93:B8:0C:D7:B3:DC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d032:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         97:85:a4:a3:60:75:88:60:dc:bd:c1:8c:98:d1:00:e2:28:53:
         aa:58:c0:ce:21:5f:ea:05:4a:0a:8d:cb:e4:a4:6e:aa:a5:c3:
         65:b7:c0:26:c7:87:f8:36:a6:16:d6:96:b1:d3:6d:f9:a9:47:
         27:64:34:bd:42:07:b9:c0:b9:f9:6e:2d:89:ac:d4:ff:1f:12:
         49:9e:de:95:78:55:bf:37:34:c4:7e:51:41:ed:27:63:01:a6:
         cb:00:cd:b8:f9:33:79:17:be:8d:74:99:ae:31:aa:65:3b:c2:
         05:36:6f:3c:17:ae:2f:9e:59:eb:fe:74:25:df:ab:0b:14:fc:
         65:2a:79:f2:88:2d:cb:ef:95:9b:08:aa:b2:a3:f3:a9:10:f4:
         29:2d:52:98:d9:ff:77:02:c6:f4:cb:69:00:b4:6d:1c:7c:5d:
         61:c9:3d:ba:f1:71:1c:f6:7c:f6:d8:46:5a:f5:69:a0:db:16:
         21:1f:24:9e:ef:52:ed:89:e6:52:a9:f8:50:43:f3:0f:02:ab:
         f3:3a:c2:a8:3c:89:a4:2d:c2:3e:9c:30:12:60:ff:77:a4:5e:
         a8:92:b7:f5:0b:44:66:18:4c:a5:6a:b8:13:5a:a0:2d:ac:fc:
         97:ab:ad:ab:09:3a:da:e7:b6:ab:35:7c:7f:9f:04:91:7a:a5:
         07:9c:33:09
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURNtVKiYvprZuZi/v7FMyv4GOjKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTIzMzVaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDIyZDU3M2ZjODQyMGQ4ODJjNWU4MGJkOWRiMzY2YWI0YTU3MzcyZDA1ZjJi
ZjhiYjFmYWMzMGU0ZWRmMmRiZDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL82mUgsPAn8WGLnNo9+JPwB3pF3SCiPWW+D83rUZsSyCg6dLOdWHQSqiSez
aGu2i7H5+wXc7y6PWq7g/F99kq7qD4PFTVufZPxAVX9x8qOmPij2iwx1uwtTx7b1
/mMx7qrD3s6DtT2BqaN0s4s0bAChjk8WLErKK1sbK54uJLxyPJk4xBD8t8miOs6O
Vm/tUwQ740QJdy0RzgM4xoJSIVU34M8He29O0R+rCzgamdsKdfbCcJiP0MGH3G1Y
0Hv9ij8p+mehMKW8OKu3JKXN2Nudg2oMZLfDtTSGxGdrvygbrZGtjiZuAxlMxEU5
jRsoF1JOb4rEQMvDPtBz/ZV1OqECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTysfro
23Qzf9LyDdtRB5O4DNez3DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjVkMzg0NzktNzUyZC00MThlLWE0ZmItMzk3YzVhYTQzMmY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DII
MA0GCSqGSIb3DQEBCwUAA4IBAQCXhaSjYHWIYNy9wYyY0QDiKFOqWMDOIV/qBUoK
jcvkpG6qpcNlt8Amx4f4NqYW1pax0235qUcnZDS9Qge5wLn5bi2JrNT/HxJJnt6V
eFW/NzTEflFB7SdjAabLAM24+TN5F76NdJmuMaplO8IFNm88F64vnlnr/nQl36sL
FPxlKnnyiC3L75WbCKqyo/OpEPQpLVKY2f93Asb0y2kAtG0cfF1hyT268XEc9nz2
2EZa9Wmg2xYhHySe71LtieZSqfhQQ/MPAqvzOsKoPImkLcI+nDASYP93pF6okrf1
C0RmGEylargTWqAtrPyXq62rCTra57arNXx/nwSReqUHnDMJ
-----END CERTIFICATE-----