Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28181159-5695-4944-b901-f84b836b4d8f.roa
File:                     28181159-5695-4944-b901-f84b836b4d8f.roa (raw, json)
Hash identifier:          kJQ+HnLdgY99R4RbBtyO+pJZWaISqUx/Z3UBcmD6T1g=
Subject key identifier:   DF:8C:B6:E4:AD:F8:A3:86:D8:C9:AA:46:D8:2D:3F:10:99:F4:33:F8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       32BFB56DE2E3AF6130D74B2C9B2DB501C76C15D9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28181159-5695-4944-b901-f84b836b4d8f.roa
Signing time:             Mon 24 Mar 2025 19:30:16 +0000
ROA not before:           Mon 24 Mar 2025 19:30:16 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d076:9000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:bf:b5:6d:e2:e3:af:61:30:d7:4b:2c:9b:2d:b5:01:c7:6c:15:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 24 19:30:16 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:9e:0a:8f:2a:3d:46:fe:c0:fd:9c:27:ca:e6:
                    80:67:86:f5:83:58:40:40:7e:bb:2d:e7:7d:3d:4a:
                    78:53:1f:7e:9a:3c:19:27:02:7b:b7:90:66:c1:2f:
                    5c:5f:69:a3:ea:9e:db:a4:34:5c:a9:34:28:2a:4d:
                    40:91:21:67:8a:19:57:8b:42:9d:b6:45:8a:ae:d0:
                    1e:e2:f0:35:9d:b5:9e:88:e7:ec:f6:57:89:25:4c:
                    83:39:58:f6:b2:50:7c:ad:a9:73:5e:5c:89:a8:43:
                    37:8e:f4:12:d7:11:9b:27:13:2d:eb:2e:68:09:4e:
                    20:41:76:c3:14:5f:a2:d1:73:81:b7:14:ba:18:af:
                    f3:74:a0:88:af:11:03:81:14:86:14:cb:21:97:22:
                    ac:03:46:2c:b8:eb:18:7c:95:42:cc:06:38:f6:3e:
                    a2:16:15:0f:64:57:b4:67:d2:61:0a:49:9f:30:f2:
                    2a:d7:bf:75:a7:d8:67:d1:28:3f:d9:00:3c:1a:22:
                    7b:54:3e:72:93:f8:f7:dc:77:10:33:c9:3b:dc:64:
                    74:8a:0b:2d:b0:94:86:b9:2e:bb:49:cb:e5:cf:0e:
                    90:2b:d9:ef:9e:d1:4e:9d:b1:41:04:e9:42:95:de:
                    4e:d5:58:cd:8a:d2:07:6e:4c:91:35:d9:51:80:f5:
                    68:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:8C:B6:E4:AD:F8:A3:86:D8:C9:AA:46:D8:2D:3F:10:99:F4:33:F8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28181159-5695-4944-b901-f84b836b4d8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d076:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9f:77:9b:7b:9e:43:84:46:9f:c6:b3:5a:73:13:54:43:56:91:
         72:80:e1:6a:a8:9c:17:2c:71:55:d0:94:4b:50:38:4c:6d:54:
         17:de:2e:0e:71:a6:22:19:8c:eb:b0:bb:db:a3:ff:37:6b:99:
         54:7f:82:d9:bb:1c:74:e9:e0:26:15:0f:2a:ff:02:a0:58:b4:
         d4:4d:d6:8d:6b:99:f8:aa:f4:75:69:cf:fd:ab:2b:c7:f9:61:
         d6:d3:09:65:a2:2d:ea:06:e7:2d:57:81:ed:88:d3:cb:67:04:
         81:5e:18:d5:77:10:67:53:66:6f:61:06:c3:0b:b7:15:03:59:
         7e:97:86:27:a1:37:3f:12:79:67:4c:0d:c6:06:5e:78:07:32:
         b9:72:0f:e3:7e:e8:0f:4d:a2:3b:00:cd:55:92:8f:bc:16:36:
         3b:5e:12:08:c1:52:75:92:61:71:a8:c0:73:af:e1:4a:2d:f8:
         95:16:2e:a5:98:92:81:53:6f:65:44:63:97:d0:bb:2e:43:6f:
         9f:b7:0e:57:c7:35:03:47:25:28:1f:8c:46:b8:f8:33:44:81:
         eb:bb:a7:01:4d:3e:11:51:4b:7f:ad:08:fd:98:85:0b:38:1b:
         f7:ca:d2:4f:dc:ce:7a:27:1d:e0:e5:28:1a:1d:a7:21:5b:db:
         9c:98:f3:9b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMr+1beLjr2Ew10ssmy21AcdsFdkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjQxOTMwMTZaFw0yNTA0MjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDU5YTE4YjMzMWY3ODQzZWZkZGVhNDQ5ODVhY2VjZDU1MjZiYmEwMzU2ZjA5
ZTVjYzZiYTcxNTU0NTk1MTllNTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM6eCo8qPUb+wP2cJ8rmgGeG9YNYQEB+uy3nfT1KeFMffpo8GScCe7eQZsEv
XF9po+qe26Q0XKk0KCpNQJEhZ4oZV4tCnbZFiq7QHuLwNZ21nojn7PZXiSVMgzlY
9rJQfK2pc15ciahDN470EtcRmycTLesuaAlOIEF2wxRfotFzgbcUuhiv83SgiK8R
A4EUhhTLIZcirANGLLjrGHyVQswGOPY+ohYVD2RXtGfSYQpJnzDyKte/dafYZ9Eo
P9kAPBoie1Q+cpP499x3EDPJO9xkdIoLLbCUhrkuu0nL5c8OkCvZ757RTp2xQQTp
QpXeTtVYzYrSB25MkTXZUYD1aFMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTfjLbk
rfijhtjJqkbYLT8QmfQz+DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjgxODExNTktNTY5NS00OTQ0LWI5MDEtZjg0YjgzNmI0ZDhmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HaQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCfd5t7nkOERp/Gs1pzE1RDVpFygOFqqJwXLHFV
0JRLUDhMbVQX3i4OcaYiGYzrsLvbo/83a5lUf4LZuxx06eAmFQ8q/wKgWLTUTdaN
a5n4qvR1ac/9qyvH+WHW0wlloi3qBuctV4HtiNPLZwSBXhjVdxBnU2ZvYQbDC7cV
A1l+l4YnoTc/EnlnTA3GBl54BzK5cg/jfugPTaI7AM1Vko+8FjY7XhIIwVJ1kmFx
qMBzr+FKLfiVFi6lmJKBU29lRGOX0LsuQ2+ftw5XxzUDRyUoH4xGuPgzRIHru6cB
TT4RUUt/rQj9mIULOBv3ytJP3M56Jx3g5SgaHachW9ucmPOb
-----END CERTIFICATE-----