Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35bb0da5-0a2d-4b80-aafe-af7e74cf5869.roa
File:                     35bb0da5-0a2d-4b80-aafe-af7e74cf5869.roa (raw, json)
Hash identifier:          3tTgklAReQMokiJIixjlwlCw31W49ewaO+VWcvCfTZU=
Subject key identifier:   63:9F:08:22:18:7E:C0:C8:D0:B7:F6:49:2C:EC:ED:1B:AD:05:D5:5E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       74D413F2D985B409DFB1523D64C6FEFA8440E3DD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35bb0da5-0a2d-4b80-aafe-af7e74cf5869.roa
Signing time:             Mon 31 Mar 2025 21:10:58 +0000
ROA not before:           Mon 31 Mar 2025 21:10:58 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d019::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:d4:13:f2:d9:85:b4:09:df:b1:52:3d:64:c6:fe:fa:84:40:e3:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:10:58 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7e:e8:d2:c6:90:3d:02:60:da:b9:d8:54:f2:
                    b1:22:5c:e1:a3:ec:c6:35:19:a3:a2:d9:e8:ef:11:
                    60:a5:ca:18:b0:35:a1:57:8a:41:50:44:58:16:62:
                    84:97:fc:6c:19:67:cd:4a:15:fd:ad:dd:b6:a0:d7:
                    9a:88:66:43:77:1e:42:32:be:98:3d:9f:f5:8d:e4:
                    13:8f:b2:05:c7:f8:d2:55:22:44:6b:9e:fc:ff:bd:
                    88:c0:4e:89:3c:33:67:41:54:16:86:34:2e:af:bc:
                    37:91:82:61:23:ba:63:a2:f3:82:71:65:53:81:c5:
                    05:63:c5:a1:3d:ec:4f:33:c1:02:12:96:8f:83:39:
                    39:71:a5:75:89:79:8d:1b:01:c1:c2:9c:c0:d4:6d:
                    4b:2b:e2:e9:38:65:ea:f8:d5:6f:58:1a:ed:41:cb:
                    d7:f8:c1:db:bd:b5:f5:34:f7:20:f9:b6:31:33:71:
                    a1:25:c9:22:32:ed:a5:78:99:5c:b5:77:de:f0:d2:
                    f1:d0:67:88:e0:b5:97:a5:dc:fc:ef:6e:45:9f:8e:
                    ad:0d:da:23:3c:8c:48:27:9a:cb:f7:15:3c:a1:74:
                    9d:f2:b0:fb:bd:06:72:6b:68:1e:e0:c4:d7:f8:16:
                    55:61:1e:d8:b3:26:68:a5:e0:5a:de:b3:bd:03:9c:
                    ff:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:9F:08:22:18:7E:C0:C8:D0:B7:F6:49:2C:EC:ED:1B:AD:05:D5:5E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35bb0da5-0a2d-4b80-aafe-af7e74cf5869.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d019::/38

    Signature Algorithm: sha256WithRSAEncryption
         93:64:f4:28:b7:00:96:04:ce:b2:85:1f:37:aa:d2:2b:cf:82:
         4f:81:a9:de:3c:50:be:14:46:db:7c:d4:2e:5e:bb:10:cf:2f:
         94:3a:7b:8f:87:7a:10:17:b5:55:5f:1f:96:81:3c:fb:47:ac:
         9c:ee:da:d2:4c:80:8a:d8:4a:11:96:e7:cc:0c:0c:2f:86:ca:
         5a:fd:51:b3:3c:c5:fe:fc:ce:86:f4:72:68:e0:ec:11:83:78:
         1d:ea:ea:d4:49:06:7b:f1:19:60:91:d2:34:26:f4:df:6e:ba:
         4d:26:a1:ff:8f:03:03:9e:43:15:80:64:eb:05:99:2b:7a:da:
         82:e4:bc:83:60:fd:5d:d0:c3:01:17:e3:f2:37:55:74:05:e5:
         a4:0e:e8:2f:f3:52:94:51:e1:b5:e4:c2:a9:d0:99:44:6c:f2:
         cd:5d:1b:59:c0:36:08:76:b2:c2:04:bb:d6:09:ea:8a:7f:42:
         d1:5b:5c:fc:22:4d:77:4b:64:aa:4d:60:ef:79:28:40:df:5f:
         e1:a4:6c:8a:ec:92:c5:2c:51:f2:45:44:73:d2:0e:d6:d9:69:
         cb:cf:7a:8f:59:55:0d:dc:20:ee:32:91:82:43:cb:21:34:52:
         a9:9f:8d:15:ee:b9:a4:f7:90:82:c8:7c:6f:8b:54:c9:5b:24:
         22:a7:f3:fe
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdNQT8tmFtAnfsVI9ZMb++oRA490wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTEwNThaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVkNDFmMzhlM2MxMWM2YmM5OGVkMTk0NGZkMGQ4ZTgwN2NjN2JlNjY4ZDM1
MmJkNzYxOTY4YmJiNjFlOTdkOWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMl+6NLGkD0CYNq52FTysSJc4aPsxjUZo6LZ6O8RYKXKGLA1oVeKQVBEWBZi
hJf8bBlnzUoV/a3dtqDXmohmQ3ceQjK+mD2f9Y3kE4+yBcf40lUiRGue/P+9iMBO
iTwzZ0FUFoY0Lq+8N5GCYSO6Y6LzgnFlU4HFBWPFoT3sTzPBAhKWj4M5OXGldYl5
jRsBwcKcwNRtSyvi6Thl6vjVb1ga7UHL1/jB27219TT3IPm2MTNxoSXJIjLtpXiZ
XLV33vDS8dBniOC1l6Xc/O9uRZ+OrQ3aIzyMSCeay/cVPKF0nfKw+70GcmtoHuDE
1/gWVWEe2LMmaKXgWt6zvQOc/2UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRjnwgi
GH7AyNC39kks7O0brQXVXjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzViYjBkYTUtMGEyZC00YjgwLWFhZmUtYWY3ZTc0Y2Y1ODY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkA
MA0GCSqGSIb3DQEBCwUAA4IBAQCTZPQotwCWBM6yhR83qtIrz4JPganePFC+FEbb
fNQuXrsQzy+UOnuPh3oQF7VVXx+WgTz7R6yc7trSTICK2EoRlufMDAwvhspa/VGz
PMX+/M6G9HJo4OwRg3gd6urUSQZ78RlgkdI0JvTfbrpNJqH/jwMDnkMVgGTrBZkr
etqC5LyDYP1d0MMBF+PyN1V0BeWkDugv81KUUeG15MKp0JlEbPLNXRtZwDYIdrLC
BLvWCeqKf0LRW1z8Ik13S2SqTWDveShA31/hpGyK7JLFLFHyRURz0g7W2WnLz3qP
WVUN3CDuMpGCQ8shNFKpn40V7rmk95CCyHxvi1TJWyQip/P+
-----END CERTIFICATE-----