Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35f0e19e-59f2-44f3-b0bf-e80d9fe0b48b.roa
File:                     35f0e19e-59f2-44f3-b0bf-e80d9fe0b48b.roa (raw, json)
Hash identifier:          le0/c8oR6/zLB1BUCmv3r8+eCQjnP7yPYjSppVoTFlE=
Subject key identifier:   BC:B5:F0:6A:EB:8D:CC:EB:C2:4E:FA:75:3A:D6:6B:5E:20:74:16:43
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       30F4C23A9E8A6BDC4D6E3C584E7D03EA2EE99B74
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35f0e19e-59f2-44f3-b0bf-e80d9fe0b48b.roa
Signing time:             Fri 21 Mar 2025 15:10:13 +0000
ROA not before:           Fri 21 Mar 2025 15:10:13 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d030:b000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:f4:c2:3a:9e:8a:6b:dc:4d:6e:3c:58:4e:7d:03:ea:2e:e9:9b:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:10:13 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:4c:0a:9f:38:8a:13:f4:85:a9:96:a2:1e:32:
                    b5:04:f0:2c:89:95:ad:92:2e:38:45:4d:12:17:a2:
                    e5:f2:6e:24:e6:0d:50:59:e3:d3:e7:86:34:90:62:
                    8b:08:69:99:fe:7d:49:6b:05:5b:ca:37:37:b3:04:
                    85:e4:66:e2:79:bc:5c:e5:c3:b4:f2:40:89:d9:aa:
                    90:12:c5:ea:35:d4:ff:2b:97:3d:c1:c7:ab:2d:52:
                    3b:1f:a0:f8:cd:05:07:99:28:50:a6:f0:14:95:3c:
                    1d:5d:82:5d:4f:53:f7:c1:fc:a6:d4:90:62:bb:a5:
                    59:23:c7:f5:0b:7f:49:ac:be:b3:30:fe:6c:4a:e9:
                    84:08:37:38:e6:32:43:31:fd:34:56:35:c4:70:fe:
                    25:03:98:34:22:18:24:87:b6:e6:3b:55:21:2c:7d:
                    1c:79:57:2e:6e:ed:c0:22:38:29:7e:b3:96:d4:f7:
                    4e:cd:e0:2a:f0:9e:51:44:36:bb:57:79:3a:88:e6:
                    17:25:56:4d:4e:96:8c:e5:78:bc:df:90:31:13:b5:
                    b7:e8:67:f9:6f:b9:99:41:1e:0a:38:4d:2e:4f:38:
                    c7:dd:2b:48:78:86:34:71:5d:b8:a2:27:3c:a2:f2:
                    9a:83:08:4b:27:bd:11:8b:1e:45:67:46:0a:02:f1:
                    74:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B5:F0:6A:EB:8D:CC:EB:C2:4E:FA:75:3A:D6:6B:5E:20:74:16:43
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35f0e19e-59f2-44f3-b0bf-e80d9fe0b48b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         61:78:af:04:09:b4:31:f2:07:11:85:c1:42:ed:a8:0f:88:f3:
         a8:0f:e7:88:dd:3e:0b:af:db:d5:0e:2b:ef:3c:c7:bd:61:83:
         9e:be:a3:53:ba:e2:24:ab:3f:b3:25:7f:6d:3f:3e:cc:10:38:
         69:65:69:8e:13:2e:56:90:c7:5e:95:51:18:79:99:77:c3:97:
         67:34:bf:8a:2e:e0:55:39:ff:71:fa:5a:e1:7e:02:0a:5b:da:
         77:12:1f:5e:43:aa:6e:0b:c1:f3:9a:4b:07:ba:98:8f:79:93:
         42:a9:cc:27:11:73:b5:d8:b2:7c:e9:67:5b:5f:bc:c0:a5:39:
         68:4e:6a:17:f3:e4:ea:fb:cf:d1:3e:11:ac:2f:32:71:08:2e:
         77:59:df:f1:1f:09:76:5b:9e:3f:d0:39:19:8d:73:af:4e:e0:
         4b:51:32:d4:80:ad:e2:d0:60:02:d5:e9:f5:54:af:78:de:38:
         1c:a4:33:83:15:a5:88:f7:e1:e3:58:76:58:d5:a3:96:e8:9d:
         7f:d8:38:9b:91:2c:c5:f6:96:a7:03:d5:d8:86:36:09:f9:de:
         a7:c5:3d:4d:29:4d:18:fb:e2:2e:d5:87:83:6c:7f:93:bb:ab:
         6b:da:e1:ad:51:76:7f:84:c3:f8:80:a6:53:9e:64:e5:4d:4e:
         83:a6:43:7b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMPTCOp6Ka9xNbjxYTn0D6i7pm3QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTEwMTNaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ4ZDcyMThlMzAyYWUzYTkyZWY4ZTRhODk1YzA5OTA2OGNkNGZhZTA4NGVi
NDIyNzMzYjBlYWI0ZDY1M2VlNmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAONMCp84ihP0hamWoh4ytQTwLImVrZIuOEVNEhei5fJuJOYNUFnj0+eGNJBi
iwhpmf59SWsFW8o3N7MEheRm4nm8XOXDtPJAidmqkBLF6jXU/yuXPcHHqy1SOx+g
+M0FB5koUKbwFJU8HV2CXU9T98H8ptSQYrulWSPH9Qt/Say+szD+bErphAg3OOYy
QzH9NFY1xHD+JQOYNCIYJIe25jtVISx9HHlXLm7twCI4KX6zltT3Ts3gKvCeUUQ2
u1d5OojmFyVWTU6WjOV4vN+QMRO1t+hn+W+5mUEeCjhNLk84x90rSHiGNHFduKIn
PKLymoMISye9EYseRWdGCgLxdBsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS8tfBq
643M68JO+nU61mteIHQWQzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzVmMGUxOWUtNTlmMi00NGYzLWIwYmYtZTgwZDlmZTBiNDhiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DCw
MA0GCSqGSIb3DQEBCwUAA4IBAQBheK8ECbQx8gcRhcFC7agPiPOoD+eI3T4Lr9vV
DivvPMe9YYOevqNTuuIkqz+zJX9tPz7MEDhpZWmOEy5WkMdelVEYeZl3w5dnNL+K
LuBVOf9x+lrhfgIKW9p3Eh9eQ6puC8HzmksHupiPeZNCqcwnEXO12LJ86WdbX7zA
pTloTmoX8+Tq+8/RPhGsLzJxCC53Wd/xHwl2W54/0DkZjXOvTuBLUTLUgK3i0GAC
1en1VK943jgcpDODFaWI9+HjWHZY1aOW6J1/2DibkSzF9panA9XYhjYJ+d6nxT1N
KU0Y++Iu1YeDbH+Tu6tr2uGtUXZ/hMP4gKZTnmTlTU6DpkN7
-----END CERTIFICATE-----