Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35fc0413-357a-4ddb-84e4-70641635a6c3.roa
File:                     35fc0413-357a-4ddb-84e4-70641635a6c3.roa (raw, json)
Hash identifier:          rxZbLRXvQiWNW9fsJ8daixm7MthRkKtvzULnQ6XXebI=
Subject key identifier:   C8:1B:98:1F:6A:2D:EE:F8:E4:6C:B2:5B:B8:B2:87:8E:37:02:F4:5E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2F42F3748B363A5623A1A38F207F0500C783C8BB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35fc0413-357a-4ddb-84e4-70641635a6c3.roa
Signing time:             Mon 31 Mar 2025 20:20:25 +0000
ROA not before:           Mon 31 Mar 2025 20:20:25 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:9040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:42:f3:74:8b:36:3a:56:23:a1:a3:8f:20:7f:05:00:c7:83:c8:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:20:25 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7d:bc:0f:07:bf:68:4c:37:a3:c9:19:cd:2b:
                    0c:5b:47:e1:25:40:09:1c:54:b4:71:18:8b:f8:e9:
                    ca:b9:d1:ee:88:dd:c4:8c:28:f9:b9:3a:4b:11:19:
                    a0:46:94:64:c9:3c:c5:82:3e:1c:77:99:17:68:54:
                    82:a3:6f:0f:9b:3e:1c:dc:13:65:d5:4e:84:dd:34:
                    0e:5c:19:fd:41:8b:6d:71:c2:3e:e8:07:76:b6:d5:
                    ea:f0:32:dc:bb:ff:96:04:71:dc:97:26:a2:f5:b2:
                    71:44:eb:fa:ac:60:83:85:53:95:a6:5b:07:51:b9:
                    aa:b3:e2:8b:10:2f:07:7a:44:77:a3:e1:4d:0b:1d:
                    5c:64:aa:b7:79:40:53:81:03:24:b8:78:0e:2c:e9:
                    d9:5e:fc:42:4a:49:6a:08:93:14:6a:d2:77:6d:ad:
                    0a:1a:70:cc:49:e4:c8:2e:86:3f:bb:e1:27:6f:b4:
                    fa:be:99:76:17:fd:d5:4b:dd:70:26:2c:8d:bd:4e:
                    a8:8c:d2:13:f4:43:44:2c:ff:63:41:ed:bd:c3:66:
                    6d:fb:21:be:6d:31:0b:fc:dd:1f:d3:bf:50:b0:35:
                    1d:37:f0:f5:42:9d:c0:c8:36:c0:14:2f:a3:9e:02:
                    80:4a:37:d5:7b:bd:89:34:47:41:6c:99:a3:67:6d:
                    4e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:1B:98:1F:6A:2D:EE:F8:E4:6C:B2:5B:B8:B2:87:8E:37:02:F4:5E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35fc0413-357a-4ddb-84e4-70641635a6c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:9040::/46

    Signature Algorithm: sha256WithRSAEncryption
         1f:75:64:8e:a1:26:33:94:5c:94:50:2f:e3:42:d9:3e:5c:de:
         dd:3a:ec:68:6a:ff:34:91:b0:28:2c:6f:16:42:14:ba:06:dd:
         3e:40:33:23:37:70:77:a8:48:01:79:55:e8:52:fe:93:61:1f:
         48:7b:ef:71:93:80:92:9e:b9:d2:52:88:b9:15:72:c1:49:ed:
         59:83:a2:18:18:68:82:ee:3e:a5:ca:c3:2c:9d:5a:bc:f8:55:
         02:76:24:26:2e:78:58:de:2b:f0:f9:d0:82:8b:13:2e:43:3f:
         04:c9:ab:ff:fa:3b:ee:ef:99:54:ee:39:b9:dc:4b:d9:fb:93:
         64:e9:73:1a:2b:66:c7:fb:8b:bf:2b:9f:6f:c0:db:c8:ce:ef:
         d1:20:d3:82:6e:81:90:af:68:80:7a:de:cc:be:ad:ff:14:1a:
         c0:e5:1f:b8:45:16:f1:87:d5:39:8a:83:35:bb:4f:21:c2:22:
         01:90:f5:ae:b3:68:c2:4b:a8:d5:94:96:d8:c7:c8:75:7c:00:
         a7:50:4d:93:90:87:bd:4b:5d:7f:bd:f8:00:58:63:be:20:6a:
         ef:af:87:bc:14:04:53:de:5d:f7:ad:3e:6c:9b:b0:e6:93:0b:
         cf:53:8e:95:48:c0:eb:d5:63:e2:f1:3a:06:6e:44:96:9f:d0:
         af:d2:5b:0f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUL0LzdIs2OlYjoaOPIH8FAMeDyLswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIwMjVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE1ZGVjMDhlM2ViMTM5ZmU3NjU3MWI1NjU2NGE0ZmJlOTYzY2E4NDNhN2I1
NWQyOTdmZmZjN2Q3YTNiNDhmYmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALV9vA8Hv2hMN6PJGc0rDFtH4SVACRxUtHEYi/jpyrnR7ojdxIwo+bk6SxEZ
oEaUZMk8xYI+HHeZF2hUgqNvD5s+HNwTZdVOhN00DlwZ/UGLbXHCPugHdrbV6vAy
3Lv/lgRx3JcmovWycUTr+qxgg4VTlaZbB1G5qrPiixAvB3pEd6PhTQsdXGSqt3lA
U4EDJLh4Dizp2V78QkpJagiTFGrSd22tChpwzEnkyC6GP7vhJ2+0+r6Zdhf91Uvd
cCYsjb1OqIzSE/RDRCz/Y0HtvcNmbfshvm0xC/zdH9O/ULA1HTfw9UKdwMg2wBQv
o54CgEo31Xu9iTRHQWyZo2dtTmkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTIG5gf
ai3u+ORsslu4soeONwL0XjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzVmYzA0MTMtMzU3YS00ZGRiLTg0ZTQtNzA2NDE2MzVhNmMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DWQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAH3VkjqEmM5RclFAv40LZPlze3TrsaGr/NJGw
KCxvFkIUugbdPkAzIzdwd6hIAXlV6FL+k2EfSHvvcZOAkp650lKIuRVywUntWYOi
GBhogu4+pcrDLJ1avPhVAnYkJi54WN4r8PnQgosTLkM/BMmr//o77u+ZVO45udxL
2fuTZOlzGitmx/uLvyufb8DbyM7v0SDTgm6BkK9ogHrezL6t/xQawOUfuEUW8YfV
OYqDNbtPIcIiAZD1rrNowkuo1ZSW2MfIdXwAp1BNk5CHvUtdf734AFhjviBq76+H
vBQEU95d960+bJuw5pMLz1OOlUjA69Vj4vE6Bm5Elp/Qr9JbDw==
-----END CERTIFICATE-----