Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
File:                     3bde61a2-7506-48c2-8365-3447411d858e.roa (raw, json)
Hash identifier:          JhgTdnpaLKKUIdsaGrqewQVFNOqylj4JWdlvl5cSNSo=
Subject key identifier:   9A:D6:90:35:6C:70:9D:5A:58:9A:95:C2:C7:2B:C9:9A:60:D0:6E:4F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0F512F54B76ABBDC1F6B47E4162FC6716787DFBE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
Signing time:             Mon 31 Mar 2025 21:00:06 +0000
ROA not before:           Mon 31 Mar 2025 21:00:06 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:51:2f:54:b7:6a:bb:dc:1f:6b:47:e4:16:2f:c6:71:67:87:df:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:00:06 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:36:21:a9:71:b3:c7:8a:43:b6:3d:35:94:c1:
                    e2:6e:e0:43:d1:b8:0d:87:71:d4:09:77:20:f0:db:
                    d4:4e:4e:1e:e4:77:08:ba:68:44:29:55:e7:0d:33:
                    77:85:b5:b1:28:2d:71:0c:25:fd:c4:4e:c5:c5:c2:
                    09:c9:de:ff:be:35:80:b6:10:1b:cd:f3:ab:3b:78:
                    64:61:bb:1a:ba:fb:9f:96:5d:6e:37:49:bb:f9:2f:
                    3c:9f:b1:5a:d4:77:96:53:b9:8b:36:a4:b0:d5:c8:
                    e5:ed:9e:44:41:96:2e:bb:05:54:9e:40:04:73:2f:
                    99:cb:40:9a:db:41:3b:25:0b:23:92:ce:ae:ce:34:
                    e9:59:c6:1c:ad:29:3a:01:89:89:e8:44:f3:a1:e9:
                    e2:36:48:ec:7e:c2:04:b4:a5:9e:c2:d2:e0:7d:50:
                    7e:bd:b7:99:0b:05:70:2d:10:2d:e2:c2:fb:51:01:
                    f7:44:f6:3e:71:1b:6f:a0:33:d4:e3:07:68:97:80:
                    8a:0a:1f:47:12:c6:8a:cf:0e:fd:b3:ee:01:8d:76:
                    5e:5e:34:9a:b3:f5:31:69:51:12:4a:3b:00:dd:a3:
                    79:c0:97:b8:66:09:91:45:58:69:06:8d:9b:87:70:
                    4a:8b:b2:36:0a:c0:29:78:16:35:26:1b:5d:8e:69:
                    d2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D6:90:35:6C:70:9D:5A:58:9A:95:C2:C7:2B:C9:9A:60:D0:6E:4F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1f:19:ec:a7:8a:15:88:74:34:c0:d1:69:a3:2f:62:5a:c8:f1:
         69:10:f7:66:5c:39:dd:7c:39:e7:95:6e:f5:5f:ab:3c:53:ca:
         6b:d6:ef:15:c7:d6:f6:ec:c4:92:c0:7b:76:70:c6:99:a0:cc:
         ad:fc:57:23:48:f5:d6:3b:44:ec:ca:d6:8e:11:11:bf:9f:5e:
         f5:12:03:6a:58:7b:eb:8f:1c:dc:77:d9:f0:42:ed:19:51:99:
         7c:b9:71:b5:a1:d9:4f:b9:1b:b2:e1:bb:e6:35:29:bb:c1:4f:
         44:50:78:3c:62:7e:0b:8d:24:f9:9f:02:fa:fd:92:c9:41:ec:
         76:1c:11:6c:76:fc:13:f1:ba:0a:54:8d:a1:af:3d:92:90:31:
         d9:00:44:50:46:55:d3:42:03:23:0e:3d:89:31:c2:60:95:13:
         f1:ba:be:f8:23:ad:71:03:5c:0b:63:8c:2e:b3:3f:d7:90:e4:
         60:89:9b:54:8f:3e:82:0e:1e:fa:78:29:dc:38:5e:d4:60:60:
         fa:21:9e:33:ce:c6:2e:bd:97:1e:3e:f7:19:bf:11:c3:1a:a7:
         ce:6f:1e:22:09:d6:47:44:b4:7d:93:5b:7b:66:98:a8:fd:12:
         51:63:54:5c:60:fb:b9:48:4d:3f:0f:6e:2e:1d:8d:1d:5f:66:
         17:00:a9:d0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUD1EvVLdqu9wfa0fkFi/GcWeH374wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAwMDZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDMxMTNmZDVmZTU0YWUxMzE4NGFiYzA2MTVmZmMwY2NjYjdhMzU0YzYwYTI4
Y2E4NTljYjgwMmRiYjdmY2ExNjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKk2Ialxs8eKQ7Y9NZTB4m7gQ9G4DYdx1Al3IPDb1E5OHuR3CLpoRClV5w0z
d4W1sSgtcQwl/cROxcXCCcne/741gLYQG83zqzt4ZGG7Grr7n5ZdbjdJu/kvPJ+x
WtR3llO5izaksNXI5e2eREGWLrsFVJ5ABHMvmctAmttBOyULI5LOrs406VnGHK0p
OgGJiehE86Hp4jZI7H7CBLSlnsLS4H1Qfr23mQsFcC0QLeLC+1EB90T2PnEbb6Az
1OMHaJeAigofRxLGis8O/bPuAY12Xl40mrP1MWlREko7AN2jecCXuGYJkUVYaQaN
m4dwSouyNgrAKXgWNSYbXY5p0scCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSa1pA1
bHCdWlialcLHK8maYNBuTzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2JkZTYxYTItNzUwNi00OGMyLTgzNjUtMzQ0NzQxMWQ4NThlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAfGeynihWIdDTA0WmjL2JayPFpEPdmXDndfDnn
lW71X6s8U8pr1u8Vx9b27MSSwHt2cMaZoMyt/FcjSPXWO0TsytaOERG/n171EgNq
WHvrjxzcd9nwQu0ZUZl8uXG1odlPuRuy4bvmNSm7wU9EUHg8Yn4LjST5nwL6/ZLJ
Qex2HBFsdvwT8boKVI2hrz2SkDHZAERQRlXTQgMjDj2JMcJglRPxur74I61xA1wL
Y4wusz/XkORgiZtUjz6CDh76eCncOF7UYGD6IZ4zzsYuvZcePvcZvxHDGqfObx4i
CdZHRLR9k1t7Zpio/RJRY1RcYPu5SE0/D24uHY0dX2YXAKnQ
-----END CERTIFICATE-----