Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/455182aa-6d74-4447-81a6-6be09732e55d.roa
File:                     455182aa-6d74-4447-81a6-6be09732e55d.roa (raw, json)
Hash identifier:          N+agBEIZLIXKiJteLnbLOic2K8furwFfd3LZcsKQ0Ys=
Subject key identifier:   19:A9:E5:95:E8:E9:85:C8:E3:31:31:9E:D1:07:D8:A0:92:C5:82:AA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       187C6275BB4F54ABBB711ED649608A7E825C86FC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/455182aa-6d74-4447-81a6-6be09732e55d.roa
Signing time:             Mon 31 Mar 2025 21:10:21 +0000
ROA not before:           Mon 31 Mar 2025 21:10:21 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01e:c00::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:7c:62:75:bb:4f:54:ab:bb:71:1e:d6:49:60:8a:7e:82:5c:86:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:10:21 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5d:7d:6b:30:8a:7f:e7:6c:1a:48:19:69:d4:
                    d7:9a:04:d7:d5:b4:e9:d8:ec:6b:8f:3d:f5:70:a0:
                    44:30:34:70:0a:cf:88:4b:fb:ef:53:c8:b1:6f:85:
                    99:ef:d1:bc:37:cd:36:32:c8:0d:0e:37:75:cc:0d:
                    b7:4e:93:37:49:46:46:e1:af:2b:60:c4:de:ee:1d:
                    80:60:e8:20:63:cc:ad:8c:42:20:4e:00:3f:1d:66:
                    9f:56:a1:7f:67:aa:4c:b3:aa:03:06:1c:a9:d8:d1:
                    5a:87:8d:59:bc:93:7a:23:92:15:24:82:23:00:08:
                    f4:f3:3c:6c:d4:ce:d8:09:80:eb:87:ed:f0:61:7a:
                    32:af:dd:16:4f:97:66:42:de:8a:25:fd:a7:d4:19:
                    8e:88:2d:8c:df:1a:92:80:75:3f:23:17:d9:78:d9:
                    08:29:4e:1a:2f:2d:82:a1:f7:9f:f6:f8:61:df:29:
                    2a:d9:82:ef:81:61:6e:18:0e:05:d3:58:2f:c8:9e:
                    27:b4:67:1a:e4:cd:80:75:86:dc:10:80:cd:54:b4:
                    df:b8:b2:90:dd:8f:d2:76:e0:8b:f3:fd:3a:e8:ec:
                    ca:81:db:13:60:d2:96:bd:31:e5:9c:f0:9f:24:7b:
                    a5:57:17:6b:29:d7:f5:a2:f4:c2:59:c6:12:e6:a6:
                    62:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:A9:E5:95:E8:E9:85:C8:E3:31:31:9E:D1:07:D8:A0:92:C5:82:AA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/455182aa-6d74-4447-81a6-6be09732e55d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01e:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         8f:7a:a5:42:19:9c:4a:15:d3:59:6b:09:21:50:44:d1:f9:01:
         db:d6:19:d8:28:d2:3a:3c:15:c8:be:d4:a1:56:22:2e:7c:9e:
         d1:0e:06:dc:aa:d4:45:65:93:1b:6e:b4:b0:2b:00:26:40:8d:
         d2:e4:4d:81:e8:e3:c4:ed:db:65:ad:48:12:3f:4a:5f:23:3e:
         7b:5c:73:a6:96:42:92:10:25:29:ca:38:52:81:cf:7c:7d:8d:
         aa:d7:da:0d:02:e1:ea:66:f6:c6:79:bb:37:11:ac:b0:3e:cd:
         a3:9b:46:68:a5:4c:79:47:37:4e:26:32:f6:2d:94:e0:cf:d4:
         5b:a1:ee:d9:a4:55:58:28:7c:3f:13:35:25:b4:33:c1:1a:e1:
         e6:82:d2:1c:36:c4:0e:ac:ba:13:22:63:3b:2c:87:33:ae:84:
         0a:ee:a3:15:fd:42:8d:0c:e4:66:20:74:cd:c5:cd:ea:8e:60:
         aa:14:5e:48:20:bb:29:32:86:9d:d7:ec:72:dc:eb:2a:df:0c:
         66:0b:19:37:14:b9:26:0f:15:65:ba:c6:dd:ae:49:2b:f9:06:
         81:e4:c6:34:4f:02:c9:45:7a:09:c7:d8:80:c5:1d:ed:98:5d:
         e4:71:39:39:49:01:4f:d5:25:4a:ae:7a:2d:7e:80:05:ef:d7:
         18:a7:6f:e3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGHxidbtPVKu7cR7WSWCKfoJchvwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTEwMjFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc0M2YzNzBhNzc3MjQ0ZmNkNGIwYWVlNTk2MTkwYzI0NjNhMjI3MzA2ZjQ1
YjQ3YjRkZWNhN2YxM2RlYTU2ZmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZdfWswin/nbBpIGWnU15oE19W06djsa4899XCgRDA0cArPiEv771PIsW+F
me/RvDfNNjLIDQ43dcwNt06TN0lGRuGvK2DE3u4dgGDoIGPMrYxCIE4APx1mn1ah
f2eqTLOqAwYcqdjRWoeNWbyTeiOSFSSCIwAI9PM8bNTO2AmA64ft8GF6Mq/dFk+X
ZkLeiiX9p9QZjogtjN8akoB1PyMX2XjZCClOGi8tgqH3n/b4Yd8pKtmC74FhbhgO
BdNYL8ieJ7RnGuTNgHWG3BCAzVS037iykN2P0nbgi/P9OujsyoHbE2DSlr0x5Zzw
nyR7pVcXaynX9aL0wlnGEuamYh0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQZqeWV
6OmFyOMxMZ7RB9igksWCqjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDU1MTgyYWEtNmQ3NC00NDQ3LTgxYTYtNmJlMDk3MzJlNTVkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0B4M
MA0GCSqGSIb3DQEBCwUAA4IBAQCPeqVCGZxKFdNZawkhUETR+QHb1hnYKNI6PBXI
vtShViIufJ7RDgbcqtRFZZMbbrSwKwAmQI3S5E2B6OPE7dtlrUgSP0pfIz57XHOm
lkKSECUpyjhSgc98fY2q19oNAuHqZvbGebs3EaywPs2jm0ZopUx5RzdOJjL2LZTg
z9Rboe7ZpFVYKHw/EzUltDPBGuHmgtIcNsQOrLoTImM7LIczroQK7qMV/UKNDORm
IHTNxc3qjmCqFF5IILspMoad1+xy3Osq3wxmCxk3FLkmDxVlusbdrkkr+QaB5MY0
TwLJRXoJx9iAxR3tmF3kcTk5SQFP1SVKrnotfoAF79cYp2/j
-----END CERTIFICATE-----