Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ba54e4f-0294-4e83-8037-7d266c37f0c9.roa
File:                     4ba54e4f-0294-4e83-8037-7d266c37f0c9.roa (raw, json)
Hash identifier:          l2lY1U9gow2iafMR+Qh4qk6Ulr+vtAEWi1gp6qBNobc=
Subject key identifier:   21:B8:E2:FD:47:81:B7:AD:56:51:1B:28:86:02:89:7E:5A:D4:62:DA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6C60619906BDB5853382B48C8ABF120370CA04CF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ba54e4f-0294-4e83-8037-7d266c37f0c9.roa
Signing time:             Fri 21 Mar 2025 15:10:06 +0000
ROA not before:           Fri 21 Mar 2025 15:10:06 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d030:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:60:61:99:06:bd:b5:85:33:82:b4:8c:8a:bf:12:03:70:ca:04:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:10:06 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:1b:5c:d6:53:b4:b6:6a:c3:cd:dc:57:b3:29:
                    ef:80:70:e7:24:48:c5:37:f5:6a:c1:a7:b1:1d:8a:
                    25:a8:1a:7c:b5:c9:4f:48:72:36:2d:2a:54:84:ba:
                    8d:f9:03:91:64:e9:ea:81:f8:85:6a:7b:50:59:0f:
                    d5:c2:0e:3a:78:be:99:30:20:52:9d:9c:c9:de:e0:
                    d1:eb:5f:d0:12:09:d7:19:78:dd:eb:61:0b:9b:0b:
                    e4:fa:00:26:bc:05:31:36:0f:71:57:dc:6f:4a:f7:
                    1e:b0:e6:85:b9:45:ed:7b:ae:22:91:3f:bf:fd:f3:
                    7c:80:9f:c4:aa:0c:d2:ec:60:2e:64:e0:09:c0:d8:
                    48:a0:73:d4:45:37:34:9a:64:1d:4e:8b:fb:a3:a7:
                    43:e3:db:21:18:3a:3a:e0:57:3b:c2:de:ed:d9:98:
                    98:a8:72:c3:dc:bd:7a:7a:e1:b2:b5:29:7d:ac:70:
                    b6:25:d4:bd:88:12:30:7f:04:19:e8:db:98:de:53:
                    4b:e9:56:a1:b1:61:b1:1e:3f:8b:60:a1:77:b9:93:
                    52:60:96:4b:31:8e:ae:6f:2c:56:06:08:3d:fb:e4:
                    56:c2:01:36:bd:39:3d:49:64:7a:d8:4b:fe:41:5b:
                    b7:da:00:58:f5:7d:0d:cf:7b:0c:45:c5:86:e7:b4:
                    42:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:B8:E2:FD:47:81:B7:AD:56:51:1B:28:86:02:89:7E:5A:D4:62:DA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ba54e4f-0294-4e83-8037-7d266c37f0c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:2f:87:cb:39:d2:8f:8d:ca:6c:18:18:22:79:bb:56:9e:4d:
         8c:1f:2a:92:9c:71:c5:20:ed:3e:bf:ea:25:f5:2e:76:20:c8:
         62:83:d2:ff:ca:b8:6b:e9:56:62:d6:50:6c:20:56:84:74:00:
         3a:70:2b:4d:5a:be:32:ba:93:75:6f:f2:ba:6a:ec:05:54:e2:
         fb:8d:3e:9d:1f:42:76:3a:f8:92:73:ef:1e:59:ee:46:07:52:
         4f:4e:0f:1c:a5:c4:44:8a:21:dd:64:6a:56:f0:1d:d1:22:ca:
         7c:c0:d6:7b:c5:34:6e:22:df:8d:0c:72:3e:7b:43:b9:8c:0e:
         0a:59:c5:d2:ef:0c:f1:ea:55:8e:47:b7:b7:54:b5:09:0b:98:
         54:f4:a2:09:f6:3f:e6:d5:45:5d:a7:ce:15:86:67:af:70:63:
         49:c9:4c:ff:50:c9:a8:24:cc:09:37:3f:f9:9b:fe:b3:9b:a3:
         ce:63:cf:ad:50:a6:e1:1f:ce:a6:fa:aa:50:72:d6:2d:86:7f:
         a5:0c:22:c8:a4:dd:63:35:5a:11:6d:d2:75:34:63:e8:29:43:
         ed:ec:a9:41:21:27:01:b6:da:c5:cd:cd:76:1c:3e:69:08:57:
         f1:2e:26:72:70:5a:78:a6:d0:10:59:db:82:6a:fc:4c:6c:46:
         54:ee:ad:0a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbGBhmQa9tYUzgrSMir8SA3DKBM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTEwMDZaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhNTg2YThhZjk3MmU1YjJlZjE1MTE5ZWE0MGMwN2UxZDEyYzljOTVjNzVj
OGIzZTU0MDU3ZTg4MDU0MmZlM2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN4bXNZTtLZqw83cV7Mp74Bw5yRIxTf1asGnsR2KJagafLXJT0hyNi0qVIS6
jfkDkWTp6oH4hWp7UFkP1cIOOni+mTAgUp2cyd7g0etf0BIJ1xl43ethC5sL5PoA
JrwFMTYPcVfcb0r3HrDmhblF7XuuIpE/v/3zfICfxKoM0uxgLmTgCcDYSKBz1EU3
NJpkHU6L+6OnQ+PbIRg6OuBXO8Le7dmYmKhyw9y9enrhsrUpfaxwtiXUvYgSMH8E
GejbmN5TS+lWobFhsR4/i2Chd7mTUmCWSzGOrm8sVgYIPfvkVsIBNr05PUlkethL
/kFbt9oAWPV9Dc97DEXFhue0Qs8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQhuOL9
R4G3rVZRGyiGAol+WtRi2jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGJhNTRlNGYtMDI5NC00ZTgzLTgwMzctN2QyNjZjMzdmMGM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DCg
MA0GCSqGSIb3DQEBCwUAA4IBAQBjL4fLOdKPjcpsGBgiebtWnk2MHyqSnHHFIO0+
v+ol9S52IMhig9L/yrhr6VZi1lBsIFaEdAA6cCtNWr4yupN1b/K6auwFVOL7jT6d
H0J2OviSc+8eWe5GB1JPTg8cpcREiiHdZGpW8B3RIsp8wNZ7xTRuIt+NDHI+e0O5
jA4KWcXS7wzx6lWOR7e3VLUJC5hU9KIJ9j/m1UVdp84VhmevcGNJyUz/UMmoJMwJ
Nz/5m/6zm6POY8+tUKbhH86m+qpQctYthn+lDCLIpN1jNVoRbdJ1NGPoKUPt7KlB
IScBttrFzc12HD5pCFfxLiZycFp4ptAQWduCavxMbEZU7q0K
-----END CERTIFICATE-----