Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/507c534d-189b-43b3-945a-dd040ee200d5.roa
File:                     507c534d-189b-43b3-945a-dd040ee200d5.roa (raw, json)
Hash identifier:          Q9yCGLQDirHCfmdN/PzIuOdGjZB5Q8eTVKHTG0bMniU=
Subject key identifier:   91:EB:9B:D5:2C:8B:99:76:55:A4:47:BE:E8:23:45:3B:FA:4E:95:43
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       72AEDDF9814B5717FC4922123D8EBB53EC7BE4AE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/507c534d-189b-43b3-945a-dd040ee200d5.roa
Signing time:             Mon 31 Mar 2025 20:51:36 +0000
ROA not before:           Mon 31 Mar 2025 20:51:36 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d03a:9000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:ae:dd:f9:81:4b:57:17:fc:49:22:12:3d:8e:bb:53:ec:7b:e4:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:51:36 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5b:19:0a:90:aa:7c:20:b5:1a:e5:7a:79:3c:
                    7a:75:97:8f:b9:f0:e2:9c:e2:46:4e:7d:b1:55:7a:
                    91:4c:46:fa:1d:c3:9a:5c:a6:4d:08:f4:bb:84:18:
                    d9:a4:50:a8:57:05:78:d1:6b:42:7f:1e:aa:89:49:
                    37:67:3e:d3:b2:d4:8d:46:a5:1b:a2:a3:94:99:9b:
                    3b:e7:ad:bd:4f:03:68:08:82:18:66:ce:0c:19:44:
                    bf:94:e6:7a:eb:65:2a:8d:78:2c:59:38:a4:1c:6c:
                    c6:41:d6:9e:9d:33:15:9d:f7:2b:af:fe:11:f3:38:
                    85:82:5d:51:0d:78:97:75:25:08:2c:36:86:f1:c4:
                    1a:af:75:20:a0:ea:ef:65:a5:68:6e:75:78:14:a0:
                    08:9e:55:4c:30:ee:f1:4a:49:96:10:29:1b:11:10:
                    14:10:b8:69:ca:f2:14:91:f2:c9:1d:04:37:26:54:
                    ec:75:b7:5f:e2:f3:6a:8c:6a:ae:a4:bf:8b:94:90:
                    e6:d7:c8:18:79:5f:99:54:4c:79:46:6d:d5:1d:9f:
                    31:f5:2c:28:26:c4:0f:dc:ed:40:c8:3e:23:0d:df:
                    69:ae:57:df:fb:64:a1:64:42:b0:8f:8b:13:3a:01:
                    5a:51:fb:30:ef:00:01:3d:4b:0a:39:a3:49:ef:a8:
                    a9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:EB:9B:D5:2C:8B:99:76:55:A4:47:BE:E8:23:45:3B:FA:4E:95:43
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/507c534d-189b-43b3-945a-dd040ee200d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d03a:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4c:ba:53:25:cc:8c:14:7a:85:eb:61:a8:60:53:17:c0:81:cb:
         5f:7d:8a:d7:b4:9c:93:44:21:f0:51:a2:42:f6:77:8c:80:57:
         17:f1:14:6f:b6:15:36:95:3f:ed:3c:7f:d7:f7:d8:33:c7:e2:
         a4:af:cf:48:9e:54:38:46:d1:64:80:87:42:35:50:1e:68:09:
         7a:52:b9:8d:ef:e4:f5:35:81:56:0c:79:5a:8c:a7:8e:98:52:
         46:15:ac:83:5c:fb:e8:ab:89:77:49:f3:2a:80:1d:75:8e:fd:
         0c:e8:6c:39:0f:7f:8b:14:97:eb:73:bc:b7:81:e4:22:65:2f:
         95:92:80:96:d9:c9:17:da:fc:a8:68:e2:50:be:12:81:46:73:
         a1:4c:56:e9:b8:78:0c:5a:90:ce:45:c6:32:b0:b6:3e:9c:49:
         a7:18:58:ba:e4:8c:ca:05:99:96:51:e7:51:54:5b:a7:51:bb:
         15:fd:2d:e8:56:e6:7d:f7:c9:2f:60:7c:74:4c:a7:31:ab:f0:
         15:a5:86:9d:89:db:e8:4c:ee:a5:04:c5:dd:d7:2f:27:f2:62:
         7e:89:74:97:71:d4:5a:ae:ef:85:36:7b:f2:57:1c:ec:58:b9:
         b1:7c:af:1b:8e:4b:37:93:5c:ab:e7:45:fd:ea:2a:d2:25:82:
         dc:9c:56:87
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcq7d+YFLVxf8SSISPY67U+x75K4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDUxMzZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg3NzdiZmI3YTIwYmM4MGJkYTA1MzIyYzY0YzFiZGQzY2QwYWU5ZjIyMWFh
NTg3NTQ0MDZiZGVlOGFhY2JkZTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJlbGQqQqnwgtRrlenk8enWXj7nw4pziRk59sVV6kUxG+h3DmlymTQj0u4QY
2aRQqFcFeNFrQn8eqolJN2c+07LUjUalG6KjlJmbO+etvU8DaAiCGGbODBlEv5Tm
eutlKo14LFk4pBxsxkHWnp0zFZ33K6/+EfM4hYJdUQ14l3UlCCw2hvHEGq91IKDq
72WlaG51eBSgCJ5VTDDu8UpJlhApGxEQFBC4acryFJHyyR0ENyZU7HW3X+Lzaoxq
rqS/i5SQ5tfIGHlfmVRMeUZt1R2fMfUsKCbED9ztQMg+Iw3faa5X3/tkoWRCsI+L
EzoBWlH7MO8AAT1LCjmjSe+oqXcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSR65vV
LIuZdlWkR77oI0U7+k6VQzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTA3YzUzNGQtMTg5Yi00M2IzLTk0NWEtZGQwNDBlZTIwMGQ1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBMulMlzIwUeoXrYahgUxfAgctffYrXtJyTRCHw
UaJC9neMgFcX8RRvthU2lT/tPH/X99gzx+Kkr89InlQ4RtFkgIdCNVAeaAl6UrmN
7+T1NYFWDHlajKeOmFJGFayDXPvoq4l3SfMqgB11jv0M6Gw5D3+LFJfrc7y3geQi
ZS+VkoCW2ckX2vyoaOJQvhKBRnOhTFbpuHgMWpDORcYysLY+nEmnGFi65IzKBZmW
UedRVFunUbsV/S3oVuZ998kvYHx0TKcxq/AVpYadidvoTO6lBMXd1y8n8mJ+iXSX
cdRaru+FNnvyVxzsWLmxfK8bjks3k1yr50X96irSJYLcnFaH
-----END CERTIFICATE-----