Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/54aaecbd-f237-4e42-9d78-c366846bfd11.roa
File:                     54aaecbd-f237-4e42-9d78-c366846bfd11.roa (raw, json)
Hash identifier:          tlY6fNxLqbqlJetgt5y5f4vx+fuCBd+4ZRNJnHdTF6Q=
Subject key identifier:   F9:39:B2:EF:06:F7:F1:09:03:16:01:7B:85:97:DE:17:A8:FD:91:AA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       75C702E4E94C65D5A582685CB6C40503C2E6AE98
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/54aaecbd-f237-4e42-9d78-c366846bfd11.roa
Signing time:             Mon 31 Mar 2025 20:21:36 +0000
ROA not before:           Mon 31 Mar 2025 20:21:36 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:a000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:c7:02:e4:e9:4c:65:d5:a5:82:68:5c:b6:c4:05:03:c2:e6:ae:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:36 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:81:7b:26:ad:aa:92:a1:0c:f4:17:5c:63:b1:
                    80:f0:27:0d:d8:70:0d:1f:c9:f9:ed:98:03:35:a9:
                    ad:ab:ac:33:e3:f5:97:b8:d1:37:c1:4d:eb:dd:1c:
                    2f:b6:01:14:8d:e4:3d:40:26:a8:93:85:16:05:a0:
                    2c:20:a5:4c:f4:20:cc:e8:d2:47:f2:15:42:1e:ce:
                    31:ca:09:18:d7:3b:fa:a8:7f:d9:15:a5:70:6c:32:
                    04:84:b2:10:54:62:83:b7:d0:23:f2:1d:54:26:c9:
                    eb:c0:92:7b:a2:b5:cb:84:e6:0a:73:17:06:c7:d7:
                    64:06:32:9a:1b:00:e4:16:32:8a:e2:3c:a6:e5:66:
                    86:cd:fb:98:3b:71:80:6e:31:db:b9:d1:70:58:f1:
                    96:0a:8e:64:4d:eb:0d:9e:09:64:c9:cb:6d:ea:d9:
                    6b:5e:0c:c8:c5:39:89:07:e2:fb:31:36:b5:8d:3e:
                    2b:61:52:e9:47:69:ee:dd:3e:80:cf:bf:5e:8c:e9:
                    f5:da:ab:0f:ed:9f:02:be:76:dc:30:9c:6e:76:0d:
                    5b:7f:26:07:14:b2:20:6d:04:4d:61:fc:96:a3:43:
                    31:2c:22:8d:62:ee:7a:42:e9:92:42:d0:84:af:72:
                    f3:2e:ff:d3:e1:df:cf:77:e7:70:11:e3:74:a8:98:
                    f0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:39:B2:EF:06:F7:F1:09:03:16:01:7B:85:97:DE:17:A8:FD:91:AA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/54aaecbd-f237-4e42-9d78-c366846bfd11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:24:eb:65:b4:60:a8:ba:e0:c8:6d:55:bc:8b:f8:55:b5:24:
         a9:fc:a9:2a:4f:92:24:ce:68:95:c6:4b:64:98:2b:1b:0c:ca:
         06:6e:62:f0:6a:13:bd:84:67:90:bf:e6:e6:60:75:47:da:af:
         8d:5a:b4:c6:97:46:1d:55:6c:86:63:59:a4:46:7a:17:99:05:
         78:4a:0d:c1:8c:f5:e7:42:bb:a6:54:b6:de:34:40:ac:ba:a1:
         d1:8e:0d:95:ea:cc:c8:5c:25:41:e7:66:0f:44:9f:98:ec:3b:
         36:5c:21:20:af:7b:b0:a0:06:c1:8b:3a:3c:ed:c5:2a:cf:d4:
         95:65:ed:11:72:16:47:8d:d3:98:92:6c:cc:45:a1:2d:ce:2e:
         52:f7:f5:94:37:74:79:75:a5:0a:6d:c0:fc:af:b3:27:d6:07:
         5f:fb:3c:d6:42:b2:4b:f2:e7:bd:ef:4a:b6:6c:9e:a8:51:ef:
         8d:60:22:fe:04:2d:17:08:47:98:f5:9d:d7:54:ea:41:a7:ee:
         4c:e9:b6:e5:29:0f:3a:ea:51:b3:c1:ca:19:a3:00:84:9a:99:
         a8:0c:9c:c6:60:44:6c:a1:3f:96:62:97:a6:18:97:cf:15:6b:
         71:ea:d3:9d:e2:e1:9d:b3:0f:18:3c:43:b1:49:86:b6:e9:80:
         4c:84:d2:1e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdccC5OlMZdWlgmhctsQFA8LmrpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxMzZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk4NDExMDQ0ZGFmMmZjOGFmZTM4MzY3ZWYwYmZmMzFhMmYxOTJmN2Y1N2U2
ZTQ3ZjY1MWMxZGRmZjA2OTFkZmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOOBeyatqpKhDPQXXGOxgPAnDdhwDR/J+e2YAzWprausM+P1l7jRN8FN690c
L7YBFI3kPUAmqJOFFgWgLCClTPQgzOjSR/IVQh7OMcoJGNc7+qh/2RWlcGwyBISy
EFRig7fQI/IdVCbJ68CSe6K1y4TmCnMXBsfXZAYymhsA5BYyiuI8puVmhs37mDtx
gG4x27nRcFjxlgqOZE3rDZ4JZMnLberZa14MyMU5iQfi+zE2tY0+K2FS6Udp7t0+
gM+/Xozp9dqrD+2fAr523DCcbnYNW38mBxSyIG0ETWH8lqNDMSwijWLuekLpkkLQ
hK9y8y7/0+Hfz3fncBHjdKiY8K8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT5ObLv
BvfxCQMWAXuFl94XqP2RqjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTRhYWVjYmQtZjIzNy00ZTQyLTlkNzgtYzM2Njg0NmJmZDExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Heg
MA0GCSqGSIb3DQEBCwUAA4IBAQDCJOtltGCouuDIbVW8i/hVtSSp/KkqT5IkzmiV
xktkmCsbDMoGbmLwahO9hGeQv+bmYHVH2q+NWrTGl0YdVWyGY1mkRnoXmQV4Sg3B
jPXnQrumVLbeNECsuqHRjg2V6szIXCVB52YPRJ+Y7Ds2XCEgr3uwoAbBizo87cUq
z9SVZe0RchZHjdOYkmzMRaEtzi5S9/WUN3R5daUKbcD8r7Mn1gdf+zzWQrJL8ue9
70q2bJ6oUe+NYCL+BC0XCEeY9Z3XVOpBp+5M6bblKQ866lGzwcoZowCEmpmoDJzG
YERsoT+WYpemGJfPFWtx6tOd4uGdsw8YPEOxSYa26YBMhNIe
-----END CERTIFICATE-----