Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/56c31249-f32b-4fc4-a69f-07420913a101.roa
File:                     56c31249-f32b-4fc4-a69f-07420913a101.roa (raw, json)
Hash identifier:          +WauxMopIVwri43kBA5do/DuigDr/7HuSBNqn3Zk5uo=
Subject key identifier:   B2:B4:8F:74:E6:83:BA:A6:40:F4:EC:0D:C0:3E:7A:99:8E:CE:44:9A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3EE7F68CFEE1AAF968A78A2AC01DD4E83723D260
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/56c31249-f32b-4fc4-a69f-07420913a101.roa
Signing time:             Mon 31 Mar 2025 19:40:35 +0000
ROA not before:           Mon 31 Mar 2025 19:40:35 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:4000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:e7:f6:8c:fe:e1:aa:f9:68:a7:8a:2a:c0:1d:d4:e8:37:23:d2:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:40:35 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:74:f2:55:cb:17:3c:eb:6d:87:ca:c3:61:78:
                    62:6c:7c:5e:b0:a8:63:d8:42:00:61:5c:72:b8:4f:
                    b5:9d:ea:98:1f:ff:d5:dd:7a:e1:7b:06:ac:69:4b:
                    cf:34:b3:df:8c:53:cd:cf:94:c7:f3:61:92:68:b4:
                    f1:b4:cd:9f:67:2b:d0:4e:30:5e:e9:61:22:6f:b4:
                    15:ab:f1:96:8e:5b:93:a5:de:30:a7:38:46:41:e2:
                    9b:07:17:f6:77:8c:1d:e5:e2:c8:9e:cc:3c:2e:9d:
                    c8:08:02:33:38:eb:f5:e5:5f:1e:09:0a:32:56:4a:
                    cc:f5:0a:bd:7e:b1:44:2f:a0:7d:6e:53:16:27:02:
                    2d:ee:95:7f:9d:47:cc:05:60:86:6b:71:77:2b:04:
                    63:fe:24:a8:fb:a3:88:f0:75:48:bf:00:60:76:78:
                    a8:89:4e:33:05:9d:b7:bc:9c:17:cc:ae:86:3c:b1:
                    9c:2f:4d:81:ec:90:27:43:ee:1e:91:db:85:e7:91:
                    98:fa:00:ce:d9:57:d0:f9:27:ea:f1:14:f5:db:2a:
                    e2:b0:8f:4a:68:1e:ae:ee:96:d1:82:ae:fa:ea:95:
                    6b:93:a2:66:3e:dd:09:2e:bd:21:bd:33:b8:2f:b5:
                    75:fe:38:80:16:b9:e6:0a:c3:ee:84:6c:ba:7c:83:
                    cb:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:B4:8F:74:E6:83:BA:A6:40:F4:EC:0D:C0:3E:7A:99:8E:CE:44:9A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/56c31249-f32b-4fc4-a69f-07420913a101.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         37:34:68:8c:8a:03:36:dc:7c:2b:72:80:e0:b9:a7:7a:13:09:
         c4:83:fa:9c:1c:83:e7:09:26:19:46:a3:d1:b3:37:7c:d8:28:
         ec:c7:2b:a2:70:01:b5:65:dc:c6:0d:e9:af:f5:3b:2e:4b:ad:
         c1:df:ae:2f:54:46:86:df:3a:df:8a:96:18:8a:ba:e1:2c:90:
         7c:b6:4d:92:cc:62:0a:f7:45:cd:69:4e:bf:13:77:dc:0a:34:
         45:56:b9:60:f8:c2:06:e7:a4:2e:4d:91:b4:16:8b:66:64:00:
         5d:01:55:15:c6:8f:c2:f1:9e:ae:8d:68:dd:28:91:3e:d8:f6:
         68:7b:d0:78:17:5b:93:b1:e5:f5:4d:d4:ed:6e:6f:bb:92:cc:
         de:85:a6:7c:89:da:83:7a:f6:ef:58:18:1f:e4:88:b1:93:ff:
         d1:f9:aa:75:01:d4:5e:da:48:6c:94:c0:3c:2a:8c:ec:5d:92:
         88:74:e2:67:2a:c7:96:13:28:11:9e:9c:6a:fb:24:72:54:25:
         3a:87:23:a4:75:14:d2:98:c7:48:f7:1b:c4:50:d7:f2:21:be:
         fb:3e:38:1c:0e:49:b8:ba:38:42:61:65:ee:3a:91:e5:6e:bd:
         e8:b5:c9:44:33:5a:1e:62:45:bf:fb:0c:e4:c9:7d:de:92:e5:
         a7:6e:56:1b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPuf2jP7hqvlop4oqwB3U6Dcj0mAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTQwMzVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ4YTUyY2RlNGRkZmNhN2M4ZDQwNDEyMjg2OTdkODVhMmM0YTUxZTczMGZm
MzVkYzRlZjQ3YWJlYjhlOTAyYjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOZ08lXLFzzrbYfKw2F4Ymx8XrCoY9hCAGFccrhPtZ3qmB//1d164XsGrGlL
zzSz34xTzc+Ux/Nhkmi08bTNn2cr0E4wXulhIm+0Favxlo5bk6XeMKc4RkHimwcX
9neMHeXiyJ7MPC6dyAgCMzjr9eVfHgkKMlZKzPUKvX6xRC+gfW5TFicCLe6Vf51H
zAVghmtxdysEY/4kqPujiPB1SL8AYHZ4qIlOMwWdt7ycF8yuhjyxnC9NgeyQJ0Pu
HpHbheeRmPoAztlX0Pkn6vEU9dsq4rCPSmgeru6W0YKu+uqVa5OiZj7dCS69Ib0z
uC+1df44gBa55grD7oRsunyDy/sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSytI90
5oO6pkD07A3APnqZjs5EmjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTZjMzEyNDktZjMyYi00ZmM0LWE2OWYtMDc0MjA5MTNhMTAxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJA
MA0GCSqGSIb3DQEBCwUAA4IBAQA3NGiMigM23HwrcoDguad6EwnEg/qcHIPnCSYZ
RqPRszd82CjsxyuicAG1ZdzGDemv9TsuS63B364vVEaG3zrfipYYirrhLJB8tk2S
zGIK90XNaU6/E3fcCjRFVrlg+MIG56QuTZG0FotmZABdAVUVxo/C8Z6ujWjdKJE+
2PZoe9B4F1uTseX1TdTtbm+7kszehaZ8idqDevbvWBgf5Iixk//R+ap1AdRe2khs
lMA8KozsXZKIdOJnKseWEygRnpxq+yRyVCU6hyOkdRTSmMdI9xvEUNfyIb77Pjgc
Dkm4ujhCYWXuOpHlbr3otclEM1oeYkW/+wzkyX3ekuWnblYb
-----END CERTIFICATE-----