Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5836d090-8999-43ab-a38c-f63a0e829c0b.roa
File:                     5836d090-8999-43ab-a38c-f63a0e829c0b.roa (raw, json)
Hash identifier:          o3h2g62H4KUbu0Z6lilKKw4/nX318Flc25rem0IagdA=
Subject key identifier:   86:69:BC:29:69:D8:3F:19:6F:1D:A4:28:50:9E:83:27:CC:FC:DF:DA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5272913FA311FF484420A944DCC24B5F21493F2D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5836d090-8999-43ab-a38c-f63a0e829c0b.roa
Signing time:             Mon 31 Mar 2025 19:21:35 +0000
ROA not before:           Mon 31 Mar 2025 19:21:35 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:5000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:72:91:3f:a3:11:ff:48:44:20:a9:44:dc:c2:4b:5f:21:49:3f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:21:35 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:67:60:b3:f4:8d:dd:5d:56:9f:91:97:62:ec:
                    76:15:7d:58:2b:4c:28:58:ae:b3:17:c5:10:f0:a2:
                    29:ed:ae:9e:65:94:36:f4:b7:06:b4:be:95:8d:7e:
                    6e:44:8d:9d:0d:3a:9a:85:7f:09:d6:27:20:25:e4:
                    5a:e2:2e:a5:52:7a:11:64:6a:03:52:bd:3a:70:be:
                    af:41:ab:01:e6:8e:56:a6:a6:96:a1:e9:44:d6:37:
                    67:ab:89:b6:12:4c:8c:24:62:e6:af:da:2f:11:8d:
                    d4:79:d7:27:8f:52:22:7b:59:65:bd:c6:ce:0a:bf:
                    7f:1a:98:a3:0d:21:fa:43:a8:0e:c5:bd:1c:90:10:
                    36:39:1f:da:cf:9a:32:a3:ba:a1:bd:6a:52:52:cc:
                    ce:c3:c9:18:78:57:5a:7a:46:ca:c8:05:80:08:c2:
                    c4:b0:ed:00:92:23:bf:f6:59:56:a7:fd:97:aa:19:
                    7e:f4:53:31:6e:ad:56:f1:a9:7c:e4:1b:2c:b6:72:
                    20:75:ea:17:c9:f5:af:00:9f:7c:23:f3:43:d9:42:
                    b3:71:2c:c3:e9:87:81:7d:2d:07:2a:bd:c6:b9:68:
                    ba:51:a8:8d:ea:93:03:40:d6:c9:7f:ee:79:d2:36:
                    0a:f7:60:80:37:03:d6:c5:68:50:28:ff:9f:e1:16:
                    ba:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:69:BC:29:69:D8:3F:19:6F:1D:A4:28:50:9E:83:27:CC:FC:DF:DA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5836d090-8999-43ab-a38c-f63a0e829c0b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c0:ff:1f:d7:ab:7d:d1:a4:ae:2a:42:a3:67:13:7d:c3:ae:5e:
         0a:02:3e:9c:f5:67:0a:13:26:58:c9:07:88:b5:2c:62:59:6a:
         55:a3:19:01:ad:43:fe:df:c4:15:e9:4a:f1:07:87:2d:9f:df:
         a4:a8:80:e7:4a:38:ef:4c:a0:0f:9f:61:6a:d6:0b:f6:c7:57:
         0d:c8:c8:4f:ec:3f:06:6f:b8:60:a0:a0:86:75:6e:a5:b8:73:
         12:96:b0:ca:3f:c9:3a:31:3b:86:4f:3c:fc:73:b2:8d:53:3b:
         df:44:85:c5:42:9e:28:b5:bb:32:f7:55:c5:fa:bc:dd:03:66:
         14:7e:bf:6c:61:4d:dd:d8:32:c7:98:86:11:04:9f:b5:7c:ea:
         b5:d6:a5:28:33:67:35:5f:83:da:65:1e:e1:d2:a6:fa:79:eb:
         ec:84:06:43:4d:fd:dd:2e:48:61:2c:92:e6:46:a0:87:20:bb:
         03:52:66:a3:b0:8b:1a:a7:1d:f1:bf:27:b2:34:47:18:68:5d:
         f6:4e:44:3c:76:75:77:a7:ff:75:59:01:c4:dc:d3:76:97:20:
         05:61:5e:5e:7a:a0:8e:2e:69:39:c6:1f:fd:86:4c:9c:68:31:
         5a:78:20:f4:80:db:45:53:b5:c2:8d:28:35:49:25:89:f3:5b:
         a8:5f:07:17
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUnKRP6MR/0hEIKlE3MJLXyFJPy0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTIxMzVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU1MmViNjc4Njc4ZGFkZmUxOGRmODRhMTMwYTZlYTM0ZTUzZGZmYzE0N2M1
ZjhjYTcwYjNiNjNiM2Y4M2JhOWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL5nYLP0jd1dVp+Rl2LsdhV9WCtMKFiusxfFEPCiKe2unmWUNvS3BrS+lY1+
bkSNnQ06moV/CdYnICXkWuIupVJ6EWRqA1K9OnC+r0GrAeaOVqamlqHpRNY3Z6uJ
thJMjCRi5q/aLxGN1HnXJ49SIntZZb3Gzgq/fxqYow0h+kOoDsW9HJAQNjkf2s+a
MqO6ob1qUlLMzsPJGHhXWnpGysgFgAjCxLDtAJIjv/ZZVqf9l6oZfvRTMW6tVvGp
fOQbLLZyIHXqF8n1rwCffCPzQ9lCs3Esw+mHgX0tByq9xrloulGojeqTA0DWyX/u
edI2CvdggDcD1sVoUCj/n+EWuv0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSGabwp
adg/GW8dpChQnoMnzPzf2jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTgzNmQwOTAtODk5OS00M2FiLWEzOGMtZjYzYTBlODI5YzBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQDA/x/Xq33RpK4qQqNnE33Drl4KAj6c9WcKEyZY
yQeItSxiWWpVoxkBrUP+38QV6UrxB4ctn9+kqIDnSjjvTKAPn2Fq1gv2x1cNyMhP
7D8Gb7hgoKCGdW6luHMSlrDKP8k6MTuGTzz8c7KNUzvfRIXFQp4otbsy91XF+rzd
A2YUfr9sYU3d2DLHmIYRBJ+1fOq11qUoM2c1X4PaZR7h0qb6eevshAZDTf3dLkhh
LJLmRqCHILsDUmajsIsapx3xvyeyNEcYaF32TkQ8dnV3p/91WQHE3NN2lyAFYV5e
eqCOLmk5xh/9hkycaDFaeCD0gNtFU7XCjSg1SSWJ81uoXwcX
-----END CERTIFICATE-----