Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5854e06a-c825-40fe-bf51-5b77d3ba4d02.roa
File:                     5854e06a-c825-40fe-bf51-5b77d3ba4d02.roa (raw, json)
Hash identifier:          FgEBcdgEDNs+6ZKds2MKUIKHaA/yuafIHENCCZptljo=
Subject key identifier:   A5:F1:EA:5A:8B:A7:19:9E:83:40:AA:CA:B4:8B:63:B8:8E:EB:FB:6A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       05D27ABBCBF9176B5ACD48A6682CC96DA6AAEBB2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5854e06a-c825-40fe-bf51-5b77d3ba4d02.roa
Signing time:             Mon 31 Mar 2025 21:10:14 +0000
ROA not before:           Mon 31 Mar 2025 21:10:14 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d016:c00::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:d2:7a:bb:cb:f9:17:6b:5a:cd:48:a6:68:2c:c9:6d:a6:aa:eb:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:10:14 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c3:96:e3:83:aa:43:98:86:5e:05:72:66:13:
                    22:bc:dc:38:ec:c9:8f:b3:62:65:8f:0a:f8:c1:e2:
                    9b:05:45:87:51:20:c9:30:e8:de:30:bc:41:1c:e3:
                    c0:a1:90:b0:d3:39:10:45:78:2c:27:ab:b3:a1:bc:
                    53:ad:0c:66:a0:f2:b1:58:f5:a7:11:81:e2:a1:b4:
                    7f:00:05:e5:8b:fe:28:5a:82:41:00:08:7b:74:47:
                    11:d8:46:dd:ab:4b:28:4c:0d:2c:0f:f0:fa:b7:75:
                    97:0c:2d:19:16:5b:63:d7:ff:e6:02:1a:fb:7c:74:
                    20:4c:f6:12:52:bb:e2:05:7b:34:06:93:87:49:db:
                    86:14:fb:98:54:c8:fc:30:12:25:26:ea:ac:0d:1f:
                    a4:7c:f4:f2:6a:da:27:1b:e0:fa:24:89:b5:d5:e8:
                    6d:28:22:5b:7a:58:f5:87:ac:f3:8a:84:63:0f:60:
                    2d:4f:7e:39:88:59:ec:61:ec:cd:0a:88:7d:a4:48:
                    9f:f8:c5:37:e4:c8:ff:cc:17:1d:bb:48:8a:e3:18:
                    5c:f5:bf:de:e5:a2:95:0a:70:75:ee:9d:f7:83:2f:
                    19:9f:58:a9:93:ce:78:17:db:57:c6:f6:c2:36:31:
                    c1:3c:cd:0b:4f:c5:04:05:d2:02:31:61:a0:15:61:
                    4e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:F1:EA:5A:8B:A7:19:9E:83:40:AA:CA:B4:8B:63:B8:8E:EB:FB:6A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5854e06a-c825-40fe-bf51-5b77d3ba4d02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d016:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         48:09:52:a9:d4:81:7b:75:36:0e:6b:70:11:35:3b:38:66:c9:
         6d:9c:64:20:53:fa:cb:cb:0b:ef:34:e0:bf:3f:0a:bf:23:b9:
         7f:33:e1:f8:c6:99:ef:f5:09:21:f5:54:00:fc:21:f6:b2:02:
         b7:7b:35:21:b8:fb:19:d4:9e:3b:c9:f3:bf:33:d1:bf:2d:ed:
         43:e7:58:87:34:c3:a9:27:27:73:1c:48:bd:51:97:97:76:e2:
         ec:fa:e3:7f:30:84:44:b5:62:88:69:9e:42:fd:ff:27:ac:d0:
         19:fc:87:f8:34:4a:f4:de:b8:1e:6c:0c:8e:99:50:be:eb:b7:
         de:75:ea:4b:68:0a:2b:bd:5f:66:16:4c:fb:a8:68:05:7c:72:
         68:17:51:93:c0:8c:90:e5:cf:f7:aa:80:80:c7:e2:c4:46:2d:
         f4:7f:ea:f6:9e:f9:8a:80:eb:1e:44:e3:d3:0b:6f:3f:c4:89:
         68:45:03:be:c6:4d:6a:90:76:3b:36:a6:ec:46:85:02:36:51:
         b2:ff:bf:a3:35:4b:0e:6f:f7:39:38:13:35:04:98:00:59:80:
         f9:f7:41:3e:31:a1:17:cb:35:ec:eb:a1:5c:25:ad:c7:17:e8:
         78:eb:46:1e:90:58:e0:38:fc:a8:a5:24:ea:42:c7:7e:17:02:
         10:93:77:5c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBdJ6u8v5F2tazUimaCzJbaaq67IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTEwMTRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDYwNDlmYzE4ZDY1ZWQyMDllODI2MzJkNTcyZDIzYzFkODUwMTZhYTI0ZjE1
OTQyZDdkOGU2NDY2Y2I5MDY0NmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMXDluODqkOYhl4FcmYTIrzcOOzJj7NiZY8K+MHimwVFh1EgyTDo3jC8QRzj
wKGQsNM5EEV4LCers6G8U60MZqDysVj1pxGB4qG0fwAF5Yv+KFqCQQAIe3RHEdhG
3atLKEwNLA/w+rd1lwwtGRZbY9f/5gIa+3x0IEz2ElK74gV7NAaTh0nbhhT7mFTI
/DASJSbqrA0fpHz08mraJxvg+iSJtdXobSgiW3pY9Yes84qEYw9gLU9+OYhZ7GHs
zQqIfaRIn/jFN+TI/8wXHbtIiuMYXPW/3uWilQpwde6d94MvGZ9YqZPOeBfbV8b2
wjYxwTzNC0/FBAXSAjFhoBVhTl0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSl8epa
i6cZnoNAqsq0i2O4juv7ajAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTg1NGUwNmEtYzgyNS00MGZlLWJmNTEtNWI3N2QzYmE0ZDAyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BYM
MA0GCSqGSIb3DQEBCwUAA4IBAQBICVKp1IF7dTYOa3ARNTs4ZsltnGQgU/rLywvv
NOC/Pwq/I7l/M+H4xpnv9Qkh9VQA/CH2sgK3ezUhuPsZ1J47yfO/M9G/Le1D51iH
NMOpJydzHEi9UZeXduLs+uN/MIREtWKIaZ5C/f8nrNAZ/If4NEr03rgebAyOmVC+
67fedepLaAorvV9mFkz7qGgFfHJoF1GTwIyQ5c/3qoCAx+LERi30f+r2nvmKgOse
ROPTC28/xIloRQO+xk1qkHY7NqbsRoUCNlGy/7+jNUsOb/c5OBM1BJgAWYD590E+
MaEXyzXs66FcJa3HF+h460YekFjgOPyopSTqQsd+FwIQk3dc
-----END CERTIFICATE-----