Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/58557a89-b431-49c3-bc0e-d49e2d4c79d7.roa
File:                     58557a89-b431-49c3-bc0e-d49e2d4c79d7.roa (raw, json)
Hash identifier:          bIMCs9aP/R9O9Wto5RcxIHslES2mv2LlhVP/SxZan9Q=
Subject key identifier:   A7:1B:08:DC:5C:84:A7:18:02:80:7B:74:47:77:3C:8B:7B:8A:2C:5E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       389EC6CD52B66414A720D0B951420BB6C3732969
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/58557a89-b431-49c3-bc0e-d49e2d4c79d7.roa
Signing time:             Mon 31 Mar 2025 20:01:31 +0000
ROA not before:           Mon 31 Mar 2025 20:01:31 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:2040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:9e:c6:cd:52:b6:64:14:a7:20:d0:b9:51:42:0b:b6:c3:73:29:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:01:31 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e2:5f:1a:84:87:33:bb:3e:a0:6f:46:c6:cf:
                    89:13:c3:ae:0a:a2:a4:cb:87:fd:9c:33:d3:57:d1:
                    a8:a9:e5:2d:1b:a6:6b:49:bc:0b:46:31:d4:a8:6e:
                    3b:b5:4e:7a:9f:db:2d:2f:f4:94:a3:07:54:5f:89:
                    fd:1c:8b:23:d9:2b:fc:d6:38:94:ac:db:d5:b7:db:
                    7b:fe:95:29:b3:5d:28:93:8d:ff:3a:4b:85:a3:da:
                    4c:6a:c7:91:36:70:0f:09:3e:a1:ca:8a:bf:84:6a:
                    b8:6f:c7:84:90:7e:60:96:29:cd:fa:4a:1c:15:2b:
                    5b:10:9f:a3:7b:cd:be:90:15:14:bb:61:9d:08:ae:
                    02:ce:54:8f:c1:d6:16:90:b2:08:1d:ef:05:63:1b:
                    67:23:d9:26:4c:e7:39:8f:41:27:2a:7b:12:b6:7a:
                    c9:ed:ed:89:37:4b:2d:8c:95:ee:c0:39:68:75:f1:
                    d7:4a:5b:cd:19:34:a1:b0:4b:9b:82:5c:60:c6:cc:
                    c6:26:25:a7:c2:b3:bc:34:69:58:ae:e2:f6:7f:9c:
                    fb:e0:f2:36:ca:c0:99:f9:86:e3:8a:fd:f2:8c:ef:
                    1b:c0:8a:23:3e:98:bf:d5:e4:6b:90:03:b2:52:b5:
                    ca:c7:17:af:32:2e:0d:60:02:8c:70:cc:2a:26:a9:
                    76:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:1B:08:DC:5C:84:A7:18:02:80:7B:74:47:77:3C:8B:7B:8A:2C:5E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/58557a89-b431-49c3-bc0e-d49e2d4c79d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:a5:9b:cf:0e:27:94:7e:c4:ec:81:2f:3a:5b:12:2e:23:3a:
         9a:24:63:fd:39:b6:b9:b8:12:b7:e7:22:aa:93:eb:4b:38:5e:
         e9:74:8d:d1:86:d3:b7:93:01:43:21:1a:af:26:42:4b:e8:01:
         65:14:bc:95:e6:1a:ff:2b:25:1c:b2:eb:52:a3:a4:14:9e:da:
         8e:2a:d6:06:d0:fc:e5:88:c0:28:29:80:ed:fa:59:24:88:ff:
         51:fb:08:7a:fd:02:61:35:bb:6c:18:47:03:e9:df:88:69:94:
         c6:ec:e3:e7:cb:ee:7e:b9:05:e9:db:5f:37:82:4a:d9:bb:af:
         3e:a1:3c:66:f9:d7:a3:53:27:e5:89:9c:35:9f:72:34:f6:ce:
         99:86:7d:79:a1:32:ba:9e:07:be:8e:73:ba:6c:8b:2c:1d:80:
         ad:d7:64:2c:af:ef:ca:62:63:45:20:8f:36:d7:05:01:c1:85:
         5e:91:8d:c6:4d:bb:fa:81:40:a0:68:6c:97:4c:22:d1:a0:3e:
         25:96:0b:9d:e4:26:75:82:ec:00:61:ef:d3:af:a6:b0:33:f2:
         1d:52:5c:27:3c:8b:38:7f:80:a8:1b:b9:5f:39:93:2c:db:6d:
         e8:23:39:f7:07:58:ac:b1:65:4c:3b:fa:d8:fb:7b:c2:6c:d9:
         0f:99:07:a2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUOJ7GzVK2ZBSnINC5UUILtsNzKWkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDAxMzFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVjNThkYmEzNTZkZWE2Mzk5MzA0NzdhN2EwZjYwNzhlMWJiOWUyYTcyNTIx
MmUyOWJhZGVhZDBiYzcxZjg2YjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMziXxqEhzO7PqBvRsbPiRPDrgqipMuH/Zwz01fRqKnlLRuma0m8C0Yx1Khu
O7VOep/bLS/0lKMHVF+J/RyLI9kr/NY4lKzb1bfbe/6VKbNdKJON/zpLhaPaTGrH
kTZwDwk+ocqKv4RquG/HhJB+YJYpzfpKHBUrWxCfo3vNvpAVFLthnQiuAs5Uj8HW
FpCyCB3vBWMbZyPZJkznOY9BJyp7ErZ6ye3tiTdLLYyV7sA5aHXx10pbzRk0obBL
m4JcYMbMxiYlp8KzvDRpWK7i9n+c++DyNsrAmfmG44r98ozvG8CKIz6Yv9Xka5AD
slK1yscXrzIuDWACjHDMKiapdi8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSnGwjc
XISnGAKAe3RHdzyLe4osXjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTg1NTdhODktYjQzMS00OWMzLWJjMGUtZDQ5ZTJkNGM3OWQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIg
QDANBgkqhkiG9w0BAQsFAAOCAQEAPKWbzw4nlH7E7IEvOlsSLiM6miRj/Tm2ubgS
t+ciqpPrSzhe6XSN0YbTt5MBQyEaryZCS+gBZRS8leYa/yslHLLrUqOkFJ7ajirW
BtD85YjAKCmA7fpZJIj/UfsIev0CYTW7bBhHA+nfiGmUxuzj58vufrkF6dtfN4JK
2buvPqE8ZvnXo1Mn5YmcNZ9yNPbOmYZ9eaEyup4Hvo5zumyLLB2ArddkLK/vymJj
RSCPNtcFAcGFXpGNxk27+oFAoGhsl0wi0aA+JZYLneQmdYLsAGHv06+msDPyHVJc
JzyLOH+AqBu5XzmTLNtt6CM59wdYrLFlTDv62Pt7wmzZD5kHog==
-----END CERTIFICATE-----