Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/631196a4-90f5-4760-982e-15fbaf4805ec.roa
File:                     631196a4-90f5-4760-982e-15fbaf4805ec.roa (raw, json)
Hash identifier:          JeEqqCGM/sdZESo/xJVxla4Vt2XR0odnegyQy1iN26E=
Subject key identifier:   E7:D2:71:CB:84:D9:85:8A:56:17:42:C4:7D:74:BD:AD:50:A5:1D:5D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       643B056A8217BC1D331CD7A096691B12271379D7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/631196a4-90f5-4760-982e-15fbaf4805ec.roa
Signing time:             Tue 25 Mar 2025 16:37:04 +0000
ROA not before:           Tue 25 Mar 2025 16:37:04 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d020:8000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:3b:05:6a:82:17:bc:1d:33:1c:d7:a0:96:69:1b:12:27:13:79:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 25 16:37:04 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b7:44:9a:d0:9e:8d:2a:94:dd:b3:1a:da:82:
                    8e:82:52:f8:73:02:99:e5:a4:8a:cd:d6:7c:11:4b:
                    1a:5e:c7:e5:49:12:44:ea:81:0e:06:04:2b:8f:85:
                    93:42:8b:ad:4e:91:0f:88:35:4c:20:05:62:c2:08:
                    6f:1b:36:2d:57:8e:05:43:5d:35:59:d8:cb:a8:f6:
                    09:c8:a8:d9:98:52:09:54:03:ca:66:45:1f:c5:d9:
                    e4:01:4d:5e:85:63:cd:06:3b:6d:ba:7f:6b:19:8b:
                    91:5b:50:12:e6:b3:6c:a6:70:42:81:2a:8a:be:1e:
                    ca:31:8a:a5:73:e1:3e:8e:2f:4e:de:e2:35:f5:e5:
                    56:a2:34:5b:72:12:3d:74:24:98:a0:4a:cc:e4:22:
                    3a:54:06:5e:fd:ab:db:ef:c1:18:06:e0:7b:1f:5d:
                    e8:15:4b:79:0f:6e:a9:3d:98:c9:bb:83:67:a8:2c:
                    61:85:72:3f:84:ef:34:6a:1f:96:d5:56:c9:2a:e1:
                    b4:17:ba:46:c6:52:41:92:df:2e:6f:a1:60:04:87:
                    3e:00:17:05:b9:58:a7:0d:10:06:9a:fb:77:66:11:
                    5c:51:bc:79:44:f9:c4:3a:30:b3:87:10:c5:17:20:
                    c7:35:76:e7:7e:42:ca:2f:b1:41:a7:73:15:99:35:
                    f4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:D2:71:CB:84:D9:85:8A:56:17:42:C4:7D:74:BD:AD:50:A5:1D:5D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/631196a4-90f5-4760-982e-15fbaf4805ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d020:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         0e:c8:5a:ad:0f:ee:20:b0:3f:03:5f:97:ae:07:66:36:74:1c:
         2a:df:fc:21:81:85:9b:d4:51:3b:e6:61:e2:3b:72:bc:95:f8:
         ba:16:80:72:ab:30:e6:16:ca:3a:4e:b0:34:0e:a8:24:89:44:
         54:5e:e7:58:c9:e8:4c:6b:2c:c2:20:6a:77:c5:7f:29:fb:6a:
         ec:ca:0b:ca:80:72:bb:dd:73:32:f9:cf:2c:d9:e4:55:0e:8c:
         d1:43:78:b1:2f:e2:ce:59:fd:cd:ba:d4:d6:29:21:3e:96:49:
         3a:53:87:5e:d8:cc:af:f4:46:82:50:f2:07:4d:2b:1d:91:22:
         30:d8:fb:c1:51:dc:9d:e9:80:54:61:24:8a:e9:65:80:56:e7:
         97:61:13:70:b9:ff:38:d8:85:05:e1:5f:0b:2e:c9:07:3b:97:
         b5:82:6a:43:00:22:9b:dd:a0:35:47:89:a7:bc:fa:48:cd:8f:
         95:2c:a4:b1:b8:e5:a2:0e:ba:f2:d5:6c:d2:c5:fa:e3:2e:79:
         bd:bd:51:10:04:d3:3a:8e:0b:d6:89:2d:ae:34:de:7f:ba:60:
         9e:d2:51:16:97:5b:02:fd:22:1e:01:80:0d:92:b2:83:93:93:
         a7:c7:89:c2:26:e4:36:94:06:c8:9c:4f:93:96:ce:bc:40:3d:
         e4:ad:3e:e0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZDsFaoIXvB0zHNeglmkbEicTedcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjUxNjM3MDRaFw0yNTA0MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiZWJkMmUwYWZjYTBkMGQxOGM4ZjY0ZTlhNjYxZTUwZmUwMjg5OTM4Y2I0
ZmNmYmJlZTBkMDUzMTUwMjRhYzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN63RJrQno0qlN2zGtqCjoJS+HMCmeWkis3WfBFLGl7H5UkSROqBDgYEK4+F
k0KLrU6RD4g1TCAFYsIIbxs2LVeOBUNdNVnYy6j2Ccio2ZhSCVQDymZFH8XZ5AFN
XoVjzQY7bbp/axmLkVtQEuazbKZwQoEqir4eyjGKpXPhPo4vTt7iNfXlVqI0W3IS
PXQkmKBKzOQiOlQGXv2r2+/BGAbgex9d6BVLeQ9uqT2YybuDZ6gsYYVyP4TvNGof
ltVWySrhtBe6RsZSQZLfLm+hYASHPgAXBblYpw0QBpr7d2YRXFG8eUT5xDows4cQ
xRcgxzV2535Cyi+xQadzFZk19CMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTn0nHL
hNmFilYXQsR9dL2tUKUdXTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjMxMTk2YTQtOTBmNS00NzYwLTk4MmUtMTVmYmFmNDgwNWVjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CCA
MA0GCSqGSIb3DQEBCwUAA4IBAQAOyFqtD+4gsD8DX5euB2Y2dBwq3/whgYWb1FE7
5mHiO3K8lfi6FoByqzDmFso6TrA0DqgkiURUXudYyehMayzCIGp3xX8p+2rsygvK
gHK73XMy+c8s2eRVDozRQ3ixL+LOWf3NutTWKSE+lkk6U4de2Myv9EaCUPIHTSsd
kSIw2PvBUdyd6YBUYSSK6WWAVueXYRNwuf842IUF4V8LLskHO5e1gmpDACKb3aA1
R4mnvPpIzY+VLKSxuOWiDrry1WzSxfrjLnm9vVEQBNM6jgvWiS2uNN5/umCe0lEW
l1sC/SIeAYANkrKDk5Onx4nCJuQ2lAbInE+Tls68QD3krT7g
-----END CERTIFICATE-----