Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/64f0a197-0057-458b-924a-0b7079fbd04c.roa
File:                     64f0a197-0057-458b-924a-0b7079fbd04c.roa (raw, json)
Hash identifier:          +YiFTOuS0paGr4MUhwvvs6bedEYFuOXj5q0+ucw6mS0=
Subject key identifier:   BA:4E:C9:64:82:16:E9:21:0A:34:1B:BC:EB:10:2E:D5:FA:B0:91:39
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       39E309A79D34A89CF5F31396A367350B507B9406
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/64f0a197-0057-458b-924a-0b7079fbd04c.roa
Signing time:             Wed 26 Mar 2025 19:22:04 +0000
ROA not before:           Wed 26 Mar 2025 19:22:04 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:e3:09:a7:9d:34:a8:9c:f5:f3:13:96:a3:67:35:0b:50:7b:94:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:22:04 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f9:79:4f:f3:dc:52:63:c5:61:1b:91:07:0b:
                    8c:18:c5:21:f4:a3:d5:b5:c0:26:46:23:84:d1:87:
                    7a:73:cc:b1:dd:b9:d4:76:b6:7f:af:6e:f0:f6:16:
                    5a:c9:a8:a7:d0:32:0e:32:b1:43:9e:ff:0f:a7:58:
                    a1:32:61:d9:f0:ca:d9:db:b7:bc:90:1e:24:32:a7:
                    bc:cd:78:8d:43:18:dc:91:83:e3:ca:e2:84:d4:eb:
                    51:78:5a:57:c0:b2:1c:d4:48:da:83:2e:8e:55:5d:
                    93:5a:c5:68:c5:e7:89:fc:3f:ab:b7:30:c6:c2:ae:
                    6c:a4:2b:35:e5:3e:98:02:58:f1:c9:95:c9:72:c6:
                    00:fd:1b:e1:c7:50:4c:f2:e2:cd:e8:82:da:c9:3d:
                    02:0b:43:40:a0:11:18:4a:df:8d:a5:f9:86:a9:73:
                    2e:25:f0:3d:83:94:18:2e:a9:03:e8:d2:a5:67:fc:
                    61:72:a0:e1:17:84:16:34:6a:c8:ef:e7:ba:dd:d0:
                    12:5b:8e:b8:9d:9f:4a:1b:74:9e:c0:10:b5:a8:d6:
                    ab:3b:98:c9:ad:b0:21:6e:98:ff:69:b6:be:4a:70:
                    9d:5f:21:37:e8:71:62:9f:10:a5:44:cf:9c:8b:68:
                    74:03:ef:da:f6:9d:20:43:82:2d:46:b4:a5:27:73:
                    c2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:4E:C9:64:82:16:E9:21:0A:34:1B:BC:EB:10:2E:D5:FA:B0:91:39
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/64f0a197-0057-458b-924a-0b7079fbd04c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:840::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:7e:bd:e4:58:25:b8:ba:4b:26:54:08:ec:3b:55:f0:c8:35:
         1f:92:57:cd:a6:30:b7:83:21:62:1a:77:dc:5a:a7:76:60:19:
         f1:3c:f2:36:e7:e9:b9:18:58:fa:c4:b9:bf:6f:06:64:4e:30:
         19:9d:81:c0:e2:4c:36:89:3d:1a:a3:53:26:26:6e:a8:b7:02:
         42:f4:fe:4f:c5:30:da:f9:0f:21:bb:13:eb:70:e7:bb:52:26:
         a7:ab:2e:01:60:3c:4d:33:9c:f3:70:c3:cd:e6:d0:ab:29:14:
         95:27:b3:41:9c:0d:8e:5f:fa:59:47:de:fc:f0:37:31:fe:df:
         07:5d:ef:59:b8:84:1b:7d:a1:20:3a:ad:64:42:bc:83:36:ef:
         a3:39:db:00:6f:42:6a:34:dc:29:a6:0b:b4:22:87:0a:6b:47:
         7d:76:f8:92:91:e3:68:58:94:e2:ca:49:da:96:3b:ca:c5:fd:
         1f:63:e3:b9:c8:7d:87:bc:eb:b6:ae:9c:cc:26:40:2b:94:1c:
         c4:2b:63:2b:1f:11:29:f4:fb:0e:31:b1:78:c2:f7:73:fe:c5:
         4c:80:e3:53:b6:be:27:05:10:9c:85:e2:f1:9b:29:73:e4:c5:
         f6:c4:73:0a:3b:e3:31:75:af:a1:f7:e0:b3:39:d3:90:39:13:
         5b:ea:8d:34
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUOeMJp500qJz18xOWo2c1C1B7lAYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTIyMDRaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDY2NTRhZjA1YWM2YjczNTBmOTQzYjk1NzU0YTQ2NzEzNjg2ZDEwYWJmNzdj
MjVhNDQyN2YzMjUwYjk2MGRkNjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ35eU/z3FJjxWEbkQcLjBjFIfSj1bXAJkYjhNGHenPMsd251Ha2f69u8PYW
Wsmop9AyDjKxQ57/D6dYoTJh2fDK2du3vJAeJDKnvM14jUMY3JGD48rihNTrUXha
V8CyHNRI2oMujlVdk1rFaMXnifw/q7cwxsKubKQrNeU+mAJY8cmVyXLGAP0b4cdQ
TPLizeiC2sk9AgtDQKARGErfjaX5hqlzLiXwPYOUGC6pA+jSpWf8YXKg4ReEFjRq
yO/nut3QEluOuJ2fSht0nsAQtajWqzuYya2wIW6Y/2m2vkpwnV8hN+hxYp8QpUTP
nItodAPv2vadIEOCLUa0pSdzwoMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS6Tslk
ghbpIQo0G7zrEC7V+rCROTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjRmMGExOTctMDA1Ny00NThiLTkyNGEtMGI3MDc5ZmJkMDRjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DEI
QDANBgkqhkiG9w0BAQsFAAOCAQEAWX695FgluLpLJlQI7DtV8Mg1H5JXzaYwt4Mh
Yhp33FqndmAZ8TzyNufpuRhY+sS5v28GZE4wGZ2BwOJMNok9GqNTJiZuqLcCQvT+
T8Uw2vkPIbsT63Dnu1Imp6suAWA8TTOc83DDzebQqykUlSezQZwNjl/6WUfe/PA3
Mf7fB13vWbiEG32hIDqtZEK8gzbvoznbAG9CajTcKaYLtCKHCmtHfXb4kpHjaFiU
4spJ2pY7ysX9H2Pjuch9h7zrtq6czCZAK5QcxCtjKx8RKfT7DjGxeML3c/7FTIDj
U7a+JwUQnIXi8Zspc+TF9sRzCjvjMXWvoffgsznTkDkTW+qNNA==
-----END CERTIFICATE-----