Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6936ff87-0eb4-4868-8709-cc4e2f7458d3.roa
File:                     6936ff87-0eb4-4868-8709-cc4e2f7458d3.roa (raw, json)
Hash identifier:          MmVK7K1u4LiM+fh98HV51prqT+ZzkIaqA7LXuCc+c9A=
Subject key identifier:   53:02:9B:9E:E0:D8:AB:11:B2:4D:61:13:54:4E:86:78:3A:87:3B:AE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       59E891B663CEA44E7142C687B06AAC1C817E71C1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6936ff87-0eb4-4868-8709-cc4e2f7458d3.roa
Signing time:             Mon 31 Mar 2025 20:11:16 +0000
ROA not before:           Mon 31 Mar 2025 20:11:16 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:b000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:e8:91:b6:63:ce:a4:4e:71:42:c6:87:b0:6a:ac:1c:81:7e:71:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:11:16 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:5c:9b:64:10:66:60:57:5e:da:9a:60:5b:7a:
                    b5:c0:22:bd:6d:e5:9f:d7:97:e5:0b:47:ad:b0:1c:
                    b8:35:6a:b4:c8:39:d8:a8:28:b9:fd:94:4f:32:c9:
                    58:1f:73:03:a4:d7:cc:b5:3f:0e:9f:45:4a:4f:1a:
                    eb:c8:c9:22:b9:12:f2:07:c3:ed:79:30:19:30:f2:
                    3d:45:6f:f4:94:49:74:e8:ad:2a:be:3b:45:ae:33:
                    ff:48:6b:33:f8:65:d0:fb:58:cb:ba:e4:64:02:1a:
                    83:56:9b:70:3e:77:50:6a:00:d0:1d:a4:9e:aa:fe:
                    8a:ea:a8:b8:e8:6b:b1:07:b5:0f:b7:07:fa:70:6a:
                    98:09:e6:e1:ef:2e:33:93:49:ab:a3:af:44:4a:9d:
                    1e:28:67:c1:9d:9d:9e:17:3e:fd:32:07:3d:f3:3d:
                    e7:dc:eb:da:a4:e1:3d:28:da:25:09:16:bc:e4:b2:
                    86:24:4f:b4:cf:c8:00:2f:8e:99:39:15:4f:13:15:
                    16:d2:61:de:a7:cc:49:b9:ad:2f:6c:4f:40:52:bb:
                    77:84:48:ab:d6:9d:05:5c:64:25:63:ca:23:60:4c:
                    11:08:0c:40:27:78:d2:f5:e1:d3:4f:ae:c9:3b:dd:
                    38:6f:7f:04:e5:8d:6e:15:96:92:bf:47:c7:1d:e1:
                    f7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:02:9B:9E:E0:D8:AB:11:B2:4D:61:13:54:4E:86:78:3A:87:3B:AE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6936ff87-0eb4-4868-8709-cc4e2f7458d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ad:e2:f2:84:70:42:72:6d:67:27:0a:7f:19:94:79:23:94:0e:
         5e:d6:a6:4b:1c:0e:41:b3:2b:36:2f:e9:23:eb:d6:cd:93:29:
         a6:f7:9f:bb:d6:86:78:6f:21:9e:69:74:ad:14:49:69:a2:21:
         dc:d8:8f:e6:a3:8f:ce:61:1a:96:10:3b:7d:b9:61:8d:72:fc:
         6d:f0:92:ca:48:20:4e:ad:1b:bd:7a:40:df:28:f3:c4:3a:3e:
         97:f9:db:de:c2:18:07:05:a1:9b:bd:0f:61:9b:2a:1b:c5:6d:
         24:0f:ad:70:4a:5f:da:4f:51:46:6a:66:d5:d3:cf:a0:d2:ac:
         23:b9:bd:ae:c4:7f:30:7a:f9:f7:d0:f2:a9:c7:8e:9e:4a:93:
         69:1d:c8:d7:92:f5:59:78:73:1b:42:c2:24:94:98:b1:6f:a5:
         a9:ce:cb:f3:4f:ab:87:02:33:50:60:12:44:f9:bb:39:c7:78:
         b3:d0:07:d0:22:54:a6:da:bd:77:e6:8f:c5:20:55:16:3e:9e:
         0d:b4:78:58:f9:b0:14:aa:a3:b5:1f:d0:11:ab:a3:0d:1b:c5:
         2b:a0:61:1b:f0:91:99:5b:c6:2f:04:2f:08:c4:de:8c:db:23:
         07:af:75:4b:14:86:9d:90:72:39:82:29:79:b1:56:b5:2f:c9:
         95:ac:71:00
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWeiRtmPOpE5xQsaHsGqsHIF+ccEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDExMTZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDIwZDA2OTc2MzI3YTg4NDYwY2Y0YjUxMTdiODA4NjM2MmJkMGI0MjkyNjBk
NDUzZTkzMzIxZDU3ZDQ0OTczOTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANVcm2QQZmBXXtqaYFt6tcAivW3ln9eX5QtHrbAcuDVqtMg52Kgouf2UTzLJ
WB9zA6TXzLU/Dp9FSk8a68jJIrkS8gfD7XkwGTDyPUVv9JRJdOitKr47Ra4z/0hr
M/hl0PtYy7rkZAIag1abcD53UGoA0B2knqr+iuqouOhrsQe1D7cH+nBqmAnm4e8u
M5NJq6OvREqdHihnwZ2dnhc+/TIHPfM959zr2qThPSjaJQkWvOSyhiRPtM/IAC+O
mTkVTxMVFtJh3qfMSbmtL2xPQFK7d4RIq9adBVxkJWPKI2BMEQgMQCd40vXh00+u
yTvdOG9/BOWNbhWWkr9Hxx3h950CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRTApue
4NirEbJNYRNUToZ4Ooc7rjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjkzNmZmODctMGViNC00ODY4LTg3MDktY2M0ZTJmNzQ1OGQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DWw
MA0GCSqGSIb3DQEBCwUAA4IBAQCt4vKEcEJybWcnCn8ZlHkjlA5e1qZLHA5Bsys2
L+kj69bNkymm95+71oZ4byGeaXStFElpoiHc2I/mo4/OYRqWEDt9uWGNcvxt8JLK
SCBOrRu9ekDfKPPEOj6X+dvewhgHBaGbvQ9hmyobxW0kD61wSl/aT1FGambV08+g
0qwjub2uxH8wevn30PKpx46eSpNpHcjXkvVZeHMbQsIklJixb6WpzsvzT6uHAjNQ
YBJE+bs5x3iz0AfQIlSm2r135o/FIFUWPp4NtHhY+bAUqqO1H9ARq6MNG8UroGEb
8JGZW8YvBC8IxN6M2yMHr3VLFIadkHI5gil5sVa1L8mVrHEA
-----END CERTIFICATE-----