Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6a2f7401-8559-4633-8579-cca77d6fa971.roa
File:                     6a2f7401-8559-4633-8579-cca77d6fa971.roa (raw, json)
Hash identifier:          ZCWoWplCriEgvIJlU2TR8gshrVCqyvguXDsqfZ6Eg2g=
Subject key identifier:   67:B7:64:17:B6:5C:C0:86:7C:EA:64:0B:83:03:40:72:9C:2F:D5:11
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       16CA417D96F597DCFA1A16D514F1EC6D79350CDA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6a2f7401-8559-4633-8579-cca77d6fa971.roa
Signing time:             Mon 31 Mar 2025 21:10:47 +0000
ROA not before:           Mon 31 Mar 2025 21:10:47 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01a::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:ca:41:7d:96:f5:97:dc:fa:1a:16:d5:14:f1:ec:6d:79:35:0c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:10:47 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:76:a6:98:2e:f5:ea:b8:81:b6:d1:df:13:a7:
                    02:9f:9f:4a:ab:eb:15:54:91:08:a8:89:af:3b:2a:
                    df:7b:c3:4e:2b:21:37:44:32:a3:61:d1:b1:1a:14:
                    42:6b:4e:8a:2e:f9:71:94:2a:99:08:aa:3b:35:d0:
                    96:32:b3:e3:f3:63:f6:3f:c4:61:42:0e:45:67:03:
                    e5:44:ca:fa:4d:08:69:91:38:c2:22:4d:08:03:f7:
                    f6:9b:e7:ec:44:3d:34:c8:f8:8d:a7:22:98:24:49:
                    52:ab:17:15:2b:70:49:52:45:b5:f9:9b:1b:1d:f4:
                    8f:69:84:11:5e:49:5c:03:79:a0:a9:80:bd:1f:1b:
                    91:5a:ac:b2:6d:1a:4c:46:0e:82:8e:e5:fe:96:81:
                    63:df:87:6f:cd:01:1a:02:d6:25:60:e3:42:ce:03:
                    4d:7c:f8:a1:eb:03:4c:bd:a6:b6:c2:76:f6:c4:72:
                    87:fe:62:d7:31:30:cc:04:4a:d8:0c:d8:3a:99:4f:
                    b3:65:51:aa:af:2e:45:55:85:2d:7a:56:64:0d:7e:
                    3c:67:f1:64:28:1b:f2:ac:82:eb:68:b0:c6:29:6b:
                    6a:2e:cb:b7:85:77:f9:42:e1:6a:ad:12:16:09:c5:
                    3e:f0:1d:0c:9d:88:69:90:d0:be:cf:d7:47:13:84:
                    e9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:B7:64:17:B6:5C:C0:86:7C:EA:64:0B:83:03:40:72:9C:2F:D5:11
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6a2f7401-8559-4633-8579-cca77d6fa971.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01a::/36

    Signature Algorithm: sha256WithRSAEncryption
         a3:8d:ac:39:34:0c:64:07:25:37:d7:db:2e:d9:28:28:c5:76:
         f1:ac:35:15:8f:26:df:48:5d:b2:a5:f5:de:31:60:bc:9f:9e:
         2c:5a:77:22:f8:21:4c:97:4a:2a:c8:81:64:19:b3:14:e7:d8:
         b8:51:60:0a:4d:65:c3:6e:ae:1f:52:8a:7b:eb:d9:c0:df:d0:
         0d:9b:60:60:ba:50:90:37:0d:44:fc:88:46:09:e5:7c:20:d1:
         00:a4:2b:4c:7e:ef:c8:0a:ea:8c:76:f7:74:00:c5:df:9d:61:
         e6:3a:fb:1e:85:65:07:4d:c8:a7:b8:33:39:88:70:2e:2f:f3:
         3a:17:19:34:92:f0:2c:98:a0:32:30:38:57:e7:89:35:2a:e6:
         59:da:c1:45:e0:08:48:60:3b:ff:cf:8e:a9:e1:49:3d:f0:bb:
         a5:82:09:09:78:b9:73:36:0e:cd:56:d5:b0:53:7d:2f:0e:00:
         e1:4d:37:26:98:52:3a:45:1a:88:91:11:9d:8b:ef:4e:ee:21:
         df:b8:25:aa:ce:44:50:75:ce:be:e5:18:e6:00:fc:fe:29:9a:
         58:96:33:15:4d:59:ed:f4:f0:b2:b0:0d:5b:a1:4e:7c:f4:be:
         db:41:35:1c:20:6a:e0:5b:f6:3a:16:12:95:4a:6b:02:f5:8d:
         d7:06:c3:22
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFspBfZb1l9z6GhbVFPHsbXk1DNowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTEwNDdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkOTFiODEyZDc1ZWY0NDk2ZDdiYjI4ZGMzMDVlNTkwY2UxNjczYmZhMDgx
ZjUwMmQxNzUyNDdjMzg4YzYwYWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANx2ppgu9eq4gbbR3xOnAp+fSqvrFVSRCKiJrzsq33vDTishN0Qyo2HRsRoU
QmtOii75cZQqmQiqOzXQljKz4/Nj9j/EYUIORWcD5UTK+k0IaZE4wiJNCAP39pvn
7EQ9NMj4jacimCRJUqsXFStwSVJFtfmbGx30j2mEEV5JXAN5oKmAvR8bkVqssm0a
TEYOgo7l/paBY9+Hb80BGgLWJWDjQs4DTXz4oesDTL2mtsJ29sRyh/5i1zEwzARK
2AzYOplPs2VRqq8uRVWFLXpWZA1+PGfxZCgb8qyC62iwxilrai7Lt4V3+ULhaq0S
FgnFPvAdDJ2IaZDQvs/XRxOE6TECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRnt2QX
tlzAhnzqZAuDA0BynC/VETAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NmEyZjc0MDEtODU1OS00NjMzLTg1NzktY2NhNzdkNmZhOTcxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BoA
MA0GCSqGSIb3DQEBCwUAA4IBAQCjjaw5NAxkByU319su2SgoxXbxrDUVjybfSF2y
pfXeMWC8n54sWnci+CFMl0oqyIFkGbMU59i4UWAKTWXDbq4fUop769nA39ANm2Bg
ulCQNw1E/IhGCeV8INEApCtMfu/ICuqMdvd0AMXfnWHmOvsehWUHTcinuDM5iHAu
L/M6Fxk0kvAsmKAyMDhX54k1KuZZ2sFF4AhIYDv/z46p4Uk98LulggkJeLlzNg7N
VtWwU30vDgDhTTcmmFI6RRqIkRGdi+9O7iHfuCWqzkRQdc6+5RjmAPz+KZpYljMV
TVnt9PCysA1boU589L7bQTUcIGrgW/Y6FhKVSmsC9Y3XBsMi
-----END CERTIFICATE-----