Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7ab64f0c-c76e-4d78-bdcc-28b3e3d8a5cc.roa
File:                     7ab64f0c-c76e-4d78-bdcc-28b3e3d8a5cc.roa (raw, json)
Hash identifier:          zE9+JuWNyepjtozbPlEncs/NXJy+aFM+BjPa00reCxI=
Subject key identifier:   3F:34:84:A5:BC:93:3D:DE:33:6D:A2:1B:F6:F6:93:97:34:C6:7F:DF
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5B74E818CE4DBCF115685B687A655A29943850EC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7ab64f0c-c76e-4d78-bdcc-28b3e3d8a5cc.roa
Signing time:             Mon 31 Mar 2025 20:31:09 +0000
ROA not before:           Mon 31 Mar 2025 20:31:09 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:b000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:74:e8:18:ce:4d:bc:f1:15:68:5b:68:7a:65:5a:29:94:38:50:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:09 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9c:a7:45:99:e1:49:77:24:27:2d:71:59:a5:
                    d1:53:90:f9:2b:1b:63:66:35:8c:f6:0e:d2:76:96:
                    a2:8e:91:b7:03:3c:40:6b:88:26:cd:e6:1b:95:33:
                    bb:12:e2:82:a3:da:89:40:e5:c1:c8:1a:a9:fb:e2:
                    e4:70:30:ed:ed:8a:50:1f:fd:2a:b8:da:03:c0:34:
                    17:35:82:38:0b:a7:e8:fa:a2:ae:45:a3:46:c5:c7:
                    cf:6b:91:a3:b6:7b:24:95:02:7f:fb:4a:f9:23:0d:
                    8d:91:de:d3:96:58:c4:fc:5f:7a:a4:03:9b:de:e4:
                    97:9c:dc:67:2f:86:ef:93:f4:c6:f3:f6:c6:15:06:
                    c8:23:84:80:33:cc:da:5a:e1:88:98:70:c2:9a:8e:
                    59:8d:32:70:ab:5d:33:6b:51:1d:08:16:ad:d2:b0:
                    db:45:39:ae:b1:d7:3d:d1:64:72:75:ec:8b:a9:2f:
                    06:3a:1f:cf:3a:c6:43:88:ee:fc:8a:75:48:9f:f4:
                    22:72:5f:e2:0d:20:87:cd:cd:62:fe:44:bb:e9:65:
                    39:6b:05:63:f7:1a:c0:66:49:4b:59:71:31:10:c2:
                    25:95:36:b0:7b:09:ef:b8:c9:44:11:d5:89:bf:07:
                    7c:cb:3b:a4:49:3a:33:4b:06:36:86:ba:4a:0a:90:
                    90:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:34:84:A5:BC:93:3D:DE:33:6D:A2:1B:F6:F6:93:97:34:C6:7F:DF
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7ab64f0c-c76e-4d78-bdcc-28b3e3d8a5cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5a:96:54:76:f9:ad:d2:c2:87:15:37:0c:dc:56:41:3b:80:1d:
         64:48:0f:db:5f:45:20:46:4b:68:db:02:24:e9:f1:04:90:8a:
         fb:b2:5b:33:14:1b:44:f3:ae:50:47:c4:9e:a2:c4:d5:14:4e:
         68:09:61:46:ec:db:24:67:a3:00:3b:14:de:7c:41:dd:65:ba:
         5f:7d:c7:b8:5f:a4:14:bc:c7:75:fd:3b:e8:f8:79:fc:2f:b5:
         e1:3e:df:aa:17:b9:86:93:01:6d:58:dc:5c:14:de:aa:7d:3e:
         57:48:30:31:cb:14:26:b9:cd:32:d4:40:7b:20:56:86:aa:d4:
         d7:72:dd:9b:a3:af:58:7b:79:9c:f0:7d:0d:92:28:ce:a6:22:
         b5:66:15:28:45:6b:53:5d:99:16:af:2d:67:f3:7c:79:40:0e:
         b5:30:13:39:ce:3a:5b:6d:a3:2c:85:be:18:c1:8d:fa:61:2a:
         56:ae:a1:30:b8:04:c4:3f:c9:c7:39:ef:64:0e:89:62:de:66:
         da:14:6a:ce:df:d4:5d:06:33:0b:ca:07:89:2d:0e:43:b6:8e:
         02:c3:a6:4f:a1:79:38:da:44:56:0a:60:6d:1c:bb:e9:b4:f9:
         ca:04:e3:96:18:cd:30:88:fe:a0:71:7c:0d:39:db:4d:9f:94:
         19:9d:8e:25
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUW3ToGM5NvPEVaFtoemVaKZQ4UOwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxMDlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGExZTI5YTdmZDBhOWNlNjczNGE4MmUzMjJiYzMxNDZmOGU5Zjc3OGY2M2Mw
MmU1Mjc5MDMyNDRmNTEzZjg1MzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKicp0WZ4Ul3JCctcVml0VOQ+SsbY2Y1jPYO0naWoo6RtwM8QGuIJs3mG5Uz
uxLigqPaiUDlwcgaqfvi5HAw7e2KUB/9KrjaA8A0FzWCOAun6PqirkWjRsXHz2uR
o7Z7JJUCf/tK+SMNjZHe05ZYxPxfeqQDm97kl5zcZy+G75P0xvP2xhUGyCOEgDPM
2lrhiJhwwpqOWY0ycKtdM2tRHQgWrdKw20U5rrHXPdFkcnXsi6kvBjofzzrGQ4ju
/Ip1SJ/0InJf4g0gh83NYv5Eu+llOWsFY/cawGZJS1lxMRDCJZU2sHsJ77jJRBHV
ib8HfMs7pEk6M0sGNoa6SgqQkIECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ/NISl
vJM93jNtohv29pOXNMZ/3zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2FiNjRmMGMtYzc2ZS00ZDc4LWJkY2MtMjhiM2UzZDhhNWNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Huw
MA0GCSqGSIb3DQEBCwUAA4IBAQBallR2+a3SwocVNwzcVkE7gB1kSA/bX0UgRkto
2wIk6fEEkIr7slszFBtE865QR8SeosTVFE5oCWFG7NskZ6MAOxTefEHdZbpffce4
X6QUvMd1/Tvo+Hn8L7XhPt+qF7mGkwFtWNxcFN6qfT5XSDAxyxQmuc0y1EB7IFaG
qtTXct2bo69Ye3mc8H0NkijOpiK1ZhUoRWtTXZkWry1n83x5QA61MBM5zjpbbaMs
hb4YwY36YSpWrqEwuATEP8nHOe9kDoli3mbaFGrO39RdBjMLygeJLQ5Dto4Cw6ZP
oXk42kRWCmBtHLvptPnKBOOWGM0wiP6gcXwNOdtNn5QZnY4l
-----END CERTIFICATE-----