Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7dcf014f-af88-4ab9-9976-746ed8dec1a6.roa
File:                     7dcf014f-af88-4ab9-9976-746ed8dec1a6.roa (raw, json)
Hash identifier:          1kcvbIOAnpdn+Y7sNcx00QeOF6U+TLFHBzhaiKqJDn4=
Subject key identifier:   40:1D:C9:52:B1:F5:3F:95:E4:86:EF:4C:DA:D6:C0:EB:52:35:04:A7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       023306B1EFF16FDD104151F78DB76B57225A23B3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7dcf014f-af88-4ab9-9976-746ed8dec1a6.roa
Signing time:             Tue 01 Apr 2025 15:01:09 +0000
ROA not before:           Tue 01 Apr 2025 15:01:09 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:33:06:b1:ef:f1:6f:dd:10:41:51:f7:8d:b7:6b:57:22:5a:23:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  1 15:01:09 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f4:77:c3:8c:ab:ca:ad:b5:84:dc:74:47:a3:
                    a5:48:fb:27:0f:73:1a:49:59:55:4c:d3:71:51:b4:
                    6a:bc:fd:59:93:71:4e:e0:72:ca:43:3e:fe:bf:d4:
                    6c:77:eb:2f:06:e9:f7:64:e1:b1:be:62:90:1c:59:
                    b6:62:b9:e5:af:97:55:1f:23:a3:e6:b0:59:ad:b0:
                    4f:d2:59:f2:0f:35:37:23:59:f6:70:1d:b7:e1:fa:
                    6c:e0:5e:33:84:ab:f3:1f:1d:90:73:a6:f0:92:63:
                    b8:d1:6a:21:e8:32:1b:9a:19:74:fc:39:87:b9:3d:
                    d9:11:1d:54:ee:c9:30:d1:7e:5d:14:ed:cd:59:32:
                    27:86:f2:7c:5d:f4:ba:d7:69:10:86:ea:98:93:c0:
                    30:94:7e:b0:af:7c:d7:39:13:ed:8f:c6:aa:11:b5:
                    75:69:0a:65:ec:f9:3c:07:99:ae:ea:84:fd:0e:54:
                    73:a3:f5:cb:78:2b:c7:3e:ea:3a:9f:dc:4e:19:01:
                    a5:96:34:db:86:32:4e:fb:84:96:10:16:fb:f5:26:
                    0a:71:96:4c:05:a3:fd:02:3a:da:5d:18:94:a9:7c:
                    d8:8b:33:ce:17:03:5a:71:4e:28:21:1f:06:4f:56:
                    04:4c:87:c0:a4:37:ef:36:be:3a:e8:ed:c2:ff:e8:
                    ba:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1D:C9:52:B1:F5:3F:95:E4:86:EF:4C:DA:D6:C0:EB:52:35:04:A7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7dcf014f-af88-4ab9-9976-746ed8dec1a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:b1:25:17:e0:d9:b6:8b:9e:3c:1c:2c:0a:01:44:c9:68:46:
         92:06:70:c9:9f:c7:33:52:70:9f:d8:74:7c:eb:f5:9d:c8:ea:
         c7:99:c8:22:e2:8a:92:c0:0c:1a:a2:b2:04:67:df:87:fa:05:
         59:25:e4:c4:5a:03:86:32:d3:d0:3b:88:05:d6:f8:9a:b7:9a:
         94:68:6f:6a:c4:dd:bb:8f:df:e4:79:c0:31:28:51:ea:f5:db:
         c6:81:a6:03:2b:d7:25:60:cd:99:43:23:e3:94:78:46:11:91:
         f7:ca:58:b7:4b:7d:40:85:2d:93:82:fc:66:f9:62:6c:18:ec:
         cf:bf:3b:91:70:46:a2:7d:51:84:ba:de:08:a1:83:69:23:e2:
         50:66:96:0d:b2:29:02:b5:03:c3:af:66:dd:c4:02:b4:ac:e3:
         a6:7d:b0:08:b3:1b:4d:e8:6f:b4:71:0b:41:0f:49:06:6e:d4:
         a1:0f:f3:e6:fa:0d:7e:54:b5:f6:b4:a2:61:14:7e:c8:09:c4:
         3e:11:aa:9f:6e:e0:f8:a8:34:ce:dd:31:a2:7e:56:fd:5f:db:
         55:52:95:6a:fb:b9:ab:d7:b5:2c:3e:23:63:d7:2f:cb:f5:fc:
         b5:3e:4c:c5:11:86:9e:d8:06:cf:0d:57:fc:b7:d2:37:f3:ad:
         55:eb:01:42
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUAjMGse/xb90QQVH3jbdrVyJaI7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAxMDlaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGNkMTUyNzM5ODBlOTUwYmQ3NzAwMTcyMmRjZGJlNGQ4YzZjOGFhMDg2OWY2
MWZjMDNkMzkxZGJmYzNiYWNiYjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANz0d8OMq8qttYTcdEejpUj7Jw9zGklZVUzTcVG0arz9WZNxTuByykM+/r/U
bHfrLwbp92Thsb5ikBxZtmK55a+XVR8jo+awWa2wT9JZ8g81NyNZ9nAdt+H6bOBe
M4Sr8x8dkHOm8JJjuNFqIegyG5oZdPw5h7k92REdVO7JMNF+XRTtzVkyJ4byfF30
utdpEIbqmJPAMJR+sK981zkT7Y/GqhG1dWkKZez5PAeZruqE/Q5Uc6P1y3grxz7q
Op/cThkBpZY024YyTvuElhAW+/UmCnGWTAWj/QI62l0YlKl82IszzhcDWnFOKCEf
Bk9WBEyHwKQ37za+Oujtwv/oukUCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBRAHclS
sfU/leSG70za1sDrUjUEpzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2RjZjAxNGYtYWY4OC00YWI5LTk5NzYtNzQ2ZWQ4ZGVjMWE2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0Dgw
DQYJKoZIhvcNAQELBQADggEBAGixJRfg2baLnjwcLAoBRMloRpIGcMmfxzNScJ/Y
dHzr9Z3I6seZyCLiipLADBqisgRn34f6BVkl5MRaA4Yy09A7iAXW+Jq3mpRob2rE
3buP3+R5wDEoUer128aBpgMr1yVgzZlDI+OUeEYRkffKWLdLfUCFLZOC/Gb5YmwY
7M+/O5FwRqJ9UYS63gihg2kj4lBmlg2yKQK1A8OvZt3EArSs46Z9sAizG03ob7Rx
C0EPSQZu1KEP8+b6DX5Utfa0omEUfsgJxD4Rqp9u4PioNM7dMaJ+Vv1f21VSlWr7
uavXtSw+I2PXL8v1/LU+TMURhp7YBs8NV/y30jfzrVXrAUI=
-----END CERTIFICATE-----