Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7eb04123-5564-4d2f-bd3c-2a08a42d7579.roa
File:                     7eb04123-5564-4d2f-bd3c-2a08a42d7579.roa (raw, json)
Hash identifier:          qCaSrX0+bpMqH46M3NepuHiB7w5CyqltABEtjdOmFG4=
Subject key identifier:   7B:7A:F1:4A:14:0E:B9:B3:78:47:F8:52:97:A0:76:0D:DF:96:66:1F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       33C2DCE7BA94E87235D043978016F7BE51055023
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7eb04123-5564-4d2f-bd3c-2a08a42d7579.roa
Signing time:             Mon 31 Mar 2025 20:30:23 +0000
ROA not before:           Mon 31 Mar 2025 20:30:23 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:8000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:c2:dc:e7:ba:94:e8:72:35:d0:43:97:80:16:f7:be:51:05:50:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:30:23 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:5e:ff:5d:ff:5c:cb:54:4b:88:d7:a9:2c:
                    a8:b2:06:e2:34:fe:83:22:50:8a:56:96:40:31:2f:
                    24:c7:f1:9c:b5:3e:46:c4:06:56:1f:0d:55:fd:5f:
                    78:de:82:22:ce:c1:5a:cf:d1:59:6d:0e:be:30:dc:
                    92:7d:80:b3:6d:80:0b:71:ad:af:fc:b3:f6:35:af:
                    8f:7c:0d:e5:5c:59:85:96:4d:00:f7:05:55:a0:c4:
                    91:30:67:79:41:6e:74:34:5d:cc:f1:1d:9f:fc:af:
                    9f:24:ed:56:0c:cd:8c:37:f2:1e:57:07:0d:55:01:
                    fe:19:70:1d:9e:b9:43:4c:90:99:3d:5e:4e:2c:a9:
                    db:dc:0d:f1:15:75:e8:1a:6b:7e:a5:64:2d:d0:55:
                    59:91:fd:d2:e3:44:ce:70:0b:c5:b1:8d:eb:44:f8:
                    bd:56:c3:9c:41:8c:57:1c:4c:d8:9d:bc:9d:19:b8:
                    d3:2e:ce:8a:d1:67:fe:78:10:32:55:13:30:0d:3b:
                    43:76:9f:ee:24:85:27:88:79:b9:51:11:98:27:d0:
                    08:43:4f:eb:69:08:ee:0f:42:45:23:83:a0:c4:23:
                    4c:1b:9e:72:7b:fa:e6:36:b8:1a:73:b2:86:51:44:
                    26:01:0a:9e:7f:f3:57:9a:95:5e:e7:b5:af:08:c3:
                    85:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:7A:F1:4A:14:0E:B9:B3:78:47:F8:52:97:A0:76:0D:DF:96:66:1F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7eb04123-5564-4d2f-bd3c-2a08a42d7579.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         bf:94:1f:dd:f9:e6:71:d3:a8:ce:19:98:5b:c8:f8:b5:f7:cf:
         78:54:ea:17:31:e4:ab:c7:3f:e0:e8:01:fa:1f:e8:25:9b:83:
         91:f9:f0:d4:ab:08:c3:cb:a2:c1:a0:94:94:98:ab:89:62:75:
         7c:c7:7f:13:c2:5f:cc:f6:c1:c8:1f:91:40:39:ff:d1:f9:4f:
         a3:89:11:b4:24:6e:29:b4:40:e8:12:e4:e4:a3:fe:f3:39:2b:
         4d:b8:aa:fe:67:0b:07:ca:55:6e:0b:78:14:a4:29:6e:4b:9e:
         47:56:7c:fc:cd:72:2a:65:a1:5e:10:03:42:d7:c8:a2:06:f6:
         00:ac:14:f2:0c:e2:ff:2e:f6:bb:0c:76:98:1d:a7:47:7e:22:
         ad:b2:ac:da:72:17:07:68:27:be:87:15:1a:12:78:3c:33:85:
         2a:b7:6a:ce:29:2e:57:38:19:89:34:00:ae:e8:6d:80:9d:65:
         c3:ba:cc:bd:e0:2c:bc:2a:c4:a6:b6:04:7d:9b:74:55:ad:a1:
         d1:56:05:1c:fe:33:0e:d3:66:27:b6:0e:87:f0:40:c3:f5:2d:
         21:49:18:b1:e4:72:ee:b8:d1:25:5b:d5:e2:d9:c1:2f:ce:cf:
         92:b9:58:97:ea:a8:4f:23:d3:94:98:d3:65:4b:45:8a:47:78:
         ea:f3:ad:3f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUM8Lc57qU6HI10EOXgBb3vlEFUCMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMwMjNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJjMWExOTc1MTIyNDk4YTA4NDEyYmNhOWJjNzFhNTExMzMwNzk4NjVkZmJm
OGY2NDI2YzcxZWFlYzBiMGJjZDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKnFXv9d/1zLVEuI16ksqLIG4jT+gyJQilaWQDEvJMfxnLU+RsQGVh8NVf1f
eN6CIs7BWs/RWW0OvjDckn2As22AC3Gtr/yz9jWvj3wN5VxZhZZNAPcFVaDEkTBn
eUFudDRdzPEdn/yvnyTtVgzNjDfyHlcHDVUB/hlwHZ65Q0yQmT1eTiyp29wN8RV1
6BprfqVkLdBVWZH90uNEznALxbGN60T4vVbDnEGMVxxM2J28nRm40y7OitFn/ngQ
MlUTMA07Q3af7iSFJ4h5uVERmCfQCENP62kI7g9CRSODoMQjTBuecnv65ja4GnOy
hlFEJgEKnn/zV5qVXue1rwjDhT0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR7evFK
FA65s3hH+FKXoHYN35ZmHzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2ViMDQxMjMtNTU2NC00ZDJmLWJkM2MtMmEwOGE0MmQ3NTc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HuA
MA0GCSqGSIb3DQEBCwUAA4IBAQC/lB/d+eZx06jOGZhbyPi19894VOoXMeSrxz/g
6AH6H+glm4OR+fDUqwjDy6LBoJSUmKuJYnV8x38Twl/M9sHIH5FAOf/R+U+jiRG0
JG4ptEDoEuTko/7zOStNuKr+ZwsHylVuC3gUpCluS55HVnz8zXIqZaFeEANC18ii
BvYArBTyDOL/Lva7DHaYHadHfiKtsqzachcHaCe+hxUaEng8M4Uqt2rOKS5XOBmJ
NACu6G2AnWXDusy94Cy8KsSmtgR9m3RVraHRVgUc/jMO02Yntg6H8EDD9S0hSRix
5HLuuNElW9Xi2cEvzs+SuViX6qhPI9OUmNNlS0WKR3jq860/
-----END CERTIFICATE-----