Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/82612ca1-cd90-4772-9e6c-3237a9225105.roa
File:                     82612ca1-cd90-4772-9e6c-3237a9225105.roa (raw, json)
Hash identifier:          sUbDQIek3L4JAfwycdaTbJO2c6ogKKR0SsyTnoOyp8I=
Subject key identifier:   2F:E8:96:E1:80:82:35:E9:AA:95:3A:BB:F6:BA:C9:A6:1E:03:6B:32
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0BAB7438C4AB1EA60EFF22B9661FA4FCAFC41A89
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/82612ca1-cd90-4772-9e6c-3237a9225105.roa
Signing time:             Mon 31 Mar 2025 20:31:51 +0000
ROA not before:           Mon 31 Mar 2025 20:31:51 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:4000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:ab:74:38:c4:ab:1e:a6:0e:ff:22:b9:66:1f:a4:fc:af:c4:1a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:51 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ce:57:ce:87:9a:82:dc:03:9b:ac:b4:7c:fc:
                    0e:1a:36:ea:ab:64:93:e7:23:f5:96:91:1e:70:78:
                    a0:32:d5:6f:1e:93:bd:d1:d9:f4:6a:d4:e9:f3:93:
                    e6:94:19:a5:87:c3:66:c2:15:4d:dd:13:be:9e:56:
                    2e:8b:07:29:62:04:0b:d0:9d:b9:a5:63:92:0f:cd:
                    88:6f:a4:2c:f1:0f:b0:e1:61:dd:f9:ad:48:49:d2:
                    05:16:23:6f:23:34:b9:74:c4:46:25:57:b8:b9:c4:
                    83:50:98:35:2c:4d:04:46:eb:7e:48:04:f6:f2:df:
                    ae:90:ab:54:ef:66:59:83:d1:14:75:c7:1a:4b:a8:
                    fa:9a:13:9b:b6:c5:db:5c:6a:ed:3f:62:fa:d5:59:
                    59:6a:35:2e:c7:3b:3c:64:a6:45:b1:62:70:9e:bc:
                    e4:d2:9b:a5:a0:80:a7:3b:69:b2:23:59:02:83:8a:
                    98:f0:92:a2:0a:43:b2:66:27:68:93:6b:75:b6:92:
                    77:cf:16:05:0b:00:85:c3:b1:fc:76:de:60:1c:80:
                    fc:75:09:ad:e2:ed:ff:b3:29:7a:3f:73:d2:eb:13:
                    e8:3c:a9:c6:32:00:8c:3c:7f:c5:c6:64:52:8a:83:
                    ea:9b:55:30:b0:0f:8c:0d:47:4a:f5:b5:69:ed:18:
                    d5:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E8:96:E1:80:82:35:E9:AA:95:3A:BB:F6:BA:C9:A6:1E:03:6B:32
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/82612ca1-cd90-4772-9e6c-3237a9225105.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         57:6d:5d:a8:67:9b:f4:c8:f2:ea:8f:aa:39:23:cb:b2:20:49:
         de:47:6a:40:21:5f:47:93:3a:d8:54:d4:d3:c5:94:25:8a:1d:
         3d:58:0d:4c:21:57:14:61:4d:33:49:b4:09:78:80:50:58:dd:
         b8:c8:a9:e8:c1:d5:77:fb:43:99:3c:1c:9f:dc:07:41:71:03:
         d7:83:e4:07:27:54:1a:2a:f1:ee:6a:88:56:26:8e:d4:60:53:
         cb:49:8a:90:11:9b:d5:d5:b7:ae:09:a2:bc:ca:7e:8c:a5:a9:
         f0:7c:c9:9d:5f:c9:23:a4:f1:34:b1:60:51:40:a7:e0:22:c4:
         fa:9b:bf:25:a6:b1:9c:e5:06:f5:c1:25:a2:76:b9:52:4a:53:
         64:75:55:b4:22:91:e3:fc:6b:01:3a:d8:96:b9:d7:8d:00:5f:
         c3:51:b3:98:8b:7a:bc:81:cb:b6:b6:8a:7e:cd:89:35:51:db:
         0b:55:f2:ef:e2:7c:ce:64:a8:dc:1d:a1:da:b6:7e:f5:af:d3:
         c9:9a:fc:b3:24:0d:bc:59:06:be:23:01:48:55:dd:d7:f4:57:
         59:74:06:8f:01:91:fc:85:54:e1:66:f7:d7:71:80:79:07:40:
         f9:30:e9:3e:f6:34:ca:1a:e2:c9:e7:ae:69:52:99:34:bd:b0:
         06:55:88:f7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUC6t0OMSrHqYO/yK5Zh+k/K/EGokwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxNTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk0ZDFjZTFkMmQxNTBkMDViZDllNzZiZWM0OTllY2FmMGRhZDI2ODY5YTU5
MTBlNDNkNDZkZTEwMDdmZWIwNmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMfOV86HmoLcA5ustHz8Dho26qtkk+cj9ZaRHnB4oDLVbx6TvdHZ9GrU6fOT
5pQZpYfDZsIVTd0Tvp5WLosHKWIEC9CduaVjkg/NiG+kLPEPsOFh3fmtSEnSBRYj
byM0uXTERiVXuLnEg1CYNSxNBEbrfkgE9vLfrpCrVO9mWYPRFHXHGkuo+poTm7bF
21xq7T9i+tVZWWo1Lsc7PGSmRbFicJ685NKbpaCApztpsiNZAoOKmPCSogpDsmYn
aJNrdbaSd88WBQsAhcOx/HbeYByA/HUJreLt/7Mpej9z0usT6DypxjIAjDx/xcZk
UoqD6ptVMLAPjA1HSvW1ae0Y1UMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQv6Jbh
gII16aqVOrv2usmmHgNrMjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODI2MTJjYTEtY2Q5MC00NzcyLTllNmMtMzIzN2E5MjI1MTA1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DVA
MA0GCSqGSIb3DQEBCwUAA4IBAQBXbV2oZ5v0yPLqj6o5I8uyIEneR2pAIV9HkzrY
VNTTxZQlih09WA1MIVcUYU0zSbQJeIBQWN24yKnowdV3+0OZPByf3AdBcQPXg+QH
J1QaKvHuaohWJo7UYFPLSYqQEZvV1beuCaK8yn6MpanwfMmdX8kjpPE0sWBRQKfg
IsT6m78lprGc5Qb1wSWidrlSSlNkdVW0IpHj/GsBOtiWudeNAF/DUbOYi3q8gcu2
top+zYk1UdsLVfLv4nzOZKjcHaHatn71r9PJmvyzJA28WQa+IwFIVd3X9FdZdAaP
AZH8hVThZvfXcYB5B0D5MOk+9jTKGuLJ565pUpk0vbAGVYj3
-----END CERTIFICATE-----