Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/93932fd5-a431-4690-94d6-ed2f97f585c1.roa
File:                     93932fd5-a431-4690-94d6-ed2f97f585c1.roa (raw, json)
Hash identifier:          U5m3j+ooHbBaOIYFClz8wVBGprvswKFUy6ViKzPxnZg=
Subject key identifier:   A6:09:38:75:82:F1:77:99:14:E8:31:B8:5F:BF:7C:9E:59:94:65:DC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7D6787D29A821216C752237FA5ACE59DE2D5B14E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/93932fd5-a431-4690-94d6-ed2f97f585c1.roa
Signing time:             Mon 31 Mar 2025 21:01:27 +0000
ROA not before:           Mon 31 Mar 2025 21:01:27 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d012:800::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:67:87:d2:9a:82:12:16:c7:52:23:7f:a5:ac:e5:9d:e2:d5:b1:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:01:27 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0f:99:7d:59:04:22:ab:82:f5:02:75:e4:e2:
                    35:3a:61:0b:05:cb:2e:2b:6f:06:0c:15:c5:b0:3f:
                    be:47:42:0a:54:b1:80:64:42:a3:87:dc:02:8b:02:
                    a1:2d:d4:f3:69:c3:17:ec:9e:29:ec:3d:f7:64:d0:
                    c5:f8:c4:53:50:43:0f:5b:8c:33:ac:7b:5d:f5:2c:
                    64:2e:7b:4c:ff:4d:16:32:ad:8c:98:1b:70:ea:d9:
                    97:76:ac:35:9e:7c:f0:bb:b9:c8:40:68:80:d3:a7:
                    27:0c:ee:6c:ec:e0:35:70:b1:ff:e5:8e:37:0c:1b:
                    e2:59:58:b0:74:96:7a:fd:91:90:4f:8b:8c:40:b9:
                    5b:53:9a:47:a6:8e:0f:c2:12:a8:5b:af:47:15:b8:
                    73:a5:b1:7b:8f:2b:b2:3a:a6:09:ec:01:19:b3:4d:
                    ff:9a:e4:cd:d9:96:27:47:bc:ce:36:a4:75:b1:74:
                    c2:e7:5a:d9:29:c2:e8:9e:ad:a7:64:d5:95:2f:6d:
                    7b:b5:46:77:f0:e9:b9:da:55:ee:0a:fb:9a:49:75:
                    a0:f7:54:1a:4c:83:3d:e0:de:72:4e:de:4e:ef:4a:
                    c9:61:7f:82:b9:c1:b8:a9:7d:fb:93:ec:90:89:80:
                    44:d5:b1:7b:14:64:b2:af:c7:b9:9a:0c:65:64:8c:
                    6a:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:09:38:75:82:F1:77:99:14:E8:31:B8:5F:BF:7C:9E:59:94:65:DC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/93932fd5-a431-4690-94d6-ed2f97f585c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d012:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         58:2a:86:7f:14:2a:05:e7:ab:30:f2:39:20:00:f5:d7:71:0b:
         69:d4:cd:01:cb:1a:8b:18:68:8e:e8:85:f4:31:e2:f3:8e:21:
         b2:3e:78:47:28:78:ae:0c:ac:fb:b2:ae:fa:f7:00:b8:a5:2f:
         a7:43:f9:2e:82:ec:db:58:de:c5:4b:61:6d:7b:e5:8e:77:2c:
         56:1f:f0:1e:41:d4:bb:23:6c:3e:cc:83:a2:59:6f:f1:ee:65:
         f4:a8:8f:da:7b:3e:cd:a0:3d:ef:0f:4a:94:c3:bc:52:39:87:
         43:33:50:8c:3c:b8:b3:f0:36:d9:73:94:b8:c8:19:a2:3b:3a:
         34:09:53:70:2c:82:26:fd:f4:e1:8a:14:be:af:fb:e1:e9:4d:
         80:a9:34:b0:c7:d3:5c:c4:8d:bd:3b:9d:d3:af:35:b5:6d:38:
         88:72:38:bc:ca:4d:08:5f:66:bb:fc:ee:f7:46:24:4a:b9:65:
         8a:03:2d:69:ff:c7:7b:a1:8f:30:7b:5b:cc:7f:7b:7d:77:18:
         da:c2:e6:59:2e:fd:c5:42:b0:7c:65:a0:ec:7b:13:52:60:62:
         5d:67:df:c5:d4:87:22:b9:cd:03:c6:c0:fb:f1:73:f8:d1:9a:
         3d:f4:da:09:3c:1f:13:5a:39:29:31:16:16:d7:59:00:a5:c0:
         a6:3d:1b:0a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfWeH0pqCEhbHUiN/pazlneLVsU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAxMjdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU2YjRhNGU1NDY0NWU2YTgxMDc4OWNjNGE5NzFkYjA3MWZjNzc2ZDkwNzE5
N2U0ZGU4ZGNhY2I1M2QyYTE2MDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALIPmX1ZBCKrgvUCdeTiNTphCwXLLitvBgwVxbA/vkdCClSxgGRCo4fcAosC
oS3U82nDF+yeKew992TQxfjEU1BDD1uMM6x7XfUsZC57TP9NFjKtjJgbcOrZl3as
NZ588Lu5yEBogNOnJwzubOzgNXCx/+WONwwb4llYsHSWev2RkE+LjEC5W1OaR6aO
D8ISqFuvRxW4c6Wxe48rsjqmCewBGbNN/5rkzdmWJ0e8zjakdbF0wuda2SnC6J6t
p2TVlS9te7VGd/DpudpV7gr7mkl1oPdUGkyDPeDeck7eTu9KyWF/grnBuKl9+5Ps
kImARNWxexRksq/HuZoMZWSMamkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSmCTh1
gvF3mRToMbhfv3yeWZRl3DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTM5MzJmZDUtYTQzMS00NjkwLTk0ZDYtZWQyZjk3ZjU4NWMxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BII
MA0GCSqGSIb3DQEBCwUAA4IBAQBYKoZ/FCoF56sw8jkgAPXXcQtp1M0ByxqLGGiO
6IX0MeLzjiGyPnhHKHiuDKz7sq769wC4pS+nQ/kuguzbWN7FS2Fte+WOdyxWH/Ae
QdS7I2w+zIOiWW/x7mX0qI/aez7NoD3vD0qUw7xSOYdDM1CMPLiz8DbZc5S4yBmi
Ozo0CVNwLIIm/fThihS+r/vh6U2AqTSwx9NcxI29O53TrzW1bTiIcji8yk0IX2a7
/O73RiRKuWWKAy1p/8d7oY8we1vMf3t9dxjawuZZLv3FQrB8ZaDsexNSYGJdZ9/F
1Iciuc0DxsD78XP40Zo99NoJPB8TWjkpMRYW11kApcCmPRsK
-----END CERTIFICATE-----