Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/97535b7f-b66d-439d-9398-8336783c9ea4.roa
File:                     97535b7f-b66d-439d-9398-8336783c9ea4.roa (raw, json)
Hash identifier:          ENqxGrYB2c7UHB1eNRJMDQ/2xRV0t3IPuq4MsrBNWNo=
Subject key identifier:   E3:96:E3:72:87:46:33:3F:0F:47:0D:7D:6B:E8:62:BA:40:10:D6:DB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       14756A7269A3F4F471B653F6AB70115F136541E4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/97535b7f-b66d-439d-9398-8336783c9ea4.roa
Signing time:             Mon 31 Mar 2025 19:01:29 +0000
ROA not before:           Mon 31 Mar 2025 19:01:29 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:5040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:75:6a:72:69:a3:f4:f4:71:b6:53:f6:ab:70:11:5f:13:65:41:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:01:29 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:29:42:6b:c0:31:c9:f9:72:8f:0a:8f:8f:30:
                    dc:02:e1:55:73:ad:8a:fa:59:47:2e:d3:04:1a:2c:
                    01:a8:48:0c:c7:3e:fc:26:c4:33:9d:17:da:b2:9f:
                    be:0a:e5:70:c2:f0:dc:bd:8e:d9:fc:ed:b9:64:cd:
                    7d:d5:d8:1d:3f:28:d5:d9:28:b4:92:7d:47:07:f7:
                    9d:38:c1:1a:b1:86:df:e3:4d:1c:2d:51:bf:de:8a:
                    9e:5c:73:4f:2d:95:4b:5a:ee:9f:1c:c9:c0:57:71:
                    40:e7:9e:a3:6e:fa:45:4e:e2:cf:a9:4a:8f:82:4d:
                    4a:8f:e6:89:2f:68:30:d0:d3:de:9a:59:0f:f6:0e:
                    66:a9:54:d9:53:6f:29:64:ed:57:d7:7b:9b:97:f1:
                    fb:71:24:6d:b8:19:cc:d0:30:50:a2:b3:85:11:c2:
                    97:ff:e7:4d:3a:80:67:c5:7d:5b:fe:e0:91:37:11:
                    8f:c5:4a:4f:ab:12:a1:c3:e2:2c:67:fe:36:b5:03:
                    cc:fc:2f:b7:90:5f:e9:1a:56:6f:51:13:d6:a5:c8:
                    e6:36:fe:7d:b2:0c:41:13:0b:fc:f9:7a:f4:e9:27:
                    56:01:52:ae:fe:67:93:c4:67:88:87:28:db:85:95:
                    e7:0b:3e:4a:cd:a5:0e:f3:52:be:71:19:48:67:ce:
                    cb:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:96:E3:72:87:46:33:3F:0F:47:0D:7D:6B:E8:62:BA:40:10:D6:DB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/97535b7f-b66d-439d-9398-8336783c9ea4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:5040::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:02:31:1e:1b:3e:9f:de:b4:9d:bf:20:67:21:3f:a7:e7:62:
         30:7c:23:81:c1:20:d0:98:68:06:a8:88:5f:68:80:2e:83:5c:
         95:70:8c:de:1f:d3:70:7a:01:ee:78:01:30:4e:ef:57:1c:26:
         0e:3f:86:39:ae:01:1e:f6:51:fd:32:2c:c1:60:2b:b0:e0:87:
         5f:33:7c:30:4d:87:24:9a:d0:57:d9:ce:dc:e9:94:d5:b2:5b:
         75:bd:c3:86:13:be:68:95:bd:2d:a9:ee:e0:6b:7a:0c:4c:cc:
         f6:1d:5f:26:a1:00:e9:6d:e2:3f:83:39:c2:f6:74:9b:a2:5c:
         9d:59:fd:7c:0b:3b:a6:c2:4b:b1:3c:7d:7e:dc:4f:7b:d6:0c:
         f0:10:a6:41:d0:d0:cc:d2:d3:9b:83:19:a2:23:d8:69:ce:4b:
         a3:75:17:03:42:c9:f7:33:57:67:57:9f:91:6c:78:1a:39:78:
         bf:e7:97:c9:4e:4e:8c:16:f5:bf:90:35:49:cb:60:9f:ee:21:
         7c:b9:9c:b0:fb:57:42:29:2e:f5:05:0e:8b:f0:4a:b4:11:02:
         a8:dd:b0:3d:45:54:5c:de:a2:de:e9:66:87:53:e5:12:0a:47:
         6e:d4:8d:24:41:ca:64:e8:48:77:50:86:04:22:0b:b2:93:e2:
         e9:a0:a6:53
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFHVqcmmj9PRxtlP2q3ARXxNlQeQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTAxMjlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyNWNkYWYwM2YyMzVjNmYxMzVlMDk3ZTJkMzQ2ZmU1YTA1NGIzZDRhNjY5
ZGM0ZjZlNThlYjBiMWUxOTJmNjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALIpQmvAMcn5co8Kj48w3ALhVXOtivpZRy7TBBosAahIDMc+/CbEM50X2rKf
vgrlcMLw3L2O2fztuWTNfdXYHT8o1dkotJJ9Rwf3nTjBGrGG3+NNHC1Rv96Knlxz
Ty2VS1runxzJwFdxQOeeo276RU7iz6lKj4JNSo/miS9oMNDT3ppZD/YOZqlU2VNv
KWTtV9d7m5fx+3EkbbgZzNAwUKKzhRHCl//nTTqAZ8V9W/7gkTcRj8VKT6sSocPi
LGf+NrUDzPwvt5Bf6RpWb1ET1qXI5jb+fbIMQRML/Pl69OknVgFSrv5nk8RniIco
24WV5ws+Ss2lDvNSvnEZSGfOy4cCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTjluNy
h0YzPw9HDX1r6GK6QBDW2zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTc1MzViN2YtYjY2ZC00MzlkLTkzOTgtODMzNjc4M2M5ZWE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DFQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAOQIxHhs+n960nb8gZyE/p+diMHwjgcEg0Jho
BqiIX2iALoNclXCM3h/TcHoB7ngBME7vVxwmDj+GOa4BHvZR/TIswWArsOCHXzN8
ME2HJJrQV9nO3OmU1bJbdb3DhhO+aJW9Lanu4Gt6DEzM9h1fJqEA6W3iP4M5wvZ0
m6JcnVn9fAs7psJLsTx9ftxPe9YM8BCmQdDQzNLTm4MZoiPYac5Lo3UXA0LJ9zNX
Z1efkWx4Gjl4v+eXyU5OjBb1v5A1Sctgn+4hfLmcsPtXQiku9QUOi/BKtBECqN2w
PUVUXN6i3ulmh1PlEgpHbtSNJEHKZOhId1CGBCILspPi6aCmUw==
-----END CERTIFICATE-----