Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
File:                     975dfb4d-ef39-4371-9678-ff7909080d1e.roa (raw, json)
Hash identifier:          1oconwNMZCRP8ioO7+KKdh/kTrPLg0o/Wcz8QEEQFVk=
Subject key identifier:   C6:16:38:E0:FB:B8:5B:AF:16:A9:88:2D:C4:59:35:1C:F6:53:A5:42
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       75C5BEA1A979D1974C952886B84BAA5D45593063
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
Signing time:             Mon 31 Mar 2025 19:21:10 +0000
ROA not before:           Mon 31 Mar 2025 19:21:10 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:b080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:c5:be:a1:a9:79:d1:97:4c:95:28:86:b8:4b:aa:5d:45:59:30:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:21:10 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b3:0a:2d:27:f7:c9:49:d3:f6:a4:90:0c:fd:
                    73:f1:3e:27:f7:17:69:b2:f0:24:e6:d1:92:2f:c5:
                    68:a2:d5:a0:82:e0:0e:c5:73:58:b5:90:d8:bd:d0:
                    3b:a4:8b:e7:7e:5d:10:bc:01:d9:00:3c:29:03:27:
                    76:2e:98:61:1a:f3:16:76:b4:6d:f2:3c:25:48:40:
                    66:19:37:a2:79:ff:4f:1d:57:ac:f3:31:59:53:f3:
                    76:8e:48:14:34:14:78:8e:02:06:0a:44:01:55:40:
                    ea:c5:60:84:4a:f0:fc:eb:a7:52:6d:e8:be:1f:63:
                    c8:76:db:1c:17:a1:83:ab:7f:46:e5:36:c1:51:0d:
                    37:84:bd:2f:e1:1d:f2:12:08:23:7a:0b:d1:e8:d8:
                    6b:74:1a:23:cd:eb:72:9a:52:cb:a2:9b:17:e5:66:
                    cb:33:c4:42:2a:79:d3:d8:13:5a:08:d8:c7:03:23:
                    46:bc:9c:3d:06:61:ee:d7:41:85:49:c0:2f:8d:e5:
                    08:f9:42:5e:c9:ee:1e:bf:65:f6:77:a1:0e:ae:aa:
                    84:66:1f:cd:d7:b7:86:ec:6e:68:ec:8d:a4:78:9f:
                    81:2b:17:62:53:50:30:bc:36:77:32:94:e7:32:f8:
                    50:d9:87:a0:42:8d:9a:6a:eb:fb:ce:4b:12:a5:69:
                    12:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:16:38:E0:FB:B8:5B:AF:16:A9:88:2D:C4:59:35:1C:F6:53:A5:42
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:b080::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:83:9b:a1:24:51:f1:6a:6e:87:36:c3:3b:2f:37:c9:f6:80:
         22:a5:59:30:30:ad:28:f3:53:b8:76:80:d1:72:ab:90:c3:b8:
         1f:5e:28:50:3a:93:b2:40:e9:fe:30:55:97:a2:47:c7:b9:4d:
         5e:bf:73:00:ef:1a:91:37:12:50:7a:af:ff:97:9e:2f:4f:32:
         c9:b1:5b:73:1f:30:c0:3d:18:82:42:2e:59:15:90:e9:d8:3f:
         91:83:36:94:db:48:dc:e4:8b:b9:24:b5:2e:7f:e0:31:30:a8:
         4d:fc:37:f8:99:c5:a5:0f:10:2e:74:5b:8a:26:db:5b:c0:19:
         5f:aa:2c:ec:4f:53:2a:68:33:63:b3:cf:4c:21:40:c4:f7:8c:
         ed:a7:d9:e7:eb:d2:fb:96:cb:e7:75:ea:f7:5e:61:4e:21:d5:
         cd:36:ec:25:6b:fd:3b:4d:62:42:5a:63:b7:9d:ef:ed:a4:6e:
         75:ef:44:4f:1b:d2:4e:eb:dd:ac:46:96:2c:d0:ae:c3:93:9a:
         ef:23:41:e4:26:7f:6a:c7:c1:57:23:03:72:51:3f:f2:93:77:
         9f:b3:77:d6:0c:5c:34:b6:40:e3:83:c0:74:86:30:bf:2e:b2:
         17:97:0a:a2:0a:8f:ad:a0:73:e7:4d:8b:4a:e4:78:a8:35:57:
         f8:a4:3a:98
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUdcW+oal50ZdMlSiGuEuqXUVZMGMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTIxMTBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDMyOWI2ZWQ2MWQzMGI3ODRlMDdmNWQwMWZkYTdhMDc0Y2JmZWFjYjYxZGQ1
OGViZmM3MWRlNDNiZDdlMjJkMzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANKzCi0n98lJ0/akkAz9c/E+J/cXabLwJObRki/FaKLVoILgDsVzWLWQ2L3Q
O6SL535dELwB2QA8KQMndi6YYRrzFna0bfI8JUhAZhk3onn/Tx1XrPMxWVPzdo5I
FDQUeI4CBgpEAVVA6sVghErw/OunUm3ovh9jyHbbHBehg6t/RuU2wVENN4S9L+Ed
8hIII3oL0ejYa3QaI83rcppSy6KbF+VmyzPEQip509gTWgjYxwMjRrycPQZh7tdB
hUnAL43lCPlCXsnuHr9l9nehDq6qhGYfzde3huxuaOyNpHifgSsXYlNQMLw2dzKU
5zL4UNmHoEKNmmrr+85LEqVpEjkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTGFjjg
+7hbrxapiC3EWTUc9lOlQjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTc1ZGZiNGQtZWYzOS00MzcxLTk2NzgtZmY3OTA5MDgwZDFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKw
gDANBgkqhkiG9w0BAQsFAAOCAQEAvYOboSRR8WpuhzbDOy83yfaAIqVZMDCtKPNT
uHaA0XKrkMO4H14oUDqTskDp/jBVl6JHx7lNXr9zAO8akTcSUHqv/5eeL08yybFb
cx8wwD0YgkIuWRWQ6dg/kYM2lNtI3OSLuSS1Ln/gMTCoTfw3+JnFpQ8QLnRbiibb
W8AZX6os7E9TKmgzY7PPTCFAxPeM7afZ5+vS+5bL53Xq915hTiHVzTbsJWv9O01i
Qlpjt53v7aRude9ETxvSTuvdrEaWLNCuw5Oa7yNB5CZ/asfBVyMDclE/8pN3n7N3
1gxcNLZA44PAdIYwvy6yF5cKogqPraBz502LSuR4qDVX+KQ6mA==
-----END CERTIFICATE-----