Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fb96617-2d2f-468d-b766-35c52d9f2681.roa
File:                     9fb96617-2d2f-468d-b766-35c52d9f2681.roa (raw, json)
Hash identifier:          /GrJt+1j6s8X8niqPrZU25TLch4R5Be3Y2+TySkD348=
Subject key identifier:   B5:A9:98:E7:8C:6A:73:D1:A4:9D:B0:45:29:83:FC:37:AF:3E:84:58
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       393052971572B982558AF371BE2379E8E0C06356
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fb96617-2d2f-468d-b766-35c52d9f2681.roa
Signing time:             Mon 31 Mar 2025 21:01:35 +0000
ROA not before:           Mon 31 Mar 2025 21:01:35 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d015:800::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:30:52:97:15:72:b9:82:55:8a:f3:71:be:23:79:e8:e0:c0:63:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:01:35 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bf:e2:0a:1b:31:22:07:b8:03:c1:44:bc:eb:
                    f3:7c:cb:d4:38:ad:6d:42:a9:2c:3e:b1:1b:ae:f3:
                    c0:77:9e:64:de:7b:1c:77:34:f6:49:7b:b4:aa:ab:
                    f8:97:39:64:ac:b9:c4:fd:90:1f:07:66:46:33:a0:
                    63:52:bc:f1:35:25:b8:4e:2a:bd:40:5a:8a:09:77:
                    f3:2b:6e:e6:90:6e:12:83:93:1d:f4:c4:64:cf:0f:
                    14:01:32:86:d8:dc:cb:62:a4:50:33:52:47:38:f9:
                    07:d4:e9:9f:20:83:1e:cf:8b:8d:40:ad:ca:55:3e:
                    cc:bc:c4:1e:be:83:ec:40:bd:e7:92:63:61:04:b5:
                    c2:83:f1:f1:ae:d8:5f:bb:80:88:31:71:30:7f:0a:
                    7c:68:e6:71:86:12:e6:b3:ac:29:ea:50:bb:a1:c8:
                    01:26:65:e6:bc:9c:2c:37:8a:aa:5c:de:74:65:34:
                    2b:3c:8f:5d:b5:de:83:1b:36:c9:36:60:5d:9d:30:
                    2d:58:32:71:4a:a4:7d:e6:f3:05:ed:a0:dc:ac:44:
                    71:02:08:b1:b4:53:95:5d:74:0e:2b:62:40:d5:6a:
                    b4:e2:44:e8:24:89:f2:a8:e6:a9:19:8d:1a:91:3f:
                    06:df:f9:b2:63:35:b9:60:3a:d4:1e:8d:1b:b1:37:
                    aa:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:A9:98:E7:8C:6A:73:D1:A4:9D:B0:45:29:83:FC:37:AF:3E:84:58
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fb96617-2d2f-468d-b766-35c52d9f2681.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d015:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         48:00:01:34:d3:f8:38:e8:81:60:2b:b3:09:6b:d3:14:0c:37:
         06:01:3b:c9:92:64:5d:ea:11:0a:c8:28:e3:79:e6:5c:5d:4b:
         73:2f:0d:29:82:6a:34:be:67:0a:44:6f:a0:97:e5:bb:3f:d1:
         b6:17:00:c3:46:6e:8d:f6:01:ac:1a:10:37:fc:61:ea:61:d8:
         bf:ce:15:9e:7e:17:18:d4:1e:3b:c8:b1:2e:da:c9:61:41:16:
         e9:ec:3d:1c:78:a7:0f:c7:a1:fd:26:48:39:b2:80:29:8a:e8:
         b0:3a:57:10:17:6e:93:aa:5a:cb:8d:be:af:d1:8d:82:bc:fb:
         21:12:d2:15:2f:d0:c2:2f:91:97:2b:5d:64:58:04:4a:bf:45:
         3a:25:da:40:8a:5d:c1:1e:f9:fa:c8:b6:6b:b6:46:15:b0:0c:
         83:86:de:13:2d:89:b0:f4:41:da:7a:fe:6b:f4:16:d5:da:bc:
         04:4b:e9:34:d5:00:9d:cf:9a:81:b5:2e:66:aa:aa:ea:7d:56:
         fd:ee:ee:7a:8e:61:fa:df:48:68:14:cc:d6:54:99:67:3d:ae:
         da:18:94:4a:a8:43:ff:1a:d6:4c:fe:b5:e7:7e:35:f9:9f:6c:
         c1:d0:dc:20:d3:bd:e6:8a:22:44:81:92:33:5d:d0:e5:7f:e8:
         fd:78:9d:d7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOTBSlxVyuYJVivNxviN56ODAY1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAxMzVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ3NjdmMmY3YmNhOGNmZTA4MDlmOGUwOGI5MjU2NDI5NGE5YjgwZTQxNTk1
Yzk5MjhmZTA5NTBkMzM1ZmRhNDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALK/4gobMSIHuAPBRLzr83zL1DitbUKpLD6xG67zwHeeZN57HHc09kl7tKqr
+Jc5ZKy5xP2QHwdmRjOgY1K88TUluE4qvUBaigl38ytu5pBuEoOTHfTEZM8PFAEy
htjcy2KkUDNSRzj5B9TpnyCDHs+LjUCtylU+zLzEHr6D7EC955JjYQS1woPx8a7Y
X7uAiDFxMH8KfGjmcYYS5rOsKepQu6HIASZl5rycLDeKqlzedGU0KzyPXbXegxs2
yTZgXZ0wLVgycUqkfebzBe2g3KxEcQIIsbRTlV10DitiQNVqtOJE6CSJ8qjmqRmN
GpE/Bt/5smM1uWA61B6NG7E3qqcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS1qZjn
jGpz0aSdsEUpg/w3rz6EWDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWZiOTY2MTctMmQyZi00NjhkLWI3NjYtMzVjNTJkOWYyNjgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BUI
MA0GCSqGSIb3DQEBCwUAA4IBAQBIAAE00/g46IFgK7MJa9MUDDcGATvJkmRd6hEK
yCjjeeZcXUtzLw0pgmo0vmcKRG+gl+W7P9G2FwDDRm6N9gGsGhA3/GHqYdi/zhWe
fhcY1B47yLEu2slhQRbp7D0ceKcPx6H9Jkg5soApiuiwOlcQF26TqlrLjb6v0Y2C
vPshEtIVL9DCL5GXK11kWARKv0U6JdpAil3BHvn6yLZrtkYVsAyDht4TLYmw9EHa
ev5r9BbV2rwES+k01QCdz5qBtS5mqqrqfVb97u56jmH630hoFMzWVJlnPa7aGJRK
qEP/GtZM/rXnfjX5n2zB0Nwg073miiJEgZIzXdDlf+j9eJ3X
-----END CERTIFICATE-----