Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fd987fa-30e8-40bc-89c2-d89705d5fb83.roa
File:                     9fd987fa-30e8-40bc-89c2-d89705d5fb83.roa (raw, json)
Hash identifier:          PEsjl07/cZESQiWEfON1ehpHGeLFVvbOuyPa6+CCNxA=
Subject key identifier:   82:B5:1C:16:BB:38:9C:24:5C:63:BF:3C:16:52:07:52:EE:AD:7E:E8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7C8ECB40365520B3ACF2DB0C301F9CA1ED8840EC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fd987fa-30e8-40bc-89c2-d89705d5fb83.roa
Signing time:             Mon 31 Mar 2025 19:51:03 +0000
ROA not before:           Mon 31 Mar 2025 19:51:03 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:a000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:8e:cb:40:36:55:20:b3:ac:f2:db:0c:30:1f:9c:a1:ed:88:40:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:51:03 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6b:e2:16:2f:64:1e:22:f9:51:18:6f:78:c2:
                    49:21:ec:0e:b5:89:94:36:c9:78:89:f2:fb:3e:bf:
                    eb:c5:24:8c:96:0c:5d:81:2c:3a:6c:46:a7:af:15:
                    04:37:2b:74:53:f4:50:f4:2a:0e:db:66:c5:01:d7:
                    77:db:ee:b1:6c:4f:68:42:d6:a8:ad:ef:56:09:b4:
                    9f:16:d4:a7:4c:70:fd:dc:46:b7:36:37:cb:65:00:
                    98:0e:99:2d:2c:74:26:4a:61:00:e9:30:02:12:58:
                    f2:62:6d:00:85:0f:0b:c4:d6:8a:3f:e9:40:eb:c0:
                    98:0f:54:ee:c9:23:d6:c3:4f:c5:5f:0e:e1:0b:c2:
                    09:7d:9b:3d:6b:db:0a:51:2b:63:65:c2:1a:b7:3e:
                    99:fa:ab:a1:66:38:0c:35:53:4f:bb:70:95:62:f1:
                    fe:2f:7c:df:92:e6:91:dd:d9:11:fa:eb:b8:55:b2:
                    e1:0b:0e:29:21:8d:56:17:32:9d:8c:f2:eb:a4:f7:
                    16:b7:12:a1:ed:67:0c:ca:26:f3:64:e5:11:c6:1b:
                    de:0c:3b:73:84:02:6f:fb:89:36:8e:ba:a2:36:59:
                    46:42:f1:d5:cd:71:c0:ec:0c:e1:b6:f7:ee:63:18:
                    db:30:76:98:bc:84:a6:42:83:95:82:de:d7:15:5f:
                    55:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:B5:1C:16:BB:38:9C:24:5C:63:BF:3C:16:52:07:52:EE:AD:7E:E8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fd987fa-30e8-40bc-89c2-d89705d5fb83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         66:85:97:1b:69:c6:5e:5c:ff:37:dc:6d:fd:96:4c:3b:74:38:
         29:12:5b:ab:72:8e:47:54:18:93:55:cd:1e:1b:a7:9a:8a:ec:
         3f:7a:51:48:d3:fb:90:69:ea:34:24:68:9c:13:22:78:5e:51:
         cd:a7:bd:b1:d2:83:7b:9d:db:21:a8:5d:ec:03:02:02:a3:86:
         30:16:6e:95:1a:11:db:4b:a9:37:ef:fb:46:17:2d:1b:33:e6:
         02:cc:9c:3b:5b:be:2c:c7:fd:a9:27:49:67:57:af:4e:d5:0c:
         10:b8:66:70:63:00:97:5b:92:d8:28:29:60:6c:ae:69:ac:4f:
         bb:14:04:41:e1:57:c9:20:b5:0e:62:ac:ed:95:4f:9f:1c:bb:
         57:d7:4f:a2:53:c2:1a:08:b3:5d:94:cd:38:a4:ea:8f:6b:2e:
         3c:37:45:79:62:4d:65:b9:d0:61:7d:91:c7:ab:bc:ca:8b:a9:
         55:96:cc:0d:0d:9b:ef:41:eb:b9:6a:d9:3d:17:45:74:09:7a:
         ef:3d:c1:17:bf:d2:69:f0:62:43:41:86:36:fa:98:9d:1f:2e:
         44:dc:be:d3:2f:e6:7e:18:a2:ae:7c:6e:86:b5:43:68:d6:b5:
         ad:f8:34:d5:ed:0c:e1:a4:4f:c7:c7:82:49:fa:60:c7:28:a4:
         7f:75:61:67
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfI7LQDZVILOs8tsMMB+coe2IQOwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUxMDNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJmYzk2ODJlYzY5NjNkMDE1OGU5YjQyYTFkODBmN2VlM2IzOGI3YTViZDk3
MTkwODFiYjE0MmNhNjYxYWE4ZGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANFr4hYvZB4i+VEYb3jCSSHsDrWJlDbJeIny+z6/68UkjJYMXYEsOmxGp68V
BDcrdFP0UPQqDttmxQHXd9vusWxPaELWqK3vVgm0nxbUp0xw/dxGtzY3y2UAmA6Z
LSx0JkphAOkwAhJY8mJtAIUPC8TWij/pQOvAmA9U7skj1sNPxV8O4QvCCX2bPWvb
ClErY2XCGrc+mfqroWY4DDVTT7twlWLx/i9835Lmkd3ZEfrruFWy4QsOKSGNVhcy
nYzy66T3FrcSoe1nDMom82TlEcYb3gw7c4QCb/uJNo66ojZZRkLx1c1xwOwM4bb3
7mMY2zB2mLyEpkKDlYLe1xVfVdECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSCtRwW
uzicJFxjvzwWUgdS7q1+6DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWZkOTg3ZmEtMzBlOC00MGJjLTg5YzItZDg5NzA1ZDVmYjgzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACg
MA0GCSqGSIb3DQEBCwUAA4IBAQBmhZcbacZeXP833G39lkw7dDgpElurco5HVBiT
Vc0eG6eaiuw/elFI0/uQaeo0JGicEyJ4XlHNp72x0oN7ndshqF3sAwICo4YwFm6V
GhHbS6k37/tGFy0bM+YCzJw7W74sx/2pJ0lnV69O1QwQuGZwYwCXW5LYKClgbK5p
rE+7FARB4VfJILUOYqztlU+fHLtX10+iU8IaCLNdlM04pOqPay48N0V5Yk1ludBh
fZHHq7zKi6lVlswNDZvvQeu5atk9F0V0CXrvPcEXv9Jp8GJDQYY2+pidHy5E3L7T
L+Z+GKKufG6GtUNo1rWt+DTV7QzhpE/Hx4JJ+mDHKKR/dWFn
-----END CERTIFICATE-----