Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a1796bea-01c9-41b7-b13d-6932c4f36a42.roa
File:                     a1796bea-01c9-41b7-b13d-6932c4f36a42.roa (raw, json)
Hash identifier:          QrweQVz5FYsfIcbLXHsurK+21JR3i7HA2oDXj26UIVU=
Subject key identifier:   05:77:01:4F:A0:7F:CE:05:F3:27:FD:B3:F6:C5:2C:16:EF:FE:24:4C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7E95DEF65D0A58BBF3D5D32DF6F495F3A6E769E1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a1796bea-01c9-41b7-b13d-6932c4f36a42.roa
Signing time:             Mon 31 Mar 2025 19:41:11 +0000
ROA not before:           Mon 31 Mar 2025 19:41:11 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:a000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:95:de:f6:5d:0a:58:bb:f3:d5:d3:2d:f6:f4:95:f3:a6:e7:69:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:41:11 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:32:f1:69:75:61:90:25:48:bc:8f:b6:e8:f6:
                    63:75:9c:90:ca:62:1c:52:3a:da:af:d8:b4:fb:1f:
                    11:64:42:5e:f7:88:29:cd:1a:0a:e7:f2:c6:71:00:
                    6b:3f:bf:5a:2c:28:38:b8:fd:a5:49:60:73:8a:af:
                    37:dd:35:46:98:e4:2d:75:62:88:a0:bb:2b:9f:52:
                    94:a5:36:bc:7d:b9:db:c3:79:16:1a:d3:b3:f8:bb:
                    1d:5f:0c:0b:51:4c:e0:b3:3c:bb:0e:03:26:aa:e9:
                    ff:fc:73:4a:3a:0c:9f:e3:0a:bb:68:6c:22:8b:65:
                    9d:32:ed:c6:9a:9a:94:ae:b4:b6:e2:4f:6d:b6:91:
                    e8:ec:27:33:4b:01:17:b3:eb:99:fc:f9:44:77:64:
                    28:82:a0:75:b7:1e:ca:57:2f:45:13:73:c2:61:5f:
                    b0:93:00:0d:37:90:51:b7:5d:c2:67:f8:45:2a:c7:
                    42:8d:f8:82:c6:26:ac:bc:23:ed:53:bf:bc:7e:81:
                    49:32:51:1c:10:3c:92:d2:b1:86:3a:9c:b2:34:e2:
                    da:64:88:b3:27:4a:06:62:23:ea:48:b8:8f:a8:f1:
                    a8:0f:2f:94:be:be:6d:07:d7:f7:6e:87:7c:68:69:
                    0b:c2:7d:2d:a0:91:2f:bb:f3:da:dd:88:8a:9e:d5:
                    c4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:77:01:4F:A0:7F:CE:05:F3:27:FD:B3:F6:C5:2C:16:EF:FE:24:4C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a1796bea-01c9-41b7-b13d-6932c4f36a42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2c:18:6f:be:a4:68:44:2c:42:82:d1:b5:69:a2:69:71:22:53:
         ac:fa:96:03:a5:8a:d0:3c:64:b3:60:19:7b:ca:33:39:78:c4:
         b2:86:b3:be:72:73:e1:e5:ef:ff:32:7d:3f:13:4d:4e:d5:ce:
         03:48:86:98:6d:16:da:d5:94:2e:19:56:b9:3e:2f:23:54:fc:
         c5:0e:cc:cb:41:7d:4e:c4:fa:04:b3:0b:22:29:a5:41:6a:91:
         0c:75:b9:3c:cc:8e:a4:fe:d8:d4:8d:06:e8:f1:ad:12:55:b1:
         ea:62:fa:e9:bf:5d:48:27:7a:8f:fd:40:fd:45:1d:48:76:0c:
         81:60:5e:f9:c3:ab:1e:e8:3a:ab:52:88:74:14:3b:f6:7b:2e:
         04:3b:89:94:b3:f8:b2:cb:03:4a:02:a0:c2:76:20:3c:4f:a0:
         ad:5b:ae:b5:96:57:87:48:d5:fe:0b:88:a7:0a:c8:cb:2b:1d:
         a3:d6:fb:7a:01:3c:b3:b6:f5:a3:83:59:bc:58:6b:49:26:38:
         25:0a:08:61:4c:13:64:98:01:30:dd:f8:3f:0b:9a:49:4b:0b:
         09:76:d2:e5:d4:47:55:7a:c6:8c:28:e7:4f:be:14:51:a0:4a:
         4a:a5:3b:ea:5b:06:b6:6e:4f:f7:91:58:53:62:91:36:e9:9b:
         fd:8a:80:fa
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfpXe9l0KWLvz1dMt9vSV86bnaeEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTQxMTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlMWQ1OGY5MjZhMzNhNmE1ODlmZDNlZmFkZDMxNDEzMTMyMTllMjc5ODI3
OWU1YWI4OGY5NThkNWIwN2IzMTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKgy8Wl1YZAlSLyPtuj2Y3WckMpiHFI62q/YtPsfEWRCXveIKc0aCufyxnEA
az+/WiwoOLj9pUlgc4qvN901RpjkLXViiKC7K59SlKU2vH2528N5FhrTs/i7HV8M
C1FM4LM8uw4DJqrp//xzSjoMn+MKu2hsIotlnTLtxpqalK60tuJPbbaR6OwnM0sB
F7Prmfz5RHdkKIKgdbceylcvRRNzwmFfsJMADTeQUbddwmf4RSrHQo34gsYmrLwj
7VO/vH6BSTJRHBA8ktKxhjqcsjTi2mSIsydKBmIj6ki4j6jxqA8vlL6+bQfX926H
fGhpC8J9LaCRL7vz2t2Iip7VxPMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQFdwFP
oH/OBfMn/bP2xSwW7/4kTDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTE3OTZiZWEtMDFjOS00MWI3LWIxM2QtNjkzMmM0ZjM2YTQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DGg
MA0GCSqGSIb3DQEBCwUAA4IBAQAsGG++pGhELEKC0bVpomlxIlOs+pYDpYrQPGSz
YBl7yjM5eMSyhrO+cnPh5e//Mn0/E01O1c4DSIaYbRba1ZQuGVa5Pi8jVPzFDszL
QX1OxPoEswsiKaVBapEMdbk8zI6k/tjUjQbo8a0SVbHqYvrpv11IJ3qP/UD9RR1I
dgyBYF75w6se6DqrUoh0FDv2ey4EO4mUs/iyywNKAqDCdiA8T6CtW661lleHSNX+
C4inCsjLKx2j1vt6ATyztvWjg1m8WGtJJjglCghhTBNkmAEw3fg/C5pJSwsJdtLl
1EdVesaMKOdPvhRRoEpKpTvqWwa2bk/3kVhTYpE26Zv9ioD6
-----END CERTIFICATE-----