Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab7811c0-f548-43b8-897d-fac68de3433a.roa
File:                     ab7811c0-f548-43b8-897d-fac68de3433a.roa (raw, json)
Hash identifier:          MYHhYaIHDbt5nnyLxapS7el7+UkDIxjBOC7Dg9ZYTXk=
Subject key identifier:   91:93:A1:31:A5:B0:77:05:97:FB:CE:81:39:3D:6C:C6:4C:28:7B:C0
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       52B8C9F0D7E9A979EE1835C8A8D061B26D2F4B28
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab7811c0-f548-43b8-897d-fac68de3433a.roa
Signing time:             Mon 31 Mar 2025 21:21:23 +0000
ROA not before:           Mon 31 Mar 2025 21:21:23 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01c::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:b8:c9:f0:d7:e9:a9:79:ee:18:35:c8:a8:d0:61:b2:6d:2f:4b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:21:23 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:71:f2:e0:4e:21:0b:a8:c3:ec:05:a2:c2:68:
                    23:0c:10:e2:bd:bc:e3:d3:c7:52:cc:91:09:21:0b:
                    de:30:e9:82:18:b2:59:1f:72:6c:41:40:6c:d1:f0:
                    29:1b:07:9c:df:2f:0c:48:46:a4:a2:c6:b8:06:c8:
                    68:6c:ec:ba:1d:50:d3:c9:14:65:10:57:38:56:9b:
                    5f:87:b1:ff:54:de:6d:21:c4:4e:a8:dd:56:a9:da:
                    06:3a:02:49:ff:90:55:41:93:1f:55:67:f4:d6:2c:
                    54:27:d4:82:37:a6:61:60:68:ec:2d:55:20:e8:f5:
                    70:e3:93:11:21:51:bc:44:ca:d3:53:6e:2d:23:d1:
                    14:93:8d:fa:32:fd:3e:2e:f5:94:ef:d7:7f:c6:a8:
                    f0:71:f2:6a:04:49:0a:43:47:86:f6:e7:3e:5f:e6:
                    42:0f:26:a5:d3:fe:14:5c:79:e2:1a:6f:8a:4c:ff:
                    20:0b:42:ae:e9:e0:53:9e:36:cb:34:dd:d2:c3:19:
                    34:92:2f:fa:25:32:5f:22:33:2d:c9:a3:7e:81:06:
                    55:3e:f0:da:cf:c9:97:6a:f3:cf:83:86:11:bc:2c:
                    06:db:7e:24:e7:81:98:60:e0:e1:1f:67:e4:64:2d:
                    99:59:89:81:8c:3d:ec:58:2b:30:40:37:fe:1e:2b:
                    ec:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:93:A1:31:A5:B0:77:05:97:FB:CE:81:39:3D:6C:C6:4C:28:7B:C0
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab7811c0-f548-43b8-897d-fac68de3433a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01c::/36

    Signature Algorithm: sha256WithRSAEncryption
         12:36:b2:bc:25:f1:4c:a9:72:bc:ce:60:db:65:4a:23:2b:63:
         74:2a:9e:7d:49:94:07:f9:f2:c8:b1:f3:d7:c5:2b:d1:c6:06:
         6a:e6:11:71:21:83:a5:2c:58:a8:04:62:e3:bd:78:07:17:f7:
         8f:64:b9:ac:4b:65:97:b7:7f:55:0c:0c:c5:41:06:48:1d:05:
         ce:72:75:7a:f7:91:cb:6d:77:02:d5:b4:22:75:a9:c8:10:9f:
         5c:c2:b2:16:08:4b:06:f3:24:54:ec:21:b9:e4:60:9d:61:d9:
         22:e9:1b:02:f0:87:ef:a0:9c:2f:2f:69:49:73:8b:ac:a7:67:
         be:d0:d5:c0:98:86:e9:83:46:15:a3:ad:ea:31:e0:df:0e:ff:
         df:11:be:f6:9d:d9:af:10:50:89:6f:2a:03:50:2a:d1:36:9b:
         14:3c:fd:90:af:aa:48:9b:39:7a:54:cc:83:08:b9:7e:c8:b2:
         47:f0:83:35:14:a5:83:08:7d:94:be:de:3b:88:82:78:d6:6a:
         d3:9a:81:89:a7:8b:2b:a7:30:bd:2e:be:f6:03:1c:61:47:37:
         92:5e:6b:ec:56:7d:b6:4a:56:15:cf:e7:30:b8:07:00:40:ca:
         67:56:0a:ce:19:be:21:33:ca:b4:c9:8a:45:25:14:7d:08:dd:
         77:16:15:b1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUrjJ8NfpqXnuGDXIqNBhsm0vSygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTIxMjNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlMjUzMzYxY2I0NGE5NTI0NjkxOTMxNDM1Y2M1YTU3NDZiOTZmNjdmMjBi
MGJkNmNmN2IwZTM2M2IwNzAxNjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIlx8uBOIQuow+wFosJoIwwQ4r2849PHUsyRCSEL3jDpghiyWR9ybEFAbNHw
KRsHnN8vDEhGpKLGuAbIaGzsuh1Q08kUZRBXOFabX4ex/1TebSHETqjdVqnaBjoC
Sf+QVUGTH1Vn9NYsVCfUgjemYWBo7C1VIOj1cOOTESFRvETK01NuLSPRFJON+jL9
Pi71lO/Xf8ao8HHyagRJCkNHhvbnPl/mQg8mpdP+FFx54hpvikz/IAtCrungU542
yzTd0sMZNJIv+iUyXyIzLcmjfoEGVT7w2s/Jl2rzz4OGEbwsBtt+JOeBmGDg4R9n
5GQtmVmJgYw97FgrMEA3/h4r7DcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSRk6Ex
pbB3BZf7zoE5PWzGTCh7wDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWI3ODExYzAtZjU0OC00M2I4LTg5N2QtZmFjNjhkZTM0MzNhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BwA
MA0GCSqGSIb3DQEBCwUAA4IBAQASNrK8JfFMqXK8zmDbZUojK2N0Kp59SZQH+fLI
sfPXxSvRxgZq5hFxIYOlLFioBGLjvXgHF/ePZLmsS2WXt39VDAzFQQZIHQXOcnV6
95HLbXcC1bQidanIEJ9cwrIWCEsG8yRU7CG55GCdYdki6RsC8IfvoJwvL2lJc4us
p2e+0NXAmIbpg0YVo63qMeDfDv/fEb72ndmvEFCJbyoDUCrRNpsUPP2Qr6pImzl6
VMyDCLl+yLJH8IM1FKWDCH2Uvt47iIJ41mrTmoGJp4srpzC9Lr72AxxhRzeSXmvs
Vn22SlYVz+cwuAcAQMpnVgrOGb4hM8q0yYpFJRR9CN13FhWx
-----END CERTIFICATE-----