Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b4bc5ce4-db80-4527-b720-60a744036322.roa
File:                     b4bc5ce4-db80-4527-b720-60a744036322.roa (raw, json)
Hash identifier:          Qzpq6iUUDXKahs6nvw8c3yb5O0Me5SB1fk12t7XdN0Q=
Subject key identifier:   74:E3:33:5B:F5:E7:8C:41:19:9D:F8:6D:8F:6E:05:60:C4:1C:12:6F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       031B69B29EDE541BB3B48409B09DD5221F83D9A7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b4bc5ce4-db80-4527-b720-60a744036322.roa
Signing time:             Mon 31 Mar 2025 20:40:53 +0000
ROA not before:           Mon 31 Mar 2025 20:40:53 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:b000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:1b:69:b2:9e:de:54:1b:b3:b4:84:09:b0:9d:d5:22:1f:83:d9:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:40:53 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:47:73:68:ef:d0:5c:49:a2:90:61:b1:3e:ba:
                    80:16:ed:5e:5f:e2:ee:10:fa:70:c8:cc:ab:16:87:
                    38:77:05:e9:c4:05:62:7e:4d:31:38:21:e3:44:69:
                    93:17:ed:0b:02:77:63:ad:3b:9d:5d:a3:c2:c6:1c:
                    dd:29:13:71:a4:32:b4:3b:65:91:c6:de:d0:90:0b:
                    2e:14:e4:a1:69:91:cf:1b:b0:6c:d6:e5:a2:3c:47:
                    d6:b8:b5:a3:35:61:8b:dc:42:26:41:ff:7c:09:10:
                    05:07:92:71:5c:41:22:c1:7a:f7:2b:f4:bd:ab:5b:
                    d4:0c:24:ac:bb:fd:76:94:b4:61:43:46:e6:61:a1:
                    29:5b:9c:d1:1b:19:2e:8b:83:07:0e:03:e6:6f:26:
                    e2:b2:42:ab:1d:6f:d0:b9:d4:6b:84:43:fe:6a:6f:
                    af:6f:17:d5:b5:94:de:9c:74:dd:44:1e:b5:d4:1d:
                    f9:23:40:8d:d6:b0:31:49:3d:77:ae:22:33:89:a4:
                    71:4e:d6:ca:a7:54:6b:40:09:90:56:6b:88:44:fb:
                    91:6a:47:00:1d:54:cf:90:20:d0:28:1e:da:53:cb:
                    b7:fc:ce:64:83:14:47:ea:21:35:11:8f:ab:d0:37:
                    13:38:5f:c4:cb:73:1c:f1:c0:a3:44:0e:1b:69:47:
                    b7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E3:33:5B:F5:E7:8C:41:19:9D:F8:6D:8F:6E:05:60:C4:1C:12:6F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b4bc5ce4-db80-4527-b720-60a744036322.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         82:38:07:c0:23:c6:6a:bb:9b:e7:74:07:ee:62:14:77:8c:d0:
         1b:fe:14:e1:bb:cd:52:4a:68:b5:8e:98:15:bb:2d:6a:ed:95:
         1b:a8:fa:85:ee:b7:32:f5:e5:3d:40:44:30:b2:f6:39:66:71:
         e2:45:29:1d:f1:4c:78:3e:7d:cd:67:67:06:58:1f:1b:7f:5d:
         da:b2:89:be:6e:8b:f0:29:21:78:2a:bd:06:e7:d9:31:43:23:
         20:b8:b5:4d:8e:0e:70:9e:0c:f3:c1:04:26:e2:45:ee:9e:29:
         f8:f1:61:a5:9c:e0:b2:38:b7:0f:e9:23:b5:4f:00:ea:28:cd:
         fc:0c:e6:5e:27:ca:2c:48:ef:9c:e3:5c:8f:5a:a5:2b:c5:d1:
         5e:e0:c1:9a:76:0d:78:6a:fd:15:96:7e:a9:9e:13:21:8f:44:
         5d:c5:0a:a1:d5:36:6e:79:89:35:99:e2:e4:62:4e:c7:65:90:
         40:be:a1:04:28:5c:58:dc:97:98:cb:1e:b8:a7:f8:34:64:d3:
         5f:8b:94:98:c9:ac:89:02:fa:87:02:14:b6:5f:ce:b0:58:b6:
         fd:70:83:58:47:2f:72:49:b2:d1:a4:99:b2:5f:32:5b:39:4c:
         9c:ca:85:7a:bd:88:0d:1b:05:61:6d:39:b7:83:6c:f0:b2:c5:
         b7:47:e7:cb
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAxtpsp7eVBuztIQJsJ3VIh+D2acwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDQwNTNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY3MzRmOTc2OTQ2YzIzNGNhNTY0NWFjZTI5MGY1NWZlOTViMGU2ZDgyZmU1
ZDNhMzk2ZGM3NjY0MWMzY2M0YzgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL1Hc2jv0FxJopBhsT66gBbtXl/i7hD6cMjMqxaHOHcF6cQFYn5NMTgh40Rp
kxftCwJ3Y607nV2jwsYc3SkTcaQytDtlkcbe0JALLhTkoWmRzxuwbNblojxH1ri1
ozVhi9xCJkH/fAkQBQeScVxBIsF69yv0vatb1AwkrLv9dpS0YUNG5mGhKVuc0RsZ
LouDBw4D5m8m4rJCqx1v0LnUa4RD/mpvr28X1bWU3px03UQetdQd+SNAjdawMUk9
d64iM4mkcU7WyqdUa0AJkFZriET7kWpHAB1Uz5Ag0Cge2lPLt/zOZIMUR+ohNRGP
q9A3EzhfxMtzHPHAo0QOG2lHtxUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR04zNb
9eeMQRmd+G2PbgVgxBwSbzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjRiYzVjZTQtZGI4MC00NTI3LWI3MjAtNjBhNzQ0MDM2MzIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H6w
MA0GCSqGSIb3DQEBCwUAA4IBAQCCOAfAI8Zqu5vndAfuYhR3jNAb/hThu81SSmi1
jpgVuy1q7ZUbqPqF7rcy9eU9QEQwsvY5ZnHiRSkd8Ux4Pn3NZ2cGWB8bf13asom+
bovwKSF4Kr0G59kxQyMguLVNjg5wngzzwQQm4kXunin48WGlnOCyOLcP6SO1TwDq
KM38DOZeJ8osSO+c41yPWqUrxdFe4MGadg14av0Vln6pnhMhj0RdxQqh1TZueYk1
meLkYk7HZZBAvqEEKFxY3JeYyx64p/g0ZNNfi5SYyayJAvqHAhS2X86wWLb9cINY
Ry9ySbLRpJmyXzJbOUycyoV6vYgNGwVhbTm3g2zwssW3R+fL
-----END CERTIFICATE-----