Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b5baa4ff-ac5d-476f-a428-fb66fb294867.roa
File:                     b5baa4ff-ac5d-476f-a428-fb66fb294867.roa (raw, json)
Hash identifier:          XhH/Kg6azKR8uIUJFuGXpHrG3sp1UJ/rCpeLK4cslQ0=
Subject key identifier:   88:CB:3B:94:77:C3:58:13:BB:7E:D4:BA:54:C6:C8:D5:25:AB:DF:D7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       77F2C13EA7C1407F3A88EFC09ACAA31F6B6A880F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b5baa4ff-ac5d-476f-a428-fb66fb294867.roa
Signing time:             Mon 31 Mar 2025 20:31:05 +0000
ROA not before:           Mon 31 Mar 2025 20:31:05 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:4000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:f2:c1:3e:a7:c1:40:7f:3a:88:ef:c0:9a:ca:a3:1f:6b:6a:88:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:05 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c3:b4:71:ff:c2:c0:f7:78:6b:fe:49:d4:b4:
                    78:fe:53:a4:d6:79:96:65:81:ec:49:35:38:33:73:
                    3c:38:dd:72:57:67:72:a9:a2:25:d6:b6:0b:2f:00:
                    a0:f7:3a:b0:5c:d9:ee:df:07:82:8f:d5:58:f2:da:
                    7e:5c:98:28:79:55:89:fd:7f:82:a9:c3:33:63:9b:
                    a7:8b:25:ed:3e:69:13:85:7b:a8:2a:a4:5d:1e:b5:
                    0d:66:5e:6e:7f:1f:f7:a3:81:cd:0a:55:de:e5:39:
                    c1:6a:af:60:c8:c7:88:32:82:cb:31:72:fe:ed:e3:
                    7c:4e:b5:eb:6e:bb:84:0a:87:bf:af:ef:3d:b3:0e:
                    77:e0:38:cf:d6:32:f0:45:66:2e:dd:e0:41:58:76:
                    0d:08:1a:6e:db:29:8b:41:65:5a:28:27:57:09:ba:
                    45:13:9c:86:59:ef:da:0d:6b:89:fe:f7:12:c1:3a:
                    a8:bc:33:a2:5a:37:d8:d3:6c:86:17:bd:57:2d:fc:
                    87:81:b6:c4:6d:11:69:ac:0c:f5:a5:9f:ee:b5:b2:
                    30:39:e3:24:ac:57:ec:66:f3:db:9f:9d:3e:1d:cc:
                    ab:f1:8b:76:e8:ad:e2:60:1a:f8:7e:77:ab:44:f0:
                    8a:10:eb:89:a1:b2:dc:a9:9a:4b:22:6a:95:e8:3e:
                    49:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:CB:3B:94:77:C3:58:13:BB:7E:D4:BA:54:C6:C8:D5:25:AB:DF:D7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b5baa4ff-ac5d-476f-a428-fb66fb294867.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         93:6a:d0:1e:e7:5c:ec:84:ed:c3:62:ab:fa:06:c5:91:d8:dd:
         d8:7c:ad:0b:75:d5:bd:b6:74:fc:36:22:37:9e:e3:10:86:3c:
         52:b6:a9:a9:2f:ba:aa:27:50:3d:1a:06:1c:e6:43:08:d1:b9:
         a4:26:b5:52:0d:38:f0:18:b1:ef:50:de:41:90:d7:a2:cf:3e:
         73:ca:a8:f8:2f:af:71:40:35:18:36:21:b8:cf:9f:ba:9c:0b:
         a2:24:77:b9:be:5a:24:aa:2c:a2:f2:75:c3:85:e2:80:31:f2:
         41:76:7d:61:c6:06:76:1d:02:3c:be:52:4a:f7:2a:a8:aa:ea:
         0d:a9:9c:f0:99:e9:51:a0:1b:b7:f2:d0:da:06:5f:ea:cb:78:
         47:b1:af:b8:ad:b8:70:ed:09:b2:bd:b0:e8:14:39:c7:03:ca:
         fd:a3:35:c5:0c:22:b6:54:95:f2:80:90:fb:5a:63:99:7f:b4:
         bc:28:0e:bd:94:c9:32:e1:fb:f1:f1:32:3b:d8:50:3d:a3:bb:
         6f:06:c6:11:0f:6a:c6:05:13:1a:d4:69:72:dd:6d:37:a9:f0:
         25:fa:87:54:be:bc:4c:e4:79:45:3e:e1:b2:9c:38:89:81:80:
         78:0d:9a:48:10:dc:e3:02:23:e2:0f:84:c6:a2:3a:2e:1f:9b:
         f4:9e:27:6c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUd/LBPqfBQH86iO/AmsqjH2tqiA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxMDVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNhNTc2OTFmZWVkYWIwMzIxNzFlZGQ5NDQ3ZDU2Y2NmMjM2OTdkMWM2N2Iy
YmY5NjcwNjhhODQ5Nzk3YjE4NTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvDtHH/wsD3eGv+SdS0eP5TpNZ5lmWB7Ek1ODNzPDjdcldncqmiJda2Cy8A
oPc6sFzZ7t8Hgo/VWPLaflyYKHlVif1/gqnDM2Obp4sl7T5pE4V7qCqkXR61DWZe
bn8f96OBzQpV3uU5wWqvYMjHiDKCyzFy/u3jfE616267hAqHv6/vPbMOd+A4z9Yy
8EVmLt3gQVh2DQgabtspi0FlWignVwm6RROchlnv2g1rif73EsE6qLwzolo32NNs
hhe9Vy38h4G2xG0RaawM9aWf7rWyMDnjJKxX7Gbz25+dPh3Mq/GLduit4mAa+H53
q0TwihDriaGy3KmaSyJqleg+SYcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSIyzuU
d8NYE7t+1LpUxsjVJavf1zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjViYWE0ZmYtYWM1ZC00NzZmLWE0MjgtZmI2NmZiMjk0ODY3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HdA
MA0GCSqGSIb3DQEBCwUAA4IBAQCTatAe51zshO3DYqv6BsWR2N3YfK0LddW9tnT8
NiI3nuMQhjxStqmpL7qqJ1A9GgYc5kMI0bmkJrVSDTjwGLHvUN5BkNeizz5zyqj4
L69xQDUYNiG4z5+6nAuiJHe5vlokqiyi8nXDheKAMfJBdn1hxgZ2HQI8vlJK9yqo
quoNqZzwmelRoBu38tDaBl/qy3hHsa+4rbhw7QmyvbDoFDnHA8r9ozXFDCK2VJXy
gJD7WmOZf7S8KA69lMky4fvx8TI72FA9o7tvBsYRD2rGBRMa1Gly3W03qfAl+odU
vrxM5HlFPuGynDiJgYB4DZpIENzjAiPiD4TGojouH5v0nids
-----END CERTIFICATE-----