Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b61f858a-31b1-485a-8ced-0c328ce9c4e3.roa
File:                     b61f858a-31b1-485a-8ced-0c328ce9c4e3.roa (raw, json)
Hash identifier:          WPEWahMtScGcTRxwa3DFu8zNy9vujQGSRNYbNHWIZH4=
Subject key identifier:   90:2B:1A:D5:A9:B9:3C:8D:CF:47:54:F9:C9:B6:CA:59:C8:7D:98:E2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       56254B32247E8F0F6914B99F14638FBA678BA9A9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b61f858a-31b1-485a-8ced-0c328ce9c4e3.roa
Signing time:             Mon 31 Mar 2025 20:00:47 +0000
ROA not before:           Mon 31 Mar 2025 20:00:47 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:4000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:25:4b:32:24:7e:8f:0f:69:14:b9:9f:14:63:8f:ba:67:8b:a9:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:00:47 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ae:00:6d:e7:43:61:66:40:e9:fb:12:b7:b1:
                    45:56:8e:d7:ce:da:8f:ce:7c:2d:ab:fb:df:5a:7d:
                    9c:ae:29:d9:76:e7:65:de:78:9c:46:6d:9e:1b:cd:
                    1e:50:2b:73:5c:dc:99:f0:e8:96:fd:75:d2:9d:fd:
                    74:af:ba:fd:2f:88:dd:f8:1f:ef:97:d5:04:52:12:
                    42:a3:e9:b9:ca:f2:5e:1c:dc:11:c1:b6:b8:11:c7:
                    89:c4:a0:df:0d:c2:94:88:ae:c2:c1:2c:48:8a:4e:
                    4c:79:d0:5d:f8:bb:b1:c4:6b:42:1a:89:f9:af:fa:
                    3a:3c:cc:70:0e:b7:1b:e8:e2:56:09:ff:bb:89:6d:
                    47:6d:d1:a8:af:48:12:56:a7:e0:31:8f:6a:64:e3:
                    25:ec:37:c7:b8:c4:a5:87:cd:35:d9:13:72:6c:3c:
                    cf:14:c2:ef:a4:7e:cc:2f:30:af:22:5c:61:24:2b:
                    04:79:e5:87:bb:e3:0e:26:c5:a0:33:8e:7c:1e:29:
                    bd:fd:2b:25:3d:c4:67:e4:41:89:fe:43:b1:6d:6e:
                    17:3e:65:3d:81:b1:38:40:4c:65:f8:70:24:b6:8a:
                    63:38:23:f5:2f:7d:b9:f0:95:7c:e2:3f:ff:90:98:
                    52:d6:33:a7:b5:c5:9d:7f:28:b5:79:bd:93:1b:c1:
                    26:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:2B:1A:D5:A9:B9:3C:8D:CF:47:54:F9:C9:B6:CA:59:C8:7D:98:E2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b61f858a-31b1-485a-8ced-0c328ce9c4e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         34:38:ad:96:3d:82:54:26:02:5d:63:b2:da:1c:42:49:9f:11:
         30:a3:90:67:b8:3f:ff:12:74:74:bd:c0:8f:56:cc:f2:86:d7:
         a1:d0:9f:c5:9d:61:21:3a:bf:83:95:cb:19:e0:ba:f0:be:cc:
         81:86:93:f6:66:36:3a:31:4c:dc:95:17:67:f5:d3:c1:a4:2b:
         19:40:21:b4:50:01:9b:e8:76:9a:30:ff:61:0a:7f:e1:d3:f4:
         18:3e:48:75:c6:68:2f:38:bd:07:2d:65:7f:6a:a5:4d:6f:6a:
         64:16:7c:7b:68:b7:b5:91:e8:a0:1e:ba:4d:11:95:8d:e3:15:
         fb:e1:f5:a2:ff:88:ee:4d:b8:dd:76:73:b5:b6:10:05:20:63:
         ec:45:ec:8e:6d:af:e8:e4:d0:d9:28:cc:39:56:6b:db:e4:c4:
         00:43:83:a2:36:9a:c0:b2:3a:4c:9b:05:58:47:d8:95:29:3b:
         b6:63:5f:b9:b2:12:9c:20:b9:cf:75:6b:6a:57:46:5a:9b:e6:
         f0:1d:c3:14:e6:f5:b3:cd:4a:d4:4f:dd:16:e2:b9:7f:b7:a5:
         b2:f0:9d:4c:01:c6:bb:39:cd:1f:9c:3e:f3:4b:66:7c:de:1e:
         69:0a:8c:ac:bf:2a:0a:b8:13:6a:f5:ee:cc:fa:35:63:37:36:
         a7:6c:fb:87
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUViVLMiR+jw9pFLmfFGOPumeLqakwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDAwNDdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDMyNmEyNmZiZDZhYzAzMzA5MzY4MGU2YTJkM2ZhZDEzNjJhMjcwMzg5Mzgx
MjI0OGJkMDhlNTZmOGZjODkwODAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMKuAG3nQ2FmQOn7ErexRVaO187aj858Lav731p9nK4p2XbnZd54nEZtnhvN
HlArc1zcmfDolv110p39dK+6/S+I3fgf75fVBFISQqPpucryXhzcEcG2uBHHicSg
3w3ClIiuwsEsSIpOTHnQXfi7scRrQhqJ+a/6OjzMcA63G+jiVgn/u4ltR23RqK9I
Elan4DGPamTjJew3x7jEpYfNNdkTcmw8zxTC76R+zC8wryJcYSQrBHnlh7vjDibF
oDOOfB4pvf0rJT3EZ+RBif5DsW1uFz5lPYGxOEBMZfhwJLaKYzgj9S99ufCVfOI/
/5CYUtYzp7XFnX8otXm9kxvBJusCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSQKxrV
qbk8jc9HVPnJtspZyH2Y4jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjYxZjg1OGEtMzFiMS00ODVhLThjZWQtMGMzMjhjZTljNGUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H9A
MA0GCSqGSIb3DQEBCwUAA4IBAQA0OK2WPYJUJgJdY7LaHEJJnxEwo5BnuD//EnR0
vcCPVszyhteh0J/FnWEhOr+DlcsZ4LrwvsyBhpP2ZjY6MUzclRdn9dPBpCsZQCG0
UAGb6HaaMP9hCn/h0/QYPkh1xmgvOL0HLWV/aqVNb2pkFnx7aLe1keigHrpNEZWN
4xX74fWi/4juTbjddnO1thAFIGPsReyOba/o5NDZKMw5Vmvb5MQAQ4OiNprAsjpM
mwVYR9iVKTu2Y1+5shKcILnPdWtqV0Zam+bwHcMU5vWzzUrUT90W4rl/t6Wy8J1M
Aca7Oc0fnD7zS2Z83h5pCoysvyoKuBNq9e7M+jVjNzanbPuH
-----END CERTIFICATE-----