Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b76683fb-d41f-4bfd-ba78-b4b2492acd1e.roa
File:                     b76683fb-d41f-4bfd-ba78-b4b2492acd1e.roa (raw, json)
Hash identifier:          CnDuplfhTO83Nhj77tUA/+IPmERKWWHrV7ximduc4g4=
Subject key identifier:   16:F6:05:C9:C9:F1:A5:B9:0E:08:E9:D6:F9:83:C2:C3:55:9E:39:D2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       64CC5032D2354DF295E21F027AECE024EC58B5C6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b76683fb-d41f-4bfd-ba78-b4b2492acd1e.roa
Signing time:             Mon 31 Mar 2025 21:01:32 +0000
ROA not before:           Mon 31 Mar 2025 21:01:32 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01e:800::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:cc:50:32:d2:35:4d:f2:95:e2:1f:02:7a:ec:e0:24:ec:58:b5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:01:32 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8c:74:70:25:f2:aa:91:a7:cd:ca:58:a5:69:
                    dc:02:1a:c1:ea:07:80:d6:6b:2d:36:f7:5b:a4:a7:
                    11:1e:ed:27:68:5f:82:8f:40:03:44:89:4d:15:76:
                    fe:e6:50:d8:bb:31:1a:55:94:5d:e6:31:1d:83:82:
                    06:7b:c8:fa:6f:78:4f:bf:54:47:4f:25:7c:f3:52:
                    4e:24:66:00:ca:76:ce:5c:fe:4e:3e:bb:33:4f:4a:
                    8b:2d:15:b4:e9:ac:31:bb:6a:46:b0:47:38:0d:4a:
                    56:34:62:cd:06:40:82:73:4b:23:b1:19:b8:21:36:
                    13:4e:2a:e9:bb:29:85:16:c4:83:c1:99:83:fa:33:
                    df:e4:fa:80:b6:09:2c:54:a1:9b:52:63:1b:7d:2c:
                    3b:65:a1:ea:e8:62:a6:58:1d:d9:13:e7:bc:ae:7c:
                    d8:eb:8e:db:54:59:97:6a:4c:61:da:a7:28:f7:ec:
                    dc:43:49:d2:52:4a:4d:38:59:48:e0:6d:46:64:7a:
                    99:9a:c3:41:a8:ac:3e:ef:94:34:52:6a:e6:33:37:
                    c3:34:25:7c:38:39:dd:28:2e:86:ab:e3:81:83:9a:
                    30:0b:f6:9a:e2:64:1e:96:13:86:99:5c:47:e0:be:
                    f2:03:2d:bb:6d:fe:c8:d8:18:9d:18:49:5f:7c:24:
                    a5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F6:05:C9:C9:F1:A5:B9:0E:08:E9:D6:F9:83:C2:C3:55:9E:39:D2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b76683fb-d41f-4bfd-ba78-b4b2492acd1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01e:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         15:f8:2b:4a:5c:16:64:9b:de:8d:04:da:72:c8:a4:c0:89:b4:
         4f:a9:95:3a:9a:8b:1e:df:0d:09:2b:a7:32:de:0f:df:5b:92:
         36:24:35:c7:23:46:4e:8a:30:0b:f1:f2:11:8d:9c:68:ff:fd:
         13:4d:b8:2f:a7:e4:e3:34:7e:d4:6c:6b:ea:c5:54:1f:8b:09:
         25:e4:ca:c8:6a:ec:bf:97:0f:a8:00:d0:0f:0c:a0:21:3c:35:
         4d:d2:27:3f:d0:f0:5f:c4:87:50:18:77:fa:6c:af:0a:bd:77:
         70:e6:8b:4f:c9:60:5d:57:6f:97:94:9e:e8:df:ad:45:08:8a:
         6f:b0:b2:08:ee:92:1a:7c:d9:50:0f:c5:5c:38:35:4a:69:72:
         40:3c:45:39:da:83:52:54:65:49:64:1d:9a:20:5b:8c:9f:c7:
         d4:ce:70:0c:69:79:d6:57:e7:6b:b3:95:33:84:9d:19:9b:6d:
         59:07:c8:2f:46:35:80:9e:32:47:08:39:cf:76:9a:25:f0:23:
         1f:b3:ab:39:c0:f1:a5:dc:59:92:47:1a:09:8b:99:39:e2:6f:
         8f:6b:f4:a0:c5:bf:02:83:46:ac:33:47:fc:ed:9e:65:48:4f:
         f7:f5:d7:d7:26:fb:07:eb:7b:de:f4:c2:85:b7:53:23:d4:05:
         63:9c:2a:25
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZMxQMtI1TfKV4h8CeuzgJOxYtcYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAxMzJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhYzJmN2RlMDBkZDVkNWYwNGVmOTNhMTE2OWRlNzg4YzA0OTJhZDc4NGFj
ZjViZTJhMjUwZDRiYWMwMzIyYWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALyMdHAl8qqRp83KWKVp3AIaweoHgNZrLTb3W6SnER7tJ2hfgo9AA0SJTRV2
/uZQ2LsxGlWUXeYxHYOCBnvI+m94T79UR08lfPNSTiRmAMp2zlz+Tj67M09Kiy0V
tOmsMbtqRrBHOA1KVjRizQZAgnNLI7EZuCE2E04q6bsphRbEg8GZg/oz3+T6gLYJ
LFShm1JjG30sO2Wh6uhiplgd2RPnvK582OuO21RZl2pMYdqnKPfs3ENJ0lJKTThZ
SOBtRmR6mZrDQaisPu+UNFJq5jM3wzQlfDg53SguhqvjgYOaMAv2muJkHpYThplc
R+C+8gMtu23+yNgYnRhJX3wkpUkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQW9gXJ
yfGluQ4I6db5g8LDVZ450jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yjc2NjgzZmItZDQxZi00YmZkLWJhNzgtYjRiMjQ5MmFjZDFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0B4I
MA0GCSqGSIb3DQEBCwUAA4IBAQAV+CtKXBZkm96NBNpyyKTAibRPqZU6mose3w0J
K6cy3g/fW5I2JDXHI0ZOijAL8fIRjZxo//0TTbgvp+TjNH7UbGvqxVQfiwkl5MrI
auy/lw+oANAPDKAhPDVN0ic/0PBfxIdQGHf6bK8KvXdw5otPyWBdV2+XlJ7o361F
CIpvsLII7pIafNlQD8VcODVKaXJAPEU52oNSVGVJZB2aIFuMn8fUznAMaXnWV+dr
s5UzhJ0Zm21ZB8gvRjWAnjJHCDnPdpol8CMfs6s5wPGl3FmSRxoJi5k54m+Pa/Sg
xb8Cg0asM0f87Z5lSE/39dfXJvsH63ve9MKFt1Mj1AVjnCol
-----END CERTIFICATE-----