Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c61cb2a2-1406-49c9-9fec-a48e76950ffa.roa
File:                     c61cb2a2-1406-49c9-9fec-a48e76950ffa.roa (raw, json)
Hash identifier:          J32KsttrOCTkoJwxGrfcIaOniHZIxxc2ouFZpgTQy1E=
Subject key identifier:   30:6E:62:FF:2E:90:61:DC:70:F8:4A:4D:B9:5F:3C:A7:3E:C3:D0:AE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3B5114CA0D0BF0DE3E4DA1A5B97D49FEA28472EC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c61cb2a2-1406-49c9-9fec-a48e76950ffa.roa
Signing time:             Mon 31 Mar 2025 19:40:19 +0000
ROA not before:           Mon 31 Mar 2025 19:40:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d074:5000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:51:14:ca:0d:0b:f0:de:3e:4d:a1:a5:b9:7d:49:fe:a2:84:72:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:40:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2e:5b:92:95:4d:1b:12:cc:6a:0d:e2:06:99:
                    09:07:04:94:74:07:62:00:52:91:46:60:e2:5a:4f:
                    2c:e5:83:12:a6:19:ef:a2:24:08:1e:0b:94:7e:fa:
                    5a:f4:f4:7a:66:15:c6:36:6d:9a:dd:e6:0c:3e:08:
                    33:8a:9e:2e:59:cc:9a:56:d2:37:0f:e6:2c:d3:cf:
                    21:c8:48:d4:a0:36:55:f9:70:34:ff:b3:e9:ec:8d:
                    59:a8:45:c3:0a:16:8b:ba:90:28:2a:5a:b8:e0:d2:
                    58:71:98:c4:37:01:87:23:db:31:4b:c7:09:95:f5:
                    2e:a6:72:b9:88:d9:d1:9a:e8:d8:a5:10:35:7f:18:
                    33:2e:3c:bd:77:d5:39:e1:5e:d8:47:01:c2:81:56:
                    7b:52:3b:92:db:00:74:69:74:e6:7e:3a:47:9d:64:
                    8d:a5:97:1f:07:14:2a:cc:cf:98:30:0d:0d:3e:e8:
                    4c:9f:7e:df:5e:e7:e8:42:f5:78:92:71:d8:06:39:
                    ad:28:04:d2:00:01:92:5c:38:5f:9b:5b:2b:46:74:
                    96:54:d4:16:5e:4b:0c:1a:ab:27:2a:19:dd:a1:7b:
                    cb:3c:9e:8e:b8:55:b3:1d:ee:ea:e8:17:26:37:18:
                    9a:c0:3a:68:f4:58:36:70:16:a8:0e:4b:69:ae:a7:
                    cf:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:6E:62:FF:2E:90:61:DC:70:F8:4A:4D:B9:5F:3C:A7:3E:C3:D0:AE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c61cb2a2-1406-49c9-9fec-a48e76950ffa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4f:76:fe:39:a6:7d:bb:ba:74:62:b8:54:0f:88:24:72:c2:5e:
         ab:c3:a8:3a:9c:f1:32:4c:e9:7f:58:21:af:c4:c6:27:4c:ef:
         15:04:2c:d1:fb:7f:e9:ed:d9:45:8f:0f:a0:af:2e:75:75:66:
         7f:27:b6:de:1b:c8:23:80:f8:3a:b5:ff:31:1f:23:3a:60:41:
         99:14:c0:84:55:88:ac:ac:fa:12:22:81:09:48:5b:4c:b8:17:
         95:bc:40:d2:2c:b9:9c:b8:78:5d:e2:39:b5:fe:d2:20:63:08:
         30:7e:b9:6a:6d:b0:6d:b3:fb:dd:ff:77:f4:42:f4:85:e6:a5:
         9b:7b:36:e1:aa:aa:46:f3:cf:be:6b:98:f5:1e:83:8a:9f:46:
         65:a7:e9:60:36:eb:7c:71:47:33:45:ab:0b:17:23:2f:b9:a4:
         1f:bc:32:4e:62:6a:83:b3:d6:61:df:02:b9:9e:0b:5b:b2:72:
         59:b1:63:b5:94:2d:eb:7a:6e:1c:f4:a7:84:9c:c8:88:84:b2:
         29:22:3d:40:56:5a:d3:c4:dd:4b:37:76:06:0d:36:17:81:ea:
         e6:9b:ad:9e:b9:47:63:6c:62:82:7a:8e:f7:e2:4b:53:c8:2d:
         53:41:b1:dd:80:a8:4f:bc:14:87:e6:9d:43:68:c4:81:25:35:
         e2:3f:5c:40
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUO1EUyg0L8N4+TaGluX1J/qKEcuwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTQwMTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE2MWQ4MGU2Njk1NjYxNDBkM2NlNWYyNjMxYTc4NTQ4YjFkMDE5Yjk3NWU1
NzhlMzY4ZGIwOWRjNzMyOTMwNWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMIuW5KVTRsSzGoN4gaZCQcElHQHYgBSkUZg4lpPLOWDEqYZ76IkCB4LlH76
WvT0emYVxjZtmt3mDD4IM4qeLlnMmlbSNw/mLNPPIchI1KA2VflwNP+z6eyNWahF
wwoWi7qQKCpauODSWHGYxDcBhyPbMUvHCZX1LqZyuYjZ0Zro2KUQNX8YMy48vXfV
OeFe2EcBwoFWe1I7ktsAdGl05n46R51kjaWXHwcUKszPmDANDT7oTJ9+317n6EL1
eJJx2AY5rSgE0gABklw4X5tbK0Z0llTUFl5LDBqrJyoZ3aF7yzyejrhVsx3u6ugX
JjcYmsA6aPRYNnAWqA5Laa6nzysCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQwbmL/
LpBh3HD4Sk25XzynPsPQrjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzYxY2IyYTItMTQwNi00OWM5LTlmZWMtYTQ4ZTc2OTUwZmZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBPdv45pn27unRiuFQPiCRywl6rw6g6nPEyTOl/
WCGvxMYnTO8VBCzR+3/p7dlFjw+gry51dWZ/J7beG8gjgPg6tf8xHyM6YEGZFMCE
VYisrPoSIoEJSFtMuBeVvEDSLLmcuHhd4jm1/tIgYwgwfrlqbbBts/vd/3f0QvSF
5qWbezbhqqpG88++a5j1HoOKn0Zlp+lgNut8cUczRasLFyMvuaQfvDJOYmqDs9Zh
3wK5ngtbsnJZsWO1lC3rem4c9KeEnMiIhLIpIj1AVlrTxN1LN3YGDTYXgermm62e
uUdjbGKCeo734ktTyC1TQbHdgKhPvBSH5p1DaMSBJTXiP1xA
-----END CERTIFICATE-----