Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c850bbe8-9ff4-4e13-ae90-de5774a81d86.roa
File:                     c850bbe8-9ff4-4e13-ae90-de5774a81d86.roa (raw, json)
Hash identifier:          E41Mm5I63QTRQGKx8eHUoTBKw1TqYwyompUqNrpshIA=
Subject key identifier:   49:69:BF:97:EE:84:3A:A6:59:82:6D:9F:A3:17:72:E1:6C:09:F2:9A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       07DC3CD590046F96EB6851151971D8CF82569E6D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c850bbe8-9ff4-4e13-ae90-de5774a81d86.roa
Signing time:             Mon 31 Mar 2025 20:11:09 +0000
ROA not before:           Mon 31 Mar 2025 20:11:09 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:c000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:dc:3c:d5:90:04:6f:96:eb:68:51:15:19:71:d8:cf:82:56:9e:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:11:09 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7b:4b:72:d1:de:79:ac:5e:30:e6:c1:03:2b:
                    e0:4a:17:fb:eb:c0:2c:71:e0:f5:d4:93:7f:c6:6c:
                    e7:6f:a8:f2:2c:29:4f:b4:b7:b1:eb:af:d2:a9:36:
                    fe:1a:03:8f:54:bc:b0:ff:f0:92:d6:38:41:4e:af:
                    5f:b0:5b:55:b5:33:4c:1d:ac:6f:3b:6f:a4:db:bb:
                    05:2b:3b:36:0b:72:f6:08:29:af:c7:41:43:c1:0b:
                    38:65:c4:08:5b:11:86:76:69:e9:dc:5d:c6:4c:8f:
                    23:95:59:ca:29:64:bd:13:64:77:91:80:00:66:92:
                    73:d5:4a:14:c9:96:1c:4b:7a:78:f7:05:a5:6f:48:
                    bb:37:ee:a3:95:da:ef:0f:aa:a2:bb:02:d3:19:f4:
                    31:e6:4e:6a:dd:e4:85:b6:bc:d5:91:c7:e1:a3:61:
                    6a:b3:28:92:d9:cb:46:a0:c7:a6:f0:10:9f:99:51:
                    f8:5a:d1:39:7c:b6:b7:95:5a:80:13:3f:bf:8d:60:
                    94:7d:5b:5b:06:a6:ce:be:ee:b6:77:02:5e:52:77:
                    90:3d:db:bd:ca:e7:81:c2:36:f3:be:1d:28:90:c4:
                    cf:b7:8c:51:9b:78:91:ed:dd:34:38:d1:d8:de:2b:
                    72:01:09:0c:f2:69:06:93:2a:d5:5d:1d:96:64:44:
                    f0:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:69:BF:97:EE:84:3A:A6:59:82:6D:9F:A3:17:72:E1:6C:09:F2:9A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c850bbe8-9ff4-4e13-ae90-de5774a81d86.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         98:3f:cf:cb:3e:86:e1:f2:99:8a:a1:a8:0e:da:cc:e1:fe:c4:
         1d:a1:f4:2f:2d:d3:dc:db:87:e6:02:d2:0d:b2:3f:d9:f4:07:
         78:37:36:db:9e:5d:06:97:9a:d2:60:c2:ab:4c:e3:b6:b1:6d:
         a4:a3:6a:db:47:19:f3:6e:d6:d9:d7:a1:63:70:45:3e:59:7c:
         06:33:86:7b:14:62:26:7c:d3:15:9a:1a:cb:27:ab:a2:ee:c2:
         89:57:35:64:1a:57:89:53:35:d2:94:c2:b1:5c:98:5b:89:ee:
         7b:8d:eb:f8:69:10:40:e1:58:53:02:9a:2b:d5:e0:e5:cd:44:
         47:eb:c0:58:ea:6f:46:0e:86:06:53:71:5c:c5:e2:57:a8:13:
         a5:8e:57:48:cb:81:82:f9:37:a5:12:5f:21:82:75:81:87:ce:
         4b:bf:18:1a:c0:ec:a2:27:ea:3e:67:16:93:62:66:49:2d:d9:
         9e:c2:27:59:7c:a1:9f:f8:72:4f:cb:e3:dc:42:16:fa:1c:d4:
         51:f5:a5:5f:60:4b:9b:01:44:30:c3:0f:b1:11:b6:56:e4:29:
         51:e8:5a:ef:3c:98:97:d5:90:f5:e4:ea:05:6f:14:45:a0:12:
         e5:9b:49:e4:79:de:29:84:9a:be:ec:4c:35:8f:97:a3:1d:18:
         a6:69:9b:07
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUB9w81ZAEb5braFEVGXHYz4JWnm0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDExMDlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0OWVmMjg0Y2E0NDE0NmFlMjZjNGE0OGU0MDI3YmQ5N2M4YmZmNGI0MzRh
NmRiYzM3ODliYjIyNjJlYWM0MWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALp7S3LR3nmsXjDmwQMr4EoX++vALHHg9dSTf8Zs52+o8iwpT7S3seuv0qk2
/hoDj1S8sP/wktY4QU6vX7BbVbUzTB2sbztvpNu7BSs7Ngty9ggpr8dBQ8ELOGXE
CFsRhnZp6dxdxkyPI5VZyilkvRNkd5GAAGaSc9VKFMmWHEt6ePcFpW9Iuzfuo5Xa
7w+qorsC0xn0MeZOat3khba81ZHH4aNharMoktnLRqDHpvAQn5lR+FrROXy2t5Va
gBM/v41glH1bWwamzr7utncCXlJ3kD3bvcrngcI2874dKJDEz7eMUZt4ke3dNDjR
2N4rcgEJDPJpBpMq1V0dlmRE8AcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRJab+X
7oQ6plmCbZ+jF3LhbAnymjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzg1MGJiZTgtOWZmNC00ZTEzLWFlOTAtZGU1Nzc0YTgxZDg2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DXA
MA0GCSqGSIb3DQEBCwUAA4IBAQCYP8/LPobh8pmKoagO2szh/sQdofQvLdPc24fm
AtINsj/Z9Ad4Nzbbnl0Gl5rSYMKrTOO2sW2ko2rbRxnzbtbZ16FjcEU+WXwGM4Z7
FGImfNMVmhrLJ6ui7sKJVzVkGleJUzXSlMKxXJhbie57jev4aRBA4VhTApor1eDl
zURH68BY6m9GDoYGU3FcxeJXqBOljldIy4GC+TelEl8hgnWBh85LvxgawOyiJ+o+
ZxaTYmZJLdmewidZfKGf+HJPy+PcQhb6HNRR9aVfYEubAUQwww+xEbZW5ClR6Frv
PJiX1ZD15OoFbxRFoBLlm0nked4phJq+7Ew1j5ejHRimaZsH
-----END CERTIFICATE-----