Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cacad3d9-bfa1-49a8-a9b3-cbac7be9fdb2.roa
File:                     cacad3d9-bfa1-49a8-a9b3-cbac7be9fdb2.roa (raw, json)
Hash identifier:          EP64stqzOvo2Yjb9EBhelM9jE9KBYwLD1gzC8Bja6d4=
Subject key identifier:   05:F6:09:99:48:50:6D:24:F6:31:51:89:F7:60:43:E0:09:79:07:13
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1FCAE7CB82E255A570F8229E283A131DE964D262
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cacad3d9-bfa1-49a8-a9b3-cbac7be9fdb2.roa
Signing time:             Mon 31 Mar 2025 20:01:30 +0000
ROA not before:           Mon 31 Mar 2025 20:01:30 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:9000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:ca:e7:cb:82:e2:55:a5:70:f8:22:9e:28:3a:13:1d:e9:64:d2:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:01:30 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:81:c3:f8:73:50:ce:d2:67:b8:b0:67:56:84:
                    d9:4b:77:5c:0f:43:72:ce:3a:b5:69:4d:f7:c9:99:
                    7d:d2:ac:f5:cd:3c:0c:18:e4:44:30:a6:a5:89:ee:
                    4f:c1:dc:3c:08:05:7d:de:67:8f:0c:c8:11:1d:6c:
                    fb:13:a0:2a:4a:1e:63:7d:c6:06:a9:24:cb:cd:93:
                    40:86:76:c0:59:85:f8:ca:3f:bd:b8:37:00:74:39:
                    a4:fc:d7:c6:e5:2e:20:15:07:a6:15:35:49:cd:73:
                    bf:e5:18:7c:98:53:47:f8:7f:13:94:f5:f7:67:49:
                    a8:08:d7:36:52:e4:6d:39:91:30:5f:9b:b9:c0:fb:
                    bd:cb:2d:42:9f:93:b9:a7:fb:5f:70:a4:ad:5a:14:
                    82:c8:d7:ea:54:f0:42:5a:3f:dc:ff:e0:a8:ad:9e:
                    05:c6:fa:8e:cb:27:1f:a2:74:fc:d8:e4:0f:c4:50:
                    2d:2f:ce:3b:e3:b1:27:c6:c6:4a:41:aa:04:5b:1a:
                    ba:4d:d9:0d:c2:81:1f:e6:1a:ac:ca:77:6a:9d:71:
                    01:8b:15:96:87:22:d8:22:23:e8:0d:2c:bf:3d:ee:
                    ad:f5:39:d0:a5:77:c0:fc:1a:ba:55:ab:66:9d:da:
                    8e:17:ff:d7:72:14:cc:2e:46:cb:04:41:ce:36:ba:
                    5b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:F6:09:99:48:50:6D:24:F6:31:51:89:F7:60:43:E0:09:79:07:13
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cacad3d9-bfa1-49a8-a9b3-cbac7be9fdb2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b7:8b:d3:8f:26:e9:52:02:38:21:9f:c1:8e:ad:ad:34:5c:9c:
         a7:d8:c0:d1:11:e4:1e:3a:72:7c:53:39:06:db:c1:5b:10:0f:
         9d:f0:84:19:89:a3:60:27:6c:48:fe:dd:b0:5c:55:1e:33:af:
         db:2c:85:1b:a5:9b:16:12:92:74:99:b2:8e:ea:66:a6:e8:8a:
         1d:83:6a:78:37:0b:ab:b1:04:8a:79:2f:20:e4:5d:5b:99:1b:
         aa:fb:a6:73:ae:32:8f:33:7a:8b:ab:ef:92:b7:36:a7:8f:dc:
         db:c6:b5:54:d2:ae:2b:13:65:af:bf:72:9d:9a:c1:61:58:f7:
         f6:9f:fc:b4:b2:25:24:83:c7:13:08:b0:ca:f3:27:b5:35:ce:
         c4:21:69:32:9a:74:fd:9b:80:a6:20:14:d6:fb:05:bd:c7:23:
         f5:4a:41:7f:e0:b3:e6:a9:33:4f:21:3e:8b:bc:06:94:f2:09:
         e1:67:7f:9a:4c:59:4c:5f:10:97:18:be:f0:c5:43:c6:11:87:
         83:76:b1:93:6a:71:23:a0:d9:60:9f:72:f1:89:4e:85:d9:4b:
         87:51:66:63:45:0e:6a:b3:d7:72:2a:df:77:f0:02:d2:ea:39:
         8b:d4:fb:bf:14:92:d3:2c:6a:7c:8d:5e:26:51:25:55:3a:07:
         d3:a3:1a:63
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUH8rny4LiVaVw+CKeKDoTHelk0mIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDAxMzBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ0MmJmOTE2YTk5NTQxNTZiN2M4NjAzNWI4NTllN2E4M2RkOTc2YzJmNzhl
ODI2YjhkZTQzNzFlYmVjNWM2YjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKeBw/hzUM7SZ7iwZ1aE2Ut3XA9Dcs46tWlN98mZfdKs9c08DBjkRDCmpYnu
T8HcPAgFfd5njwzIER1s+xOgKkoeY33GBqkky82TQIZ2wFmF+Mo/vbg3AHQ5pPzX
xuUuIBUHphU1Sc1zv+UYfJhTR/h/E5T192dJqAjXNlLkbTmRMF+bucD7vcstQp+T
uaf7X3CkrVoUgsjX6lTwQlo/3P/gqK2eBcb6jssnH6J0/NjkD8RQLS/OO+OxJ8bG
SkGqBFsauk3ZDcKBH+YarMp3ap1xAYsVloci2CIj6A0svz3urfU50KV3wPwaulWr
Zp3ajhf/13IUzC5GywRBzja6Wy8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQF9gmZ
SFBtJPYxUYn3YEPgCXkHEzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2FjYWQzZDktYmZhMS00OWE4LWE5YjMtY2JhYzdiZTlmZGIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC3i9OPJulSAjghn8GOra00XJyn2MDREeQeOnJ8
UzkG28FbEA+d8IQZiaNgJ2xI/t2wXFUeM6/bLIUbpZsWEpJ0mbKO6mam6Iodg2p4
NwursQSKeS8g5F1bmRuq+6ZzrjKPM3qLq++Stzanj9zbxrVU0q4rE2Wvv3KdmsFh
WPf2n/y0siUkg8cTCLDK8ye1Nc7EIWkymnT9m4CmIBTW+wW9xyP1SkF/4LPmqTNP
IT6LvAaU8gnhZ3+aTFlMXxCXGL7wxUPGEYeDdrGTanEjoNlgn3LxiU6F2UuHUWZj
RQ5qs9dyKt938ALS6jmL1Pu/FJLTLGp8jV4mUSVVOgfToxpj
-----END CERTIFICATE-----