Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb352ba2-1c61-4993-802d-895dc73880c2.roa
File:                     cb352ba2-1c61-4993-802d-895dc73880c2.roa (raw, json)
Hash identifier:          VMX7qJeI3BVOKTgQL2p3fnnOySig2ziwaibW1mwTPOE=
Subject key identifier:   51:C1:C1:7B:30:4B:DB:0C:8F:DD:CB:A6:37:49:C8:D9:1B:05:3F:40
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       59F0141EBAD8B6428209B24C181FEC2E7EEC438D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb352ba2-1c61-4993-802d-895dc73880c2.roa
Signing time:             Wed 26 Mar 2025 19:23:37 +0000
ROA not before:           Wed 26 Mar 2025 19:23:37 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d036:800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:f0:14:1e:ba:d8:b6:42:82:09:b2:4c:18:1f:ec:2e:7e:ec:43:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:23:37 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:70:6f:27:62:06:ed:d4:bd:0c:73:4e:ea:fe:
                    61:e7:41:bb:e7:68:38:3f:7e:72:1d:9e:f3:2f:b6:
                    ff:c1:e2:be:a8:27:e7:2a:95:5e:82:d5:c2:0b:96:
                    e1:a1:c5:6c:54:ab:16:25:d6:48:6f:75:36:18:a6:
                    54:1f:05:f8:a9:02:ab:cf:8d:8b:84:37:7b:25:85:
                    39:43:c8:6a:a2:61:11:b7:ff:a0:93:f5:8a:a8:67:
                    a4:45:ce:ab:28:4c:44:b9:14:9e:bf:a3:ee:2a:87:
                    96:b5:d4:c4:d6:04:3a:a4:39:c2:68:8d:c5:39:e0:
                    41:87:a6:80:09:5c:72:25:1d:48:6d:8a:10:2d:40:
                    e3:33:d1:1f:42:5b:6a:49:fb:c1:20:da:76:f2:d1:
                    cf:cf:5d:f3:b1:ad:b6:0b:48:c4:b9:0d:f9:4d:c4:
                    94:9f:a7:5e:6f:a3:50:8e:92:e9:40:4c:6a:be:03:
                    af:0c:29:25:83:7c:b9:6f:da:29:74:27:ca:3e:76:
                    10:42:eb:45:9d:a0:7a:c9:ad:76:bb:2e:46:8e:71:
                    76:52:12:cd:ca:0f:68:17:9c:4c:43:cc:10:8d:ce:
                    f2:dd:99:ed:e9:bd:1c:5e:a7:c0:0e:8e:3d:01:bd:
                    90:19:d7:95:f1:aa:4f:52:47:a3:46:16:ef:04:83:
                    73:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:C1:C1:7B:30:4B:DB:0C:8F:DD:CB:A6:37:49:C8:D9:1B:05:3F:40
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb352ba2-1c61-4993-802d-895dc73880c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d036:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         53:a6:e1:f9:7d:8f:76:e4:f3:1f:fe:69:5d:5e:28:cc:62:dc:
         f4:a3:16:2b:59:e0:0a:a1:46:5b:13:c8:32:39:1b:9a:0b:5d:
         ed:56:8b:66:6f:49:7a:30:30:59:43:a7:42:41:b0:49:e9:2b:
         e5:80:91:04:2e:69:0a:b4:d0:e2:c9:7d:23:a6:91:a4:dd:bb:
         52:9e:16:dd:db:f7:fe:d6:35:98:83:0a:6f:78:51:f6:d8:0b:
         67:b3:13:b7:04:80:82:cd:7b:65:07:fa:91:d4:12:f5:57:c0:
         ce:10:87:1a:d4:7c:1f:92:03:e6:ff:15:7d:f0:52:ad:77:77:
         56:8d:cb:c7:c0:8b:f3:74:eb:ae:a5:da:1f:ed:ce:78:1d:f0:
         7a:05:41:93:9f:94:2c:9b:16:a0:b5:e8:a1:ea:a5:eb:36:b0:
         40:e2:0d:c4:44:46:ba:1d:e1:be:be:21:0d:28:e6:7c:1d:7d:
         b5:96:6f:08:82:6f:9f:65:97:13:0c:1c:44:c5:fc:ba:4a:de:
         cd:2a:06:68:9c:34:6f:53:5e:ba:af:7c:9f:6a:eb:dc:96:19:
         60:a0:6b:14:19:80:ac:f0:c5:80:c6:b0:43:1e:9e:31:22:b6:
         22:01:2b:b0:ce:1c:9c:3c:c2:09:16:34:5a:a7:64:8d:7f:d5:
         fc:63:ca:61
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWfAUHrrYtkKCCbJMGB/sLn7sQ40wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTIzMzdaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlNjM2NWVhOTAwZWU5YjQ0ZWRjYzM0ZmU5NTIyYmU0YmFmM2UxMmY1YzQ1
M2FkODlhZjNiZmY1YzdmMjNmNTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALlwbydiBu3UvQxzTur+YedBu+doOD9+ch2e8y+2/8Hivqgn5yqVXoLVwguW
4aHFbFSrFiXWSG91NhimVB8F+KkCq8+Ni4Q3eyWFOUPIaqJhEbf/oJP1iqhnpEXO
qyhMRLkUnr+j7iqHlrXUxNYEOqQ5wmiNxTngQYemgAlcciUdSG2KEC1A4zPRH0Jb
akn7wSDadvLRz89d87GttgtIxLkN+U3ElJ+nXm+jUI6S6UBMar4DrwwpJYN8uW/a
KXQnyj52EELrRZ2gesmtdrsuRo5xdlISzcoPaBecTEPMEI3O8t2Z7em9HF6nwA6O
PQG9kBnXlfGqT1JHo0YW7wSDc+ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRRwcF7
MEvbDI/dy6Y3ScjZGwU/QDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2IzNTJiYTItMWM2MS00OTkzLTgwMmQtODk1ZGM3Mzg4MGMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DYI
MA0GCSqGSIb3DQEBCwUAA4IBAQBTpuH5fY925PMf/mldXijMYtz0oxYrWeAKoUZb
E8gyORuaC13tVotmb0l6MDBZQ6dCQbBJ6SvlgJEELmkKtNDiyX0jppGk3btSnhbd
2/f+1jWYgwpveFH22AtnsxO3BICCzXtlB/qR1BL1V8DOEIca1HwfkgPm/xV98FKt
d3dWjcvHwIvzdOuupdof7c54HfB6BUGTn5Qsmxagteih6qXrNrBA4g3EREa6HeG+
viENKOZ8HX21lm8Igm+fZZcTDBxExfy6St7NKgZonDRvU166r3yfauvclhlgoGsU
GYCs8MWAxrBDHp4xIrYiASuwzhycPMIJFjRap2SNf9X8Y8ph
-----END CERTIFICATE-----