Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cda3712d-34a6-428d-a694-19bab377c44e.roa
File:                     cda3712d-34a6-428d-a694-19bab377c44e.roa (raw, json)
Hash identifier:          iJ7J8agQG8LGvgAd4aa+epDjjNOCpE0ox99Gv6LGFBA=
Subject key identifier:   60:E6:E3:EA:B5:DC:8A:AB:12:12:9A:5D:30:4B:D4:99:AD:C4:36:69
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       607C324DB987FDD6CD726D4DB90856BC4146FED1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cda3712d-34a6-428d-a694-19bab377c44e.roa
Signing time:             Mon 31 Mar 2025 21:11:17 +0000
ROA not before:           Mon 31 Mar 2025 21:11:17 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01e::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:7c:32:4d:b9:87:fd:d6:cd:72:6d:4d:b9:08:56:bc:41:46:fe:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:11:17 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:bc:cf:3c:17:a3:e2:6d:85:66:01:14:e0:56:
                    f6:e5:4b:d4:30:52:98:52:fd:a0:28:ac:63:f6:72:
                    15:9a:97:d2:1e:30:7e:ed:03:c6:cc:f0:7f:5a:a1:
                    e4:ef:3e:c4:be:d8:8b:1a:aa:d6:62:cc:b8:7c:27:
                    20:f9:ee:bd:d0:85:a8:78:4f:c8:d4:96:bc:a1:be:
                    8f:a8:69:00:0c:2b:00:a1:78:84:e2:bf:a2:f7:30:
                    f1:51:dc:b2:0c:97:45:f7:04:91:c2:e3:5b:c0:46:
                    06:cb:17:db:ea:98:40:bb:8d:0e:31:1c:86:f7:c4:
                    a4:1a:5d:8c:3b:ef:dd:86:d9:f2:e5:22:d1:0a:1c:
                    0a:7c:90:af:19:c5:22:1d:de:79:d2:b9:3b:5a:37:
                    d7:b8:ad:b4:46:c2:87:99:61:ac:92:bd:2a:7c:35:
                    a9:e5:ed:ae:c9:ab:b7:d6:f3:87:a1:64:78:70:56:
                    06:9a:90:32:18:cc:5f:4e:4f:75:f2:11:49:5c:24:
                    d3:b0:95:9b:a5:12:23:4d:5a:17:81:a7:3f:60:5b:
                    be:b0:96:f2:31:f8:45:2f:1c:df:6c:34:96:93:9b:
                    41:d9:57:61:cd:cb:04:ae:07:3e:e9:96:23:78:fc:
                    c7:69:34:d8:60:77:0d:77:40:e5:01:0e:e1:0f:46:
                    b6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:E6:E3:EA:B5:DC:8A:AB:12:12:9A:5D:30:4B:D4:99:AD:C4:36:69
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cda3712d-34a6-428d-a694-19bab377c44e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01e::/38

    Signature Algorithm: sha256WithRSAEncryption
         b8:e8:c3:8d:69:63:9f:f4:b3:4e:80:d4:01:aa:c9:6b:bc:02:
         e2:4d:c6:b9:c7:4e:d5:1c:a9:af:75:78:00:c6:d3:51:2e:65:
         86:97:30:84:81:d1:18:f1:01:96:37:90:f6:87:13:3c:96:f9:
         3a:12:de:68:ab:dc:d4:43:a8:14:0a:81:63:b8:b0:ba:d5:8f:
         6b:ae:7d:2c:c3:70:46:ba:c5:80:d1:82:89:e9:08:1b:82:f9:
         b9:93:a5:15:fe:96:a0:7e:7e:0d:6f:b1:8f:c0:d2:af:a1:95:
         01:fc:b7:04:a2:9b:58:c8:49:fb:c2:9d:42:44:79:af:81:10:
         50:0e:91:ba:b6:2c:cd:eb:99:95:fe:6d:3d:18:cb:fa:1d:99:
         c4:0c:d7:76:d3:b5:5b:91:86:9e:b3:7d:ec:44:36:79:6a:ae:
         e0:98:bf:f9:55:8a:4b:36:da:60:c5:fc:a1:90:e5:c8:4a:6b:
         45:0f:ee:d1:19:01:91:ef:ae:4c:2f:8c:0e:6d:ad:d9:b9:7b:
         bd:3e:4f:b7:2a:15:17:52:43:ae:55:d8:91:2f:66:59:0f:c6:
         a1:d4:6d:4f:b8:ca:21:6a:27:59:37:9f:5b:b7:05:7a:e8:8b:
         88:61:4a:e1:6f:7d:ca:4b:60:18:3c:35:c7:86:5d:49:85:42:
         c8:7e:e7:4d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYHwyTbmH/dbNcm1NuQhWvEFG/tEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTExMTdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJhMmNhMGEwN2M2OWI1ZTI3MmVjYzM4ODkwNDJlM2RkNzhlNzE1MjVjMzQ5
NmJkNzcyMmFkZDZiYTlhZDg1ODAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKm8zzwXo+JthWYBFOBW9uVL1DBSmFL9oCisY/ZyFZqX0h4wfu0Dxszwf1qh
5O8+xL7Yixqq1mLMuHwnIPnuvdCFqHhPyNSWvKG+j6hpAAwrAKF4hOK/ovcw8VHc
sgyXRfcEkcLjW8BGBssX2+qYQLuNDjEchvfEpBpdjDvv3YbZ8uUi0QocCnyQrxnF
Ih3eedK5O1o317ittEbCh5lhrJK9Knw1qeXtrsmrt9bzh6FkeHBWBpqQMhjMX05P
dfIRSVwk07CVm6USI01aF4GnP2BbvrCW8jH4RS8c32w0lpObQdlXYc3LBK4HPumW
I3j8x2k02GB3DXdA5QEO4Q9Gtj0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRg5uPq
tdyKqxISml0wS9SZrcQ2aTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2RhMzcxMmQtMzRhNi00MjhkLWE2OTQtMTliYWIzNzdjNDRlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0B4A
MA0GCSqGSIb3DQEBCwUAA4IBAQC46MONaWOf9LNOgNQBqslrvALiTca5x07VHKmv
dXgAxtNRLmWGlzCEgdEY8QGWN5D2hxM8lvk6Et5oq9zUQ6gUCoFjuLC61Y9rrn0s
w3BGusWA0YKJ6Qgbgvm5k6UV/pagfn4Nb7GPwNKvoZUB/LcEoptYyEn7wp1CRHmv
gRBQDpG6tizN65mV/m09GMv6HZnEDNd207VbkYaes33sRDZ5aq7gmL/5VYpLNtpg
xfyhkOXISmtFD+7RGQGR765ML4wOba3ZuXu9Pk+3KhUXUkOuVdiRL2ZZD8ah1G1P
uMohaidZN59btwV66IuIYUrhb33KS2AYPDXHhl1JhULIfudN
-----END CERTIFICATE-----