Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d1f04e42-73c1-443a-82e2-623f7a02136a.roa
File:                     d1f04e42-73c1-443a-82e2-623f7a02136a.roa (raw, json)
Hash identifier:          ekDqfXuXuz1WWzZBL/XvJESiFx4vI3JZtRXEJcoyUkI=
Subject key identifier:   49:08:D2:1B:58:49:E8:82:EE:E9:DB:97:5E:B7:F6:25:6C:55:A4:1D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5E75BE154265F7AD895EAB022550602C14F2BA85
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d1f04e42-73c1-443a-82e2-623f7a02136a.roa
Signing time:             Wed 26 Mar 2025 19:37:14 +0000
ROA not before:           Wed 26 Mar 2025 19:37:14 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:75:be:15:42:65:f7:ad:89:5e:ab:02:25:50:60:2c:14:f2:ba:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:37:14 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:82:3e:70:ec:3e:a4:07:ef:9e:bf:f1:41:53:
                    15:4c:70:b9:70:b5:5c:e4:34:37:e2:d3:51:d7:4d:
                    96:a9:27:3d:f2:72:60:b3:af:5f:f4:55:11:31:79:
                    d7:0c:cc:71:46:e3:e2:40:fa:e6:12:96:e6:2c:d0:
                    90:6b:a8:0d:1c:84:29:5f:64:e5:b0:0b:0c:fa:3d:
                    c8:86:17:8e:29:4d:a3:d5:c3:d7:dd:b5:77:f8:a0:
                    0c:3e:d7:9e:dd:98:84:7c:08:f1:5e:2a:84:99:9f:
                    41:73:4b:ed:04:c3:20:55:e1:91:2c:ab:2b:ea:c3:
                    d3:e9:90:87:ea:71:12:31:f3:9e:c3:b3:b6:11:bf:
                    25:ef:3a:8a:ef:7e:44:74:54:06:09:90:3d:8e:37:
                    9c:30:ef:3f:32:91:ef:3e:ef:d6:9a:8a:e8:61:f6:
                    5c:22:2c:a0:e8:a0:b7:ad:c0:21:e8:6b:91:70:1b:
                    fb:85:7c:61:ed:47:46:e4:5c:67:c1:fc:07:50:c3:
                    84:7d:8a:45:5c:70:2b:c4:bf:b0:ad:f6:02:69:30:
                    1a:fc:7b:3e:99:2e:ae:38:14:8d:c4:b3:37:2e:5f:
                    cd:ab:29:6e:de:7f:81:b5:63:b8:71:5a:33:e6:27:
                    3a:68:20:4e:e0:54:f0:ba:35:8d:9a:83:25:01:13:
                    2f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:08:D2:1B:58:49:E8:82:EE:E9:DB:97:5E:B7:F6:25:6C:55:A4:1D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d1f04e42-73c1-443a-82e2-623f7a02136a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         8d:17:57:18:dc:ea:aa:01:13:a8:8c:12:c8:a6:9b:41:d6:a1:
         82:e6:5a:29:9a:7f:a0:83:e1:23:30:de:a7:cb:e0:ab:74:ea:
         30:c9:0d:a1:95:9c:34:92:39:38:da:aa:ae:c5:c6:3d:7a:9b:
         16:fe:19:ba:5e:99:df:fd:fc:bb:b7:89:bb:04:1f:68:d0:34:
         44:64:35:26:b2:fe:4f:3a:59:e1:10:38:ab:32:66:fa:42:6a:
         56:56:ad:85:3b:50:d1:c2:9a:f4:00:e7:c3:e5:1b:2d:85:e3:
         8d:16:e6:4b:8c:19:e2:6b:3d:b2:66:5a:8d:be:9e:35:23:21:
         38:10:b8:e4:fa:0c:84:d5:ef:8e:ea:ea:e6:56:f5:c6:8a:1e:
         58:52:7a:87:89:df:04:b0:d7:9f:59:9d:35:2d:63:6b:77:7f:
         cb:18:e7:77:ce:c6:1d:77:5a:13:7d:39:ab:3f:56:1b:18:87:
         f5:ba:cb:e0:8c:fe:31:28:c0:12:cd:0d:c1:e4:7e:0c:4c:c7:
         76:5d:7b:3c:70:0c:e3:eb:bd:e2:19:af:1e:12:b2:b6:dd:89:
         33:9c:37:80:39:a2:d5:0c:88:7f:e9:c3:00:37:2f:a8:af:19:
         bd:da:9a:c8:7c:b3:30:f3:ce:cf:54:68:2e:6d:dd:30:24:de:
         2f:fd:36:e4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXnW+FUJl962JXqsCJVBgLBTyuoUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTM3MTRaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDcwYWI2NzhhZjBmNzdmZjU3MTNlNDdlYTNmMDcyNjUyMDI1M2U5NmU0ODE5
ZDFmMzhiZTZhZmExNDJlNTlkNmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIeCPnDsPqQH756/8UFTFUxwuXC1XOQ0N+LTUddNlqknPfJyYLOvX/RVETF5
1wzMcUbj4kD65hKW5izQkGuoDRyEKV9k5bALDPo9yIYXjilNo9XD1921d/igDD7X
nt2YhHwI8V4qhJmfQXNL7QTDIFXhkSyrK+rD0+mQh+pxEjHznsOzthG/Je86iu9+
RHRUBgmQPY43nDDvPzKR7z7v1pqK6GH2XCIsoOigt63AIehrkXAb+4V8Ye1HRuRc
Z8H8B1DDhH2KRVxwK8S/sK32AmkwGvx7PpkurjgUjcSzNy5fzaspbt5/gbVjuHFa
M+YnOmggTuBU8Lo1jZqDJQETLzECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRJCNIb
WEnogu7p25det/YlbFWkHTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDFmMDRlNDItNzNjMS00NDNhLTgyZTItNjIzZjdhMDIxMzZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HsI
MA0GCSqGSIb3DQEBCwUAA4IBAQCNF1cY3OqqAROojBLIpptB1qGC5lopmn+gg+Ej
MN6ny+CrdOowyQ2hlZw0kjk42qquxcY9epsW/hm6Xpnf/fy7t4m7BB9o0DREZDUm
sv5POlnhEDirMmb6QmpWVq2FO1DRwpr0AOfD5RstheONFuZLjBniaz2yZlqNvp41
IyE4ELjk+gyE1e+O6urmVvXGih5YUnqHid8EsNefWZ01LWNrd3/LGOd3zsYdd1oT
fTmrP1YbGIf1usvgjP4xKMASzQ3B5H4MTMd2XXs8cAzj673iGa8eErK23YkznDeA
OaLVDIh/6cMANy+orxm92prIfLMw887PVGgubd0wJN4v/Tbk
-----END CERTIFICATE-----