Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d3564159-9d8d-43eb-bf55-66a4445d2727.roa
File:                     d3564159-9d8d-43eb-bf55-66a4445d2727.roa (raw, json)
Hash identifier:          F72vFuRDs72GH+ldhaVZ7DTdahV+lsTjHCihMsgWVM8=
Subject key identifier:   E8:A5:F9:3D:05:F1:84:3B:47:DA:CF:F6:F8:07:66:16:8C:A3:58:34
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4CCF74A51CBD9230A4E105422EE5D76D9BF8E036
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d3564159-9d8d-43eb-bf55-66a4445d2727.roa
Signing time:             Mon 31 Mar 2025 21:00:51 +0000
ROA not before:           Mon 31 Mar 2025 21:00:51 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d076:b000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:cf:74:a5:1c:bd:92:30:a4:e1:05:42:2e:e5:d7:6d:9b:f8:e0:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:00:51 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ab:fa:ed:a1:ff:18:b1:53:c1:d0:7b:7f:fc:
                    b8:4a:27:98:56:7c:54:8d:b4:1e:fd:de:2c:d8:9f:
                    87:e1:9b:ea:c2:a3:5e:ff:13:eb:51:c4:79:2a:d5:
                    1c:f8:92:35:d5:74:81:b3:8f:a9:c9:70:9c:fe:f3:
                    bb:40:fb:42:99:81:cf:29:1a:67:e4:ba:b9:4e:13:
                    16:c8:0e:85:cb:44:e8:ef:16:78:80:cb:7a:c2:6e:
                    c5:d4:d4:1e:6e:b3:12:a4:23:de:bb:5b:38:f1:82:
                    26:e4:d1:6b:02:29:89:5d:3b:be:b1:ab:56:6f:26:
                    ff:0a:ff:f8:75:b8:f9:64:fb:db:18:2b:bc:2b:eb:
                    ba:1c:f8:9b:15:49:9b:95:36:53:b1:ab:eb:bc:1b:
                    8d:b2:c7:3f:06:c9:ec:01:0f:45:12:47:cd:8f:93:
                    3c:00:be:5d:1b:5d:e8:73:98:40:55:36:83:0f:e4:
                    ad:fe:52:45:b5:ba:50:5d:ea:d8:f9:ac:ec:f0:02:
                    0d:f8:6b:4d:e2:20:d8:21:3c:10:c9:77:47:75:f5:
                    3d:03:e5:53:71:99:8b:92:28:ef:47:22:8e:40:10:
                    73:39:c2:f9:c3:f4:06:be:76:4d:5c:26:4b:54:1d:
                    45:00:65:9a:60:b6:e1:17:24:e6:52:da:dd:4a:02:
                    d0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A5:F9:3D:05:F1:84:3B:47:DA:CF:F6:F8:07:66:16:8C:A3:58:34
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d3564159-9d8d-43eb-bf55-66a4445d2727.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d076:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0b:38:2d:07:9e:39:ec:0a:bd:b2:c9:5b:12:e2:6a:97:04:af:
         0b:d9:5f:7b:02:28:65:b4:14:a6:a3:31:90:aa:a0:df:54:eb:
         68:b5:fe:d4:58:ba:48:d7:ac:b4:4b:70:84:37:c2:d8:56:95:
         91:18:52:2b:d4:3e:80:ad:d0:8e:03:23:9d:60:63:26:f1:a0:
         80:12:94:91:21:b8:0a:cb:85:be:9b:a6:11:c6:90:8e:03:b5:
         21:71:2d:79:45:3a:f3:fb:fd:a6:f1:bf:c4:56:87:df:89:b0:
         d4:67:b9:d2:6e:d2:8e:1c:1d:cf:39:3c:a8:34:51:06:39:32:
         ba:d2:cf:38:90:07:a2:cf:05:2c:ea:d4:07:dc:17:bb:f6:68:
         7f:e5:0f:29:8b:ad:07:6e:4c:a1:ac:95:12:31:49:3d:fd:b8:
         b1:ec:40:d9:f2:6a:6e:ff:b2:db:b4:54:de:19:8f:f8:75:4f:
         07:c5:3b:fb:47:20:4e:20:f2:27:95:c5:40:73:5f:34:dd:82:
         45:77:5f:72:76:58:a6:83:57:1f:00:b4:57:d7:8c:7b:42:43:
         db:6b:b8:0d:81:d9:b9:9f:39:30:70:8a:b2:eb:0e:ea:58:80:
         3b:3f:6a:a9:e4:26:a6:16:c2:2a:5e:dd:5c:7d:34:cb:ee:0c:
         ce:f5:6e:d4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTM90pRy9kjCk4QVCLuXXbZv44DYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAwNTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDBkYjFhZWU5MGQ5NjY5NTg2YTJiZDRiOTEwODY0YWQzZDlmZTY0MjllZDli
NzQxNDdiYTNkNDI5YTM3ZGM4MTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMOr+u2h/xixU8HQe3/8uEonmFZ8VI20Hv3eLNifh+Gb6sKjXv8T61HEeSrV
HPiSNdV0gbOPqclwnP7zu0D7QpmBzykaZ+S6uU4TFsgOhctE6O8WeIDLesJuxdTU
Hm6zEqQj3rtbOPGCJuTRawIpiV07vrGrVm8m/wr/+HW4+WT72xgrvCvruhz4mxVJ
m5U2U7Gr67wbjbLHPwbJ7AEPRRJHzY+TPAC+XRtd6HOYQFU2gw/krf5SRbW6UF3q
2Pms7PACDfhrTeIg2CE8EMl3R3X1PQPlU3GZi5Io70cijkAQcznC+cP0Br52TVwm
S1QdRQBlmmC24Rck5lLa3UoC0FkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTopfk9
BfGEO0faz/b4B2YWjKNYNDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDM1NjQxNTktOWQ4ZC00M2ViLWJmNTUtNjZhNDQ0NWQyNzI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Haw
MA0GCSqGSIb3DQEBCwUAA4IBAQALOC0HnjnsCr2yyVsS4mqXBK8L2V97AihltBSm
ozGQqqDfVOtotf7UWLpI16y0S3CEN8LYVpWRGFIr1D6ArdCOAyOdYGMm8aCAEpSR
IbgKy4W+m6YRxpCOA7UhcS15RTrz+/2m8b/EVoffibDUZ7nSbtKOHB3POTyoNFEG
OTK60s84kAeizwUs6tQH3Be79mh/5Q8pi60HbkyhrJUSMUk9/bix7EDZ8mpu/7Lb
tFTeGY/4dU8HxTv7RyBOIPInlcVAc1803YJFd19ydlimg1cfALRX14x7QkPba7gN
gdm5nzkwcIqy6w7qWIA7P2qp5CamFsIqXt1cfTTL7gzO9W7U
-----END CERTIFICATE-----