Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa
File:                     d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa (raw, json)
Hash identifier:          Rf5p+2DIaejFN0Mcm/7VAs5PEYFOMaBQoIo+V/BKyLo=
Subject key identifier:   A5:3A:A2:08:E2:A6:92:04:84:68:05:4B:03:E6:85:F7:7B:F0:2F:A1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2072065762F0619A2A067551E8BBB50ACE1B989D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa
Signing time:             Mon 31 Mar 2025 20:50:19 +0000
ROA not before:           Mon 31 Mar 2025 20:50:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d032:1000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:72:06:57:62:f0:61:9a:2a:06:75:51:e8:bb:b5:0a:ce:1b:98:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:50:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3d:c1:2e:a7:d0:02:72:d2:e7:77:52:70:65:
                    83:46:96:8f:1a:fc:bf:95:27:29:00:fa:95:d9:75:
                    ac:7a:4e:75:d4:45:b1:06:26:b9:6d:43:ed:9b:5a:
                    2d:79:a8:23:39:d9:ac:cf:a2:7c:e1:bc:cf:ac:cf:
                    f8:ff:04:25:76:fd:b8:fc:b9:42:96:4e:15:5b:20:
                    89:b3:d8:4f:24:13:11:4a:c8:7a:1f:9b:6e:09:de:
                    d4:ae:06:10:6a:23:98:f3:f3:28:9e:e9:81:3b:0e:
                    e1:94:a5:bb:6f:31:26:6c:66:f9:91:57:a9:65:9d:
                    31:f6:8c:9c:bd:5a:b6:e2:a0:f2:25:94:4c:0f:a4:
                    d8:f8:50:c5:0b:13:73:bc:ae:3f:7a:ba:08:e5:e5:
                    42:45:f3:9e:e5:32:32:80:8e:bc:77:11:ba:cf:67:
                    b0:3b:6f:54:06:07:cd:d4:da:f0:51:72:fa:95:68:
                    f0:98:86:23:f4:3d:dc:16:16:c2:ec:6a:e9:fd:53:
                    96:62:47:4a:cb:e9:7d:63:db:f7:11:16:7d:f5:3a:
                    c9:98:62:28:d5:c4:23:d0:1d:3a:4e:ff:a4:33:14:
                    a7:82:d0:cb:70:36:84:86:20:e7:5a:a3:8f:a7:b3:
                    f4:cf:31:93:62:e8:eb:14:83:f7:77:0d:7e:5e:78:
                    ec:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:3A:A2:08:E2:A6:92:04:84:68:05:4B:03:E6:85:F7:7B:F0:2F:A1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d032:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         59:f1:e4:cf:eb:6c:f0:08:05:da:15:e8:86:d6:0e:20:21:e8:
         f8:b2:2f:85:72:1f:bf:0e:9a:27:10:e2:cf:3b:00:24:c2:2c:
         8e:99:bc:f4:48:df:1d:40:cd:5e:bb:23:cc:2c:6c:59:c9:99:
         23:c1:5a:76:d3:61:65:cd:d8:d7:1c:f7:62:d6:70:ad:29:a8:
         67:79:03:7b:a5:31:0c:76:9f:8e:20:36:58:ce:67:b5:97:c0:
         a5:a6:9a:7b:0d:28:40:72:5a:84:a1:47:87:5c:0e:2b:61:98:
         db:f8:0a:46:4d:fc:61:3c:00:b7:54:f9:d2:2e:c3:96:e9:45:
         99:16:ce:e2:ee:57:24:69:86:d6:64:2c:07:9b:f4:63:48:60:
         a7:86:a5:10:f0:66:89:90:cb:a7:3d:3c:e5:bc:8a:ab:2e:92:
         e9:bb:0b:53:be:a6:5d:93:53:76:7f:20:e6:74:e6:25:de:c4:
         8e:db:1a:90:18:f2:87:c1:41:f5:d3:27:3f:3e:ef:f3:a7:b4:
         ec:bb:0a:38:59:0d:49:68:94:08:76:16:3b:11:ff:a0:54:4e:
         d6:9d:a5:0b:e5:79:ff:76:38:3a:f5:32:3b:cd:52:04:20:33:
         eb:96:d2:37:9d:c3:30:20:c1:ab:e5:22:a6:67:3b:40:a0:8a:
         ee:da:c5:d6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIHIGV2LwYZoqBnVR6Lu1Cs4bmJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDUwMTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM5NWUzNDc0NDkxMDhlMWJiMzVkNmM4ZjVhNzUwMTk4NmU5MjNlMTcxMzk5
MWI2M2E5NjVhNGJkN2JmZWE2YzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMM9wS6n0AJy0ud3UnBlg0aWjxr8v5UnKQD6ldl1rHpOddRFsQYmuW1D7Zta
LXmoIznZrM+ifOG8z6zP+P8EJXb9uPy5QpZOFVsgibPYTyQTEUrIeh+bbgne1K4G
EGojmPPzKJ7pgTsO4ZSlu28xJmxm+ZFXqWWdMfaMnL1atuKg8iWUTA+k2PhQxQsT
c7yuP3q6COXlQkXznuUyMoCOvHcRus9nsDtvVAYHzdTa8FFy+pVo8JiGI/Q93BYW
wuxq6f1TlmJHSsvpfWPb9xEWffU6yZhiKNXEI9AdOk7/pDMUp4LQy3A2hIYg51qj
j6ez9M8xk2Lo6xSD93cNfl547P8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSlOqII
4qaSBIRoBUsD5oX3e/AvoTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDM4NWZmNGItN2Y4ZS00NWQyLThmOGItZmNkZTE0MjZhMDUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DIQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBZ8eTP62zwCAXaFeiG1g4gIej4si+Fch+/Dpon
EOLPOwAkwiyOmbz0SN8dQM1euyPMLGxZyZkjwVp202FlzdjXHPdi1nCtKahneQN7
pTEMdp+OIDZYzme1l8Clppp7DShAclqEoUeHXA4rYZjb+ApGTfxhPAC3VPnSLsOW
6UWZFs7i7lckaYbWZCwHm/RjSGCnhqUQ8GaJkMunPTzlvIqrLpLpuwtTvqZdk1N2
fyDmdOYl3sSO2xqQGPKHwUH10yc/Pu/zp7Tsuwo4WQ1JaJQIdhY7Ef+gVE7WnaUL
5Xn/djg69TI7zVIEIDPrltI3ncMwIMGr5SKmZztAoIru2sXW
-----END CERTIFICATE-----