Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd7459b4-43ce-4e19-8904-9681781506ff.roa
File:                     dd7459b4-43ce-4e19-8904-9681781506ff.roa (raw, json)
Hash identifier:          V3/JlG2gZVEQa/60xV2XgQ8ZtsplNJUXF5QpBfGQR3I=
Subject key identifier:   C5:4A:26:47:7D:2E:F5:1E:E6:5E:B1:5A:D4:ED:C0:B3:11:30:96:CB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1D6FEF30370BED9DC415ABE9236C5473058DD3C7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd7459b4-43ce-4e19-8904-9681781506ff.roa
Signing time:             Mon 31 Mar 2025 20:31:53 +0000
ROA not before:           Mon 31 Mar 2025 20:31:53 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:5000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:6f:ef:30:37:0b:ed:9d:c4:15:ab:e9:23:6c:54:73:05:8d:d3:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:53 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:23:73:5e:5c:82:33:30:b1:03:37:83:aa:8b:
                    79:0d:3d:f3:4d:5a:b4:fb:82:06:8a:72:0f:8a:e4:
                    eb:24:f1:31:53:bf:91:e6:c9:a5:49:4a:af:65:f2:
                    d1:67:07:60:ea:99:fc:ac:e4:8a:c3:5a:f1:a1:78:
                    00:e4:ed:64:d7:88:71:4b:bf:86:87:05:5d:a3:ee:
                    e7:31:ae:5e:c1:0e:61:e3:1d:a5:6a:18:76:4a:b8:
                    3c:ad:4d:c6:fb:91:ac:35:3f:b1:51:8b:22:8a:58:
                    bd:07:20:17:b1:9c:c9:cd:27:2e:a5:26:01:b2:52:
                    23:e5:0c:43:37:67:d7:ad:b8:fa:24:2a:4e:27:b1:
                    a2:6b:01:2c:9f:7b:48:c0:2c:36:c1:66:93:cb:3d:
                    fc:60:95:98:92:b5:7a:d0:46:ff:97:4a:bc:16:20:
                    77:9e:2b:d7:01:11:06:0c:38:bb:d8:bb:ad:32:57:
                    8d:3b:36:c6:85:4e:8c:ce:94:1f:f0:ef:56:dc:bf:
                    11:65:cf:86:f9:ba:01:28:bf:7e:de:7f:03:73:38:
                    35:d0:70:40:a0:31:7a:b9:2f:15:36:6d:85:81:2f:
                    86:92:b4:e3:4f:81:4b:21:e1:18:99:54:72:b9:84:
                    9d:99:7d:f7:d1:77:b3:10:68:71:aa:ac:8e:80:fd:
                    c7:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:4A:26:47:7D:2E:F5:1E:E6:5E:B1:5A:D4:ED:C0:B3:11:30:96:CB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd7459b4-43ce-4e19-8904-9681781506ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c6:c6:82:70:fb:9a:97:81:e0:4b:be:7c:42:62:a7:e4:4e:42:
         57:c8:aa:0e:f4:0f:25:04:1e:07:94:51:7e:48:22:3f:ef:cb:
         04:e6:96:54:35:4d:20:34:b3:00:af:80:59:4b:9c:d4:94:3c:
         4e:fe:66:d0:a8:ae:4f:11:ec:d1:48:46:23:5a:dd:8b:23:84:
         07:2c:25:91:6e:d8:52:b2:e1:b5:62:4d:8a:28:04:ce:55:21:
         cd:d7:88:c9:3a:e5:34:9c:b7:02:89:8d:1a:b5:95:11:89:c0:
         0b:e9:56:b1:fd:48:79:aa:e6:65:4a:e0:07:fe:73:32:e4:f0:
         6f:b5:3f:c2:5f:ca:92:31:d3:20:50:2f:58:0c:8e:41:10:73:
         bf:bf:ae:12:f2:c0:f0:ba:2e:66:72:b8:c2:b9:47:7c:67:69:
         b6:0b:5a:1f:48:e0:ec:b0:44:69:95:a9:66:69:8a:30:c0:c5:
         75:70:20:bf:1d:64:02:a8:23:3d:00:b4:8a:6e:75:cb:b9:5a:
         56:29:30:c8:d4:29:e6:2e:f2:ed:43:11:fb:ac:b8:59:8c:71:
         da:96:45:87:76:46:e7:f8:eb:50:fe:ae:26:d9:95:6b:14:7c:
         e0:79:43:c0:16:f4:20:64:21:03:0e:eb:6a:0e:94:b5:e3:06:
         01:56:73:2a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHW/vMDcL7Z3EFavpI2xUcwWN08cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxNTNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGYwZjhiMjFkNTMyNjhhMTE1YzUyMmFkODA0NWU2NGYzNGQ5YWQ5ZDFkOTAw
OWU0OGY3ODhlY2E5ZjgxZWU1NmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsjc15cgjMwsQM3g6qLeQ09801atPuCBopyD4rk6yTxMVO/kebJpUlKr2Xy
0WcHYOqZ/KzkisNa8aF4AOTtZNeIcUu/hocFXaPu5zGuXsEOYeMdpWoYdkq4PK1N
xvuRrDU/sVGLIopYvQcgF7Gcyc0nLqUmAbJSI+UMQzdn1624+iQqTiexomsBLJ97
SMAsNsFmk8s9/GCVmJK1etBG/5dKvBYgd54r1wERBgw4u9i7rTJXjTs2xoVOjM6U
H/DvVty/EWXPhvm6ASi/ft5/A3M4NdBwQKAxerkvFTZthYEvhpK040+BSyHhGJlU
crmEnZl999F3sxBocaqsjoD9x/kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTFSiZH
fS71HuZesVrU7cCzETCWyzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGQ3NDU5YjQtNDNjZS00ZTE5LTg5MDQtOTY4MTc4MTUwNmZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DVQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDGxoJw+5qXgeBLvnxCYqfkTkJXyKoO9A8lBB4H
lFF+SCI/78sE5pZUNU0gNLMAr4BZS5zUlDxO/mbQqK5PEezRSEYjWt2LI4QHLCWR
bthSsuG1Yk2KKATOVSHN14jJOuU0nLcCiY0atZURicAL6Vax/Uh5quZlSuAH/nMy
5PBvtT/CX8qSMdMgUC9YDI5BEHO/v64S8sDwui5mcrjCuUd8Z2m2C1ofSODssERp
lalmaYowwMV1cCC/HWQCqCM9ALSKbnXLuVpWKTDI1CnmLvLtQxH7rLhZjHHalkWH
dkbn+OtQ/q4m2ZVrFHzgeUPAFvQgZCEDDutqDpS14wYBVnMq
-----END CERTIFICATE-----