Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
File:                     df59e31f-1e32-4e7a-a595-74adb3f93176.roa (raw, json)
Hash identifier:          8IL47EZEXh7XXq7YQt57kAjR8fXS7QzrQNuMM6XpZxk=
Subject key identifier:   43:DB:69:9D:A0:85:E6:D9:F6:06:8D:30:9B:E5:45:EC:91:31:ED:F7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       14AC432C0377D15C30CA62AFF92EC3EF12234B77
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
Signing time:             Mon 31 Mar 2025 19:50:20 +0000
ROA not before:           Mon 31 Mar 2025 19:50:20 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:ac:43:2c:03:77:d1:5c:30:ca:62:af:f9:2e:c3:ef:12:23:4b:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:50:20 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a0:eb:a1:b7:29:a3:cd:06:1b:7f:13:e9:87:
                    26:fb:d1:56:1d:fa:f2:c2:59:c7:76:54:30:ad:e9:
                    ab:12:36:cb:a1:8c:7d:3d:5d:6c:fa:08:08:f9:0c:
                    06:a3:f0:f9:c6:4f:f4:31:6e:ea:a0:c7:92:a3:37:
                    6f:44:85:56:c7:e6:3e:bc:f2:b2:b8:b4:c8:8f:79:
                    4d:56:cc:dc:85:db:79:d6:1c:d7:e9:2e:08:2c:a5:
                    f9:33:50:47:3b:11:16:0b:06:80:d6:4a:c1:08:38:
                    45:8f:4f:7c:15:18:62:55:b3:7a:d1:c6:1b:52:c7:
                    3c:6f:1c:e0:16:e0:fb:bb:bb:94:e6:4c:22:be:1d:
                    7d:4f:86:01:fe:f4:c8:74:40:8d:78:59:ca:dd:ed:
                    fa:28:00:2e:f8:45:10:08:f7:f3:f8:2e:68:7c:83:
                    91:0a:23:9f:c6:d0:20:5a:3f:25:d9:d6:21:f1:80:
                    13:7a:f2:75:be:29:ba:7b:36:d1:e9:15:5b:88:65:
                    2a:47:80:f3:c8:00:66:8e:81:04:93:ff:bf:42:df:
                    4c:6a:26:ff:58:30:64:37:ab:be:3d:33:25:51:c1:
                    76:db:c0:e9:d4:32:81:1f:3f:9a:ae:b4:dd:43:f1:
                    5a:b3:63:43:ca:14:fe:62:87:0b:29:d3:3e:49:dd:
                    65:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DB:69:9D:A0:85:E6:D9:F6:06:8D:30:9B:E5:45:EC:91:31:ED:F7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:45:cb:d9:89:79:7b:de:1b:48:08:bc:13:99:e8:97:67:ce:
         29:e3:36:a2:c7:ab:f1:d8:74:49:dc:45:91:4f:7c:b4:02:82:
         a8:23:e3:80:ad:de:81:2b:8a:c6:37:d3:6d:d0:37:f5:dc:61:
         50:0e:89:d2:39:93:d5:b8:7f:22:a2:b1:30:ca:74:49:43:20:
         5e:6a:ba:d2:4f:a7:82:e9:20:b1:c0:ad:aa:fc:5b:0a:d0:52:
         8c:b8:ce:97:ba:6c:da:44:f6:92:a3:8f:e2:28:54:8e:52:2a:
         3f:ad:66:16:21:65:3b:c5:27:23:db:5e:70:00:b2:63:dc:46:
         62:dd:d3:e5:45:d7:29:70:98:58:92:15:ba:c2:f8:1e:11:bf:
         b4:7b:18:e0:0f:f6:b5:97:b8:5e:3a:5c:26:99:b4:90:45:e5:
         8a:2f:06:f8:ff:da:1a:a6:35:33:7d:9a:f9:33:3d:ec:01:f4:
         c4:86:d4:d0:eb:cc:48:17:4b:d6:27:77:ab:c1:e1:2c:5a:08:
         6a:ea:85:4f:3d:18:72:01:c6:56:67:c8:d2:b6:8e:35:5d:e8:
         6e:28:da:f7:fb:ac:3a:b3:a1:40:98:6a:54:59:91:1d:09:2c:
         92:c1:39:6c:b3:1d:f4:7d:19:64:be:d4:7b:59:8e:83:56:81:
         75:78:60:7e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFKxDLAN30VwwymKv+S7D7xIjS3cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUwMjBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDEzMDYxMTNkMTBlZTc5N2M0NTc2ODgzMTU3MWE2ODZkMDE1M2E4NWUyYzQ5
NWJmYWVkOTNmYzQyMGMyODkyMDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJKg66G3KaPNBht/E+mHJvvRVh368sJZx3ZUMK3pqxI2y6GMfT1dbPoICPkM
BqPw+cZP9DFu6qDHkqM3b0SFVsfmPrzysri0yI95TVbM3IXbedYc1+kuCCyl+TNQ
RzsRFgsGgNZKwQg4RY9PfBUYYlWzetHGG1LHPG8c4Bbg+7u7lOZMIr4dfU+GAf70
yHRAjXhZyt3t+igALvhFEAj38/guaHyDkQojn8bQIFo/JdnWIfGAE3rydb4puns2
0ekVW4hlKkeA88gAZo6BBJP/v0LfTGom/1gwZDervj0zJVHBdtvA6dQygR8/mq60
3UPxWrNjQ8oU/mKHCynTPkndZZ8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRD22md
oIXm2fYGjTCb5UXskTHt9zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGY1OWUzMWYtMWUzMi00ZTdhLWE1OTUtNzRhZGIzZjkzMTc2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DHg
MA0GCSqGSIb3DQEBCwUAA4IBAQA5RcvZiXl73htICLwTmeiXZ84p4zaix6vx2HRJ
3EWRT3y0AoKoI+OArd6BK4rGN9Nt0Df13GFQDonSOZPVuH8iorEwynRJQyBearrS
T6eC6SCxwK2q/FsK0FKMuM6XumzaRPaSo4/iKFSOUio/rWYWIWU7xScj215wALJj
3EZi3dPlRdcpcJhYkhW6wvgeEb+0exjgD/a1l7heOlwmmbSQReWKLwb4/9oapjUz
fZr5Mz3sAfTEhtTQ68xIF0vWJ3erweEsWghq6oVPPRhyAcZWZ8jSto41XehuKNr3
+6w6s6FAmGpUWZEdCSySwTlssx30fRlkvtR7WY6DVoF1eGB+
-----END CERTIFICATE-----