Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e1238e5b-cb87-40e8-826d-b066b63b598f.roa
File:                     e1238e5b-cb87-40e8-826d-b066b63b598f.roa (raw, json)
Hash identifier:          2XJ4ZDHpXvO70SATHs0Fqf7SfOU6Z6j8gy5ZKsxCZcw=
Subject key identifier:   F5:ED:94:57:41:3A:B6:C5:44:C9:05:7A:A2:74:9D:D7:37:AB:1F:08
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2CD3A5CCF8D5D2399735276D8455B006C9A80F44
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e1238e5b-cb87-40e8-826d-b066b63b598f.roa
Signing time:             Mon 31 Mar 2025 20:50:22 +0000
ROA not before:           Mon 31 Mar 2025 20:50:22 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d06e:b000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:d3:a5:cc:f8:d5:d2:39:97:35:27:6d:84:55:b0:06:c9:a8:0f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:50:22 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e8:3b:6b:b2:1e:f3:62:10:2f:81:29:c7:4f:
                    7c:e4:f6:b8:5f:d8:69:5f:b2:36:9d:8d:39:9d:f5:
                    55:ea:fb:78:5e:9a:52:b9:65:1e:6f:e7:33:09:15:
                    73:34:fe:d1:fc:06:da:4d:ce:24:d0:e1:38:67:ce:
                    0b:42:7d:e0:df:9c:7e:25:ff:c8:1d:50:de:cc:18:
                    96:4c:66:a0:98:03:6f:d9:21:18:9e:e1:5c:b7:e4:
                    49:62:28:6e:ec:eb:69:f9:d4:61:6b:c8:59:51:c1:
                    e0:ac:57:d8:55:e1:8f:97:80:c9:2c:65:e9:fa:00:
                    3e:bd:79:f8:a3:c9:47:19:a8:c2:0e:b4:b5:a7:e0:
                    2c:83:52:4a:d3:45:a9:ba:dd:c0:b4:1d:d1:c3:da:
                    68:27:7c:78:c8:ae:7d:31:d1:56:91:f5:fc:e5:e9:
                    b3:f9:14:b7:40:d5:28:c9:d0:da:31:c1:a4:50:c0:
                    6e:01:c1:28:80:ef:d6:cd:24:59:8d:60:7f:8f:78:
                    22:8e:45:e9:ec:0d:59:7c:90:5c:4c:f7:dd:8e:2e:
                    47:7b:9d:c3:39:13:e8:86:aa:49:ae:09:6b:d5:c5:
                    ab:ad:8d:c9:a2:25:95:23:75:a0:38:33:a2:7c:d3:
                    dd:d3:72:2b:0c:ca:24:24:bc:b2:d8:f0:2f:4c:42:
                    d5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:ED:94:57:41:3A:B6:C5:44:C9:05:7A:A2:74:9D:D7:37:AB:1F:08
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e1238e5b-cb87-40e8-826d-b066b63b598f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06e:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3f:10:60:96:18:82:fe:90:e4:40:cf:03:d6:e7:4e:fd:0a:8d:
         62:31:47:9d:e7:c1:c8:55:8c:c5:73:fb:08:4d:2d:08:45:05:
         65:c6:3e:41:fd:09:dc:6d:45:e5:6a:50:c6:07:82:46:6f:5e:
         f9:1e:b0:ad:84:10:c9:6b:51:33:59:2e:36:fb:22:17:d0:ab:
         a3:e0:aa:3b:89:57:80:bf:7b:5e:75:d0:47:20:42:b5:bf:c5:
         71:77:cd:c2:cb:26:5c:e6:56:44:7b:55:1f:de:a8:49:79:b3:
         5e:60:10:57:3a:f3:04:00:36:0d:ca:fa:47:4b:d4:f2:2c:ac:
         7d:93:42:ea:08:2e:2b:33:6e:75:72:06:59:61:22:b4:37:c3:
         76:b1:fa:9d:c1:c7:1b:f1:9f:fd:18:d6:2e:7a:4a:ec:4b:02:
         17:76:d9:2b:95:83:42:75:49:f5:95:63:1a:e6:33:28:c2:b3:
         0e:9b:40:c6:f1:f7:04:18:3b:65:a5:00:05:6f:96:75:27:82:
         81:4c:39:22:4b:91:45:12:15:90:0c:d0:6b:52:c8:e8:6b:32:
         71:17:0e:52:3f:d0:52:3f:ed:02:d6:60:38:e2:41:7f:32:7f:
         70:3c:8a:49:f5:b3:a1:0f:49:87:b1:5c:a4:ec:f9:f6:22:ce:
         03:af:18:14
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULNOlzPjV0jmXNSdthFWwBsmoD0QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDUwMjJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGVhZWE2Yzc1NWM5NjAwNzQ0ZGMwNjM0MmViNjg5Yjc3YzUwOGMzNTkyMmQ2
ZTVjODE2N2FjNDgxNWViODRhOGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvoO2uyHvNiEC+BKcdPfOT2uF/YaV+yNp2NOZ31Ver7eF6aUrllHm/nMwkV
czT+0fwG2k3OJNDhOGfOC0J94N+cfiX/yB1Q3swYlkxmoJgDb9khGJ7hXLfkSWIo
buzrafnUYWvIWVHB4KxX2FXhj5eAySxl6foAPr15+KPJRxmowg60tafgLINSStNF
qbrdwLQd0cPaaCd8eMiufTHRVpH1/OXps/kUt0DVKMnQ2jHBpFDAbgHBKIDv1s0k
WY1gf494Io5F6ewNWXyQXEz33Y4uR3udwzkT6IaqSa4Ja9XFq62NyaIllSN1oDgz
onzT3dNyKwzKJCS8stjwL0xC1WMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT17ZRX
QTq2xUTJBXqidJ3XN6sfCDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTEyMzhlNWItY2I4Ny00MGU4LTgyNmQtYjA2NmI2M2I1OThmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G6w
MA0GCSqGSIb3DQEBCwUAA4IBAQA/EGCWGIL+kORAzwPW5079Co1iMUed58HIVYzF
c/sITS0IRQVlxj5B/QncbUXlalDGB4JGb175HrCthBDJa1EzWS42+yIX0Kuj4Ko7
iVeAv3teddBHIEK1v8Vxd83CyyZc5lZEe1Uf3qhJebNeYBBXOvMEADYNyvpHS9Ty
LKx9k0LqCC4rM251cgZZYSK0N8N2sfqdwccb8Z/9GNYuekrsSwIXdtkrlYNCdUn1
lWMa5jMowrMOm0DG8fcEGDtlpQAFb5Z1J4KBTDkiS5FFEhWQDNBrUsjoazJxFw5S
P9BSP+0C1mA44kF/Mn9wPIpJ9bOhD0mHsVyk7Pn2Is4DrxgU
-----END CERTIFICATE-----