Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e580dca1-bc51-4f11-b7e4-287944d98510.roa
File:                     e580dca1-bc51-4f11-b7e4-287944d98510.roa (raw, json)
Hash identifier:          mRXJOX9UBOyVcvMw2YMdZWbn5KbQW75CyEs46RSc+j4=
Subject key identifier:   D2:CE:97:80:4C:70:CA:AD:6C:9A:AB:0D:CB:1C:36:90:9C:63:18:79
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       49DEE2BD3A05BFAA5AFD80849D6493CDD8D87FBC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e580dca1-bc51-4f11-b7e4-287944d98510.roa
Signing time:             Mon 31 Mar 2025 19:11:13 +0000
ROA not before:           Mon 31 Mar 2025 19:11:13 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d074:a000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:de:e2:bd:3a:05:bf:aa:5a:fd:80:84:9d:64:93:cd:d8:d8:7f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:11:13 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6e:27:94:71:4a:f4:a9:c2:a0:a9:18:a4:67:
                    9a:4c:3c:a3:e6:8e:f6:9c:f9:24:9f:76:33:51:0f:
                    95:3b:fe:1c:5a:ec:a5:61:3d:72:79:e4:ad:35:3a:
                    87:1b:62:5c:e4:84:02:f6:07:73:bc:f2:08:02:49:
                    9f:d8:13:83:98:5c:64:30:82:d1:ae:f0:eb:45:29:
                    20:c7:8e:1a:3d:5e:f7:55:82:85:3f:3f:5e:c3:75:
                    66:46:11:a6:8c:6a:c2:2e:6c:79:a5:dc:63:17:72:
                    d4:20:3e:a0:64:a0:90:ca:93:9f:70:0f:00:63:99:
                    94:02:e8:5c:b6:43:19:64:7d:6a:bc:6d:d1:fc:06:
                    d0:1a:6e:72:08:b3:8e:83:02:d4:58:e3:b4:be:a0:
                    bc:cc:40:fd:78:8d:70:99:32:d7:f8:69:31:5e:d6:
                    ea:1e:51:5e:80:7d:a4:17:a2:ca:0d:b9:84:45:d0:
                    41:1d:3d:26:03:76:f0:5f:b1:68:32:f7:27:79:d7:
                    22:9b:88:6e:49:74:4f:0d:f6:77:3a:99:d5:bf:44:
                    f4:93:41:5a:36:55:b3:c4:06:37:a1:56:47:b1:2b:
                    f7:25:bf:a3:05:42:a5:09:62:68:ca:f2:a9:25:c2:
                    ba:55:93:aa:66:eb:7e:67:85:3c:86:f9:6a:15:12:
                    69:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:CE:97:80:4C:70:CA:AD:6C:9A:AB:0D:CB:1C:36:90:9C:63:18:79
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e580dca1-bc51-4f11-b7e4-287944d98510.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         bc:07:5e:dd:5e:ad:60:91:99:e4:20:1c:0b:3a:f5:01:b6:43:
         3a:e2:4c:03:7f:84:26:c2:5b:a2:58:3b:1e:5e:0d:19:14:dc:
         a6:05:a6:b5:62:4e:86:ec:03:70:e1:a1:5f:a6:84:1a:26:79:
         f7:d0:84:90:ac:f9:c8:13:37:b3:cb:a5:93:a3:a0:62:d1:28:
         ce:03:7e:2e:37:8c:34:d6:9a:45:df:ea:35:16:5a:00:73:a7:
         91:3d:48:d5:99:67:67:20:f3:f0:ef:92:19:8c:61:ff:a7:fe:
         cb:53:44:eb:49:05:93:28:45:b9:6a:00:07:b9:da:80:a7:b4:
         ac:6d:a0:23:93:c6:c1:b5:61:37:8c:48:7f:8b:29:9e:3e:d8:
         67:da:38:b7:50:4e:bd:bf:fd:55:ca:9c:5b:3a:7d:f2:65:37:
         ae:50:55:c5:04:7f:be:9b:71:22:6d:fb:bf:fe:e5:c5:0f:ec:
         51:b7:80:28:99:f5:9c:88:94:3e:f7:6e:3d:3e:9a:b7:29:ef:
         49:c8:50:d6:ff:2a:5b:11:13:80:4a:3c:c9:31:d6:d8:2f:84:
         92:68:2c:3d:e6:b2:19:29:09:ed:9c:79:b9:79:57:e3:b1:43:
         56:f8:e5:e7:ed:84:41:0c:34:c3:ca:df:29:a3:5d:ca:cb:79:
         fd:1e:22:72
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSd7ivToFv6pa/YCEnWSTzdjYf7wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTExMTNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVjY2FjMjlhZTJlNzZjYTU1MjU1YzI5Y2EyYTFhMjdhOGVmZDg0ZjFmODky
OWVjMWI1ODFmZjA3MGNiMWFhMzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMhuJ5RxSvSpwqCpGKRnmkw8o+aO9pz5JJ92M1EPlTv+HFrspWE9cnnkrTU6
hxtiXOSEAvYHc7zyCAJJn9gTg5hcZDCC0a7w60UpIMeOGj1e91WChT8/XsN1ZkYR
poxqwi5seaXcYxdy1CA+oGSgkMqTn3APAGOZlALoXLZDGWR9arxt0fwG0Bpucgiz
joMC1FjjtL6gvMxA/XiNcJky1/hpMV7W6h5RXoB9pBeiyg25hEXQQR09JgN28F+x
aDL3J3nXIpuIbkl0Tw32dzqZ1b9E9JNBWjZVs8QGN6FWR7Er9yW/owVCpQliaMry
qSXCulWTqmbrfmeFPIb5ahUSaV8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTSzpeA
THDKrWyaqw3LHDaQnGMYeTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTU4MGRjYTEtYmM1MS00ZjExLWI3ZTQtMjg3OTQ0ZDk4NTEwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HSg
MA0GCSqGSIb3DQEBCwUAA4IBAQC8B17dXq1gkZnkIBwLOvUBtkM64kwDf4Qmwlui
WDseXg0ZFNymBaa1Yk6G7ANw4aFfpoQaJnn30ISQrPnIEzezy6WTo6Bi0SjOA34u
N4w01ppF3+o1FloAc6eRPUjVmWdnIPPw75IZjGH/p/7LU0TrSQWTKEW5agAHudqA
p7SsbaAjk8bBtWE3jEh/iymePthn2ji3UE69v/1VypxbOn3yZTeuUFXFBH++m3Ei
bfu//uXFD+xRt4AomfWciJQ+9249Ppq3Ke9JyFDW/ypbEROASjzJMdbYL4SSaCw9
5rIZKQntnHm5eVfjsUNW+OXn7YRBDDTDyt8po13Ky3n9HiJy
-----END CERTIFICATE-----