Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ea10dac5-32ce-4aaf-8297-ffd1dbc8521a.roa
File:                     ea10dac5-32ce-4aaf-8297-ffd1dbc8521a.roa (raw, json)
Hash identifier:          ZhwnXRKNQTh81tAvvb7u5KsukKuJIHygYEmnIvFQRA0=
Subject key identifier:   73:2A:1C:4D:E3:0B:63:00:CD:51:3E:3C:C2:4F:7B:B5:11:97:8F:02
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       63D361EA9B03B34A855830B9B61140E9185C542D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ea10dac5-32ce-4aaf-8297-ffd1dbc8521a.roa
Signing time:             Mon 31 Mar 2025 21:00:19 +0000
ROA not before:           Mon 31 Mar 2025 21:00:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d03a:5000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:d3:61:ea:9b:03:b3:4a:85:58:30:b9:b6:11:40:e9:18:5c:54:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:00:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:94:7f:bb:db:10:e0:ed:83:fb:61:29:4d:d0:
                    61:83:b0:b3:27:55:9e:05:8e:41:7a:84:55:0d:ee:
                    a7:d2:d5:c2:ca:6b:a6:c9:26:04:6d:9d:3f:54:a7:
                    55:d9:0c:91:54:54:a6:29:18:8f:dd:59:73:19:4c:
                    69:57:66:20:f4:8e:43:5d:2e:11:87:be:c3:cb:d1:
                    f2:87:b0:7a:cb:d9:b5:1b:f6:3e:a3:72:7f:31:22:
                    58:d3:ec:62:bb:7e:b3:5e:9c:49:d8:5f:39:cf:b7:
                    9e:2b:e2:98:57:b2:fa:79:e5:f7:2b:ea:d5:12:40:
                    3c:42:f1:65:67:29:5d:d4:66:45:d6:ee:b5:44:3a:
                    94:ad:86:3d:8a:1d:42:b5:29:be:04:a9:4d:52:c0:
                    03:fa:37:08:45:53:25:30:22:2a:ae:e1:4e:d9:54:
                    26:86:87:c1:99:83:d1:d7:4a:ca:4a:84:18:af:29:
                    a0:54:3d:d3:7b:bf:f5:10:74:b9:a8:9c:91:d4:13:
                    f5:e3:73:ce:f0:4a:e8:c9:08:be:0b:92:46:4f:f3:
                    ac:2e:dc:5a:ed:3f:12:d1:61:7d:1c:f7:51:90:41:
                    6f:00:05:5b:3f:08:7c:48:d6:d7:98:4a:75:b9:9c:
                    bb:f1:c6:51:f4:de:11:8f:bc:fd:db:95:93:50:e3:
                    9a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:2A:1C:4D:E3:0B:63:00:CD:51:3E:3C:C2:4F:7B:B5:11:97:8F:02
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ea10dac5-32ce-4aaf-8297-ffd1dbc8521a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d03a:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         27:1d:b9:90:35:7e:82:76:fa:e9:ee:fb:7c:26:3c:d9:a8:d4:
         0a:37:97:17:ea:6e:9b:8a:20:8e:69:b8:b3:7a:1e:da:f0:51:
         53:c3:35:5c:cd:d5:e2:a3:47:00:ba:17:00:2f:82:9a:cc:3e:
         16:7f:7c:8a:6e:ce:d4:58:2d:01:df:a7:a6:96:93:3f:af:11:
         00:aa:ca:4c:05:aa:23:fa:41:00:f0:5a:d8:3c:30:df:bd:46:
         70:00:ff:30:88:4d:04:3b:56:a8:7d:a6:89:10:55:84:87:20:
         ae:7c:4f:b9:1c:74:6f:7c:4f:00:51:1a:9e:b4:da:bf:48:c3:
         98:02:a4:bb:6e:9b:5b:b1:17:9f:32:0f:d2:da:8a:96:98:96:
         d0:a9:c2:ac:ed:1b:fd:38:08:53:e0:74:d4:be:61:24:e6:e3:
         d5:d9:ae:a0:a1:71:61:e4:30:9a:8d:35:f2:84:8f:24:7c:46:
         73:9f:ea:ea:b5:24:23:d9:23:49:35:30:ed:79:bb:81:a2:e9:
         ed:97:30:14:8d:82:76:f5:14:ba:54:d0:01:d4:6f:27:95:db:
         a9:12:15:6c:6c:08:b2:11:7a:56:a9:7b:da:37:b5:e1:2f:a5:
         3a:78:c6:2f:70:41:64:16:ac:d0:98:b2:d4:9d:40:4f:ba:0b:
         1c:8c:77:e2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUY9Nh6psDs0qFWDC5thFA6RhcVC0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAwMTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM5M2ZkZDRlZGVmZDk4MTc1MGM2ZDI2N2ZiNDU2ZTVhM2MxNDQ2NjdlNTc1
MTIzOTdkNzBiYmQwNjMwYzUzOWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALaUf7vbEODtg/thKU3QYYOwsydVngWOQXqEVQ3up9LVwsprpskmBG2dP1Sn
VdkMkVRUpikYj91ZcxlMaVdmIPSOQ10uEYe+w8vR8oewesvZtRv2PqNyfzEiWNPs
Yrt+s16cSdhfOc+3nivimFey+nnl9yvq1RJAPELxZWcpXdRmRdbutUQ6lK2GPYod
QrUpvgSpTVLAA/o3CEVTJTAiKq7hTtlUJoaHwZmD0ddKykqEGK8poFQ903u/9RB0
uaickdQT9eNzzvBK6MkIvguSRk/zrC7cWu0/EtFhfRz3UZBBbwAFWz8IfEjW15hK
dbmcu/HGUfTeEY+8/duVk1DjmpECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRzKhxN
4wtjAM1RPjzCT3u1EZePAjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWExMGRhYzUtMzJjZS00YWFmLTgyOTctZmZkMWRiYzg1MjFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DpQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAnHbmQNX6Cdvrp7vt8JjzZqNQKN5cX6m6biiCO
abizeh7a8FFTwzVczdXio0cAuhcAL4KazD4Wf3yKbs7UWC0B36emlpM/rxEAqspM
Baoj+kEA8FrYPDDfvUZwAP8wiE0EO1aofaaJEFWEhyCufE+5HHRvfE8AURqetNq/
SMOYAqS7bptbsRefMg/S2oqWmJbQqcKs7Rv9OAhT4HTUvmEk5uPV2a6goXFh5DCa
jTXyhI8kfEZzn+rqtSQj2SNJNTDtebuBountlzAUjYJ29RS6VNAB1G8nldupEhVs
bAiyEXpWqXvaN7XhL6U6eMYvcEFkFqzQmLLUnUBPugscjHfi
-----END CERTIFICATE-----