Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ead335a6-c944-4428-8125-039e74da6674.roa
File:                     ead335a6-c944-4428-8125-039e74da6674.roa (raw, json)
Hash identifier:          YCLNC05ZZg4NloRlcPpy8K7KeviqAoBR45BhRuL9xtw=
Subject key identifier:   DB:10:E5:84:A6:4D:10:CE:7B:4A:DE:79:1A:AD:AC:5C:6A:B8:8B:FB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       69CA5A0516C9941B0ADB2D089AEAA848A955A022
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ead335a6-c944-4428-8125-039e74da6674.roa
Signing time:             Mon 31 Mar 2025 20:31:19 +0000
ROA not before:           Mon 31 Mar 2025 20:31:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:2000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:ca:5a:05:16:c9:94:1b:0a:db:2d:08:9a:ea:a8:48:a9:55:a0:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c1:59:21:43:52:3b:c8:ca:4d:7b:58:bd:03:
                    87:53:15:e2:39:e2:23:cd:b6:8b:a7:ad:b9:72:14:
                    79:1b:f9:84:2c:37:ab:6b:0c:2a:90:97:29:40:4b:
                    36:c4:1c:48:52:4a:29:9c:05:d2:1b:4f:22:1c:fd:
                    f4:79:85:d6:04:13:8c:8d:08:e3:bf:83:1e:e0:51:
                    e1:c3:8d:0e:69:34:6a:a4:0b:c5:f1:7b:55:23:2a:
                    e4:25:4d:fe:6e:72:24:2a:52:a9:a4:7b:1e:ff:d6:
                    99:bc:a3:92:31:d7:36:6f:07:0a:e3:46:71:c0:fa:
                    5f:db:e0:fe:d7:0a:f7:56:af:be:d7:b7:7f:df:75:
                    0f:21:08:7d:69:06:0f:a9:e3:bf:43:84:c1:78:ac:
                    fa:b2:b6:39:4d:e4:66:14:15:15:31:87:4c:fb:e3:
                    bf:7d:b6:10:49:35:60:11:37:4c:0b:67:cd:c3:22:
                    d6:7a:b6:ed:ce:cc:10:04:24:a1:b2:9c:cb:cf:df:
                    bc:14:ed:28:d8:92:9a:91:ed:52:b1:23:fd:07:3d:
                    36:25:48:1a:ba:82:c0:f3:7a:f6:af:d8:d4:60:dd:
                    8a:e1:04:3f:5a:58:72:08:c3:f2:6c:63:72:6a:ae:
                    16:e0:0f:89:83:e6:67:a8:28:3f:fd:e7:a6:f7:21:
                    60:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:10:E5:84:A6:4D:10:CE:7B:4A:DE:79:1A:AD:AC:5C:6A:B8:8B:FB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ead335a6-c944-4428-8125-039e74da6674.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         31:d5:80:4a:88:89:3a:d4:b8:b1:74:6f:0b:3b:b8:5a:35:85:
         69:63:d6:ba:82:ad:6e:78:fe:1e:1e:e6:05:e6:eb:85:c1:ad:
         a9:01:2e:74:92:2e:f7:14:48:e2:c1:21:da:b2:47:ae:f9:cd:
         ad:51:84:ba:1a:36:c1:00:13:45:34:bf:21:f8:92:b2:ca:8a:
         2d:22:f6:8d:18:8a:b0:39:71:4f:0b:40:38:07:42:f2:90:e6:
         e3:75:5c:ca:da:2a:1e:e4:88:35:89:e4:d2:fb:d2:90:fc:1f:
         e5:78:9b:34:f1:92:f6:fd:b4:c8:d0:12:81:24:41:be:98:42:
         a2:c2:f1:58:fe:12:27:e6:31:f4:e3:7b:43:77:1b:3d:7a:ca:
         fa:44:a2:10:3d:c1:99:34:1d:d9:79:6e:1a:08:ab:89:b8:a8:
         ed:9d:00:3d:09:9e:81:44:c8:52:7b:5b:ff:fe:b8:7b:dd:fc:
         c0:58:5f:73:e1:e6:a0:9e:cf:99:c7:d1:09:d8:c5:9c:bb:c3:
         a5:38:d8:3f:cd:52:9b:49:1e:61:0d:9f:48:48:9c:d9:c1:11:
         93:3f:22:6b:5b:6c:ef:d5:d0:8c:a4:04:05:ea:d4:ca:19:fd:
         9a:4c:6d:4f:79:c1:dc:44:dc:2e:3e:19:a0:db:c8:55:55:3b:
         74:ce:22:16
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUacpaBRbJlBsK2y0ImuqoSKlVoCIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxMTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDIzNWIxN2I1MjRkYTA2NjcxNmVjN2FiNWU0ZDg5N2QwN2ZjMmUwODQ2MjMz
OTFmNzcxYTE3YmUxZGY2NTk5OTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANzBWSFDUjvIyk17WL0Dh1MV4jniI822i6etuXIUeRv5hCw3q2sMKpCXKUBL
NsQcSFJKKZwF0htPIhz99HmF1gQTjI0I47+DHuBR4cONDmk0aqQLxfF7VSMq5CVN
/m5yJCpSqaR7Hv/WmbyjkjHXNm8HCuNGccD6X9vg/tcK91avvte3f991DyEIfWkG
D6njv0OEwXis+rK2OU3kZhQVFTGHTPvjv322EEk1YBE3TAtnzcMi1nq27c7MEAQk
obKcy8/fvBTtKNiSmpHtUrEj/Qc9NiVIGrqCwPN69q/Y1GDdiuEEP1pYcgjD8mxj
cmquFuAPiYPmZ6goP/3npvchYCUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTbEOWE
pk0QzntK3nkaraxcariL+zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWFkMzM1YTYtYzk0NC00NDI4LTgxMjUtMDM5ZTc0ZGE2Njc0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hsg
MA0GCSqGSIb3DQEBCwUAA4IBAQAx1YBKiIk61LixdG8LO7haNYVpY9a6gq1ueP4e
HuYF5uuFwa2pAS50ki73FEjiwSHaskeu+c2tUYS6GjbBABNFNL8h+JKyyootIvaN
GIqwOXFPC0A4B0LykObjdVzK2ioe5Ig1ieTS+9KQ/B/leJs08ZL2/bTI0BKBJEG+
mEKiwvFY/hIn5jH043tDdxs9esr6RKIQPcGZNB3ZeW4aCKuJuKjtnQA9CZ6BRMhS
e1v//rh73fzAWF9z4eagns+Zx9EJ2MWcu8OlONg/zVKbSR5hDZ9ISJzZwRGTPyJr
W2zv1dCMpAQF6tTKGf2aTG1PecHcRNwuPhmg28hVVTt0ziIW
-----END CERTIFICATE-----