Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/eb1b933f-488b-4999-8d01-1b5c2d8459f9.roa
File:                     eb1b933f-488b-4999-8d01-1b5c2d8459f9.roa (raw, json)
Hash identifier:          lushfr4J7tG6fatTCjqeMunEekBoeFftz4w0FHiG5Go=
Subject key identifier:   BC:A2:C9:D4:B1:3D:1F:A4:25:12:D2:8A:C2:34:C4:9A:9D:8E:A4:F4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       79A1FEBA2525B4779E640203DC229CE797F914DE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/eb1b933f-488b-4999-8d01-1b5c2d8459f9.roa
Signing time:             Mon 31 Mar 2025 19:31:04 +0000
ROA not before:           Mon 31 Mar 2025 19:31:04 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d074:9000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:a1:fe:ba:25:25:b4:77:9e:64:02:03:dc:22:9c:e7:97:f9:14:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:31:04 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6a:b7:75:b4:0a:5a:76:20:1e:15:17:f2:16:
                    41:92:f8:ce:37:95:4d:65:a5:dd:e4:32:79:c8:3f:
                    82:8a:2b:4f:56:5f:05:76:a1:59:85:95:e5:3c:49:
                    b8:72:e3:92:b4:b0:d7:54:35:a5:2b:f3:09:63:16:
                    cb:09:5c:52:c3:f7:25:0e:4b:f6:14:4a:f0:bb:c5:
                    39:e5:59:12:cd:ce:77:7b:8b:f8:53:e4:c5:08:42:
                    e6:48:6e:bc:fb:85:95:a5:71:8a:04:e2:bb:72:de:
                    98:b0:7a:8d:0d:90:dc:ba:4b:9e:56:6c:ca:d8:e0:
                    a8:30:e1:56:e9:0a:6e:3d:18:9b:d0:f6:a7:90:2d:
                    2c:b9:02:43:0c:ef:f9:d9:bb:01:a4:d3:c6:dc:ba:
                    c6:4f:8e:76:28:ec:e9:d4:4e:05:8e:26:a3:e7:5b:
                    cd:43:4f:30:5f:d1:7f:22:87:cb:35:df:28:e2:9e:
                    b2:c9:76:41:6b:05:4b:ad:50:3d:2d:80:68:5e:ec:
                    dd:c5:ef:6f:75:4a:04:da:74:48:5b:7e:c3:73:60:
                    42:21:fb:66:0c:53:19:09:0d:d0:52:01:2a:d7:51:
                    32:cd:29:71:60:5b:f5:e0:4f:44:1e:d1:11:0d:98:
                    bf:5c:ad:23:1e:ca:0c:c3:42:e2:95:e9:a1:5f:05:
                    db:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A2:C9:D4:B1:3D:1F:A4:25:12:D2:8A:C2:34:C4:9A:9D:8E:A4:F4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/eb1b933f-488b-4999-8d01-1b5c2d8459f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4b:60:65:5a:18:b2:79:b0:dc:93:bb:d3:b9:3b:b4:4d:37:8f:
         38:46:f0:09:33:17:ac:ed:c0:f3:9a:06:e9:09:78:96:6a:5f:
         38:91:5d:5a:c0:20:35:35:fc:33:1d:1a:27:38:58:cc:22:48:
         46:50:ee:6a:f0:20:bd:80:28:8d:d7:79:16:6f:57:c9:f2:0b:
         93:b8:de:36:f4:54:0e:f8:c3:14:63:40:f0:b5:cd:a2:03:ad:
         ea:d3:22:0b:47:6b:7f:3f:fb:8d:c2:c4:93:2b:62:41:b7:cc:
         82:5e:2d:e5:13:78:e4:93:b2:0a:3e:e2:07:db:f2:68:0f:82:
         dc:53:fa:3b:d7:88:af:6b:c3:18:f1:4b:f3:87:c1:04:d4:f2:
         92:6f:6c:1f:08:b9:18:bc:58:40:39:81:7a:77:10:91:f0:29:
         f2:1b:61:92:1a:de:29:e7:3c:00:3c:23:91:ee:50:f1:fe:0d:
         2d:7a:4b:2a:87:05:e7:ad:ee:3a:0d:c2:eb:1a:a4:bd:56:dd:
         7c:eb:de:b8:b5:4d:fb:70:2f:cb:92:62:c4:58:2a:e4:e7:ba:
         29:7d:fe:38:fa:14:fe:39:88:11:f7:69:d6:2a:6d:fb:92:34:
         44:7b:f1:0f:05:f4:61:f9:3a:e1:95:51:4e:02:e0:dc:78:fa:
         94:00:ec:21
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUeaH+uiUltHeeZAID3CKc55f5FN4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTMxMDRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDBiNDMxMTQ5ZTRmZmFlMjE5Y2RlNjUxNmUzYzI0YWVjZGI2ZjVhZjcxYmI2
NjdhMGI0Y2QyZmU4ZDdiZDU1YzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMRqt3W0Clp2IB4VF/IWQZL4zjeVTWWl3eQyecg/goorT1ZfBXahWYWV5TxJ
uHLjkrSw11Q1pSvzCWMWywlcUsP3JQ5L9hRK8LvFOeVZEs3Od3uL+FPkxQhC5khu
vPuFlaVxigTiu3LemLB6jQ2Q3LpLnlZsytjgqDDhVukKbj0Ym9D2p5AtLLkCQwzv
+dm7AaTTxty6xk+Odijs6dROBY4mo+dbzUNPMF/RfyKHyzXfKOKessl2QWsFS61Q
PS2AaF7s3cXvb3VKBNp0SFt+w3NgQiH7ZgxTGQkN0FIBKtdRMs0pcWBb9eBPRB7R
EQ2Yv1ytIx7KDMNC4pXpoV8F26sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS8osnU
sT0fpCUS0orCNMSanY6k9DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWIxYjkzM2YtNDg4Yi00OTk5LThkMDEtMWI1YzJkODQ1OWY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HSQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBLYGVaGLJ5sNyTu9O5O7RNN484RvAJMxes7cDz
mgbpCXiWal84kV1awCA1NfwzHRonOFjMIkhGUO5q8CC9gCiN13kWb1fJ8guTuN42
9FQO+MMUY0Dwtc2iA63q0yILR2t/P/uNwsSTK2JBt8yCXi3lE3jkk7IKPuIH2/Jo
D4LcU/o714iva8MY8Uvzh8EE1PKSb2wfCLkYvFhAOYF6dxCR8CnyG2GSGt4p5zwA
PCOR7lDx/g0teksqhwXnre46DcLrGqS9Vt186964tU37cC/LkmLEWCrk57opff44
+hT+OYgR92nWKm37kjREe/EPBfRh+TrhlVFOAuDcePqUAOwh
-----END CERTIFICATE-----