Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ed090164-248d-4744-ac85-e5cadbc41a70.roa
File:                     ed090164-248d-4744-ac85-e5cadbc41a70.roa (raw, json)
Hash identifier:          8dDZv3rPWBQobZSUIM1YUUYIfd20pihLY0Sx8gjB61k=
Subject key identifier:   97:97:FA:DD:B3:69:DD:A3:C6:C0:91:21:C9:E1:C8:A5:2A:61:9A:8E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1E910850DA92907F01FDDB00D8CBE151AA11C0CD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ed090164-248d-4744-ac85-e5cadbc41a70.roa
Signing time:             Mon 31 Mar 2025 20:30:17 +0000
ROA not before:           Mon 31 Mar 2025 20:30:17 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:91:08:50:da:92:90:7f:01:fd:db:00:d8:cb:e1:51:aa:11:c0:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:30:17 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:4d:85:e8:18:54:5d:9c:c3:2c:a8:fe:58:1c:
                    78:dd:44:90:41:d6:7a:8a:af:6d:ab:a0:1f:f6:b2:
                    6d:86:44:e0:12:46:83:2e:56:69:19:1e:4d:0f:45:
                    71:3f:b7:4e:cb:7c:8b:72:18:88:c7:49:44:29:32:
                    ef:b6:2e:b8:ff:f0:f3:07:a6:9a:a0:b0:e8:12:1c:
                    c9:3b:02:4f:12:7e:ea:81:4e:1f:76:a4:c1:33:f2:
                    18:55:59:34:92:5b:36:03:6b:5a:ce:5d:7b:2e:31:
                    a7:99:d2:a5:6f:f0:9f:21:2d:5a:e0:79:84:76:bd:
                    91:3a:bf:b9:fe:f1:72:a2:00:54:82:b1:ec:64:7c:
                    bf:0a:d5:1d:ce:9b:91:99:49:df:1f:04:86:e5:9f:
                    7a:3c:4d:7d:e3:98:60:5d:0f:5f:0e:d0:d1:fa:e9:
                    bb:30:5e:8e:9c:49:54:33:4f:ee:96:c5:1c:09:f7:
                    a1:bd:c3:85:8d:7e:fb:c6:e0:ca:6f:d5:59:ea:6c:
                    2b:73:37:e7:9d:0c:b5:fd:47:b1:d6:ba:2c:a7:2b:
                    4d:da:dd:d5:d4:2b:32:74:04:e9:5d:6a:e0:6b:41:
                    34:52:f7:db:a5:84:3e:50:52:22:24:e4:56:61:ab:
                    5d:20:3b:a0:dd:e3:58:e3:99:3c:22:9e:69:e5:ac:
                    2a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:97:FA:DD:B3:69:DD:A3:C6:C0:91:21:C9:E1:C8:A5:2A:61:9A:8E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ed090164-248d-4744-ac85-e5cadbc41a70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7f:71:20:2f:07:77:ec:00:48:c4:46:71:a4:a5:9a:3b:11:f1:
         14:bd:8a:9b:fc:ef:63:91:2e:62:ab:82:92:fa:d5:20:8a:77:
         b8:1e:95:11:6e:b4:44:b5:db:33:c2:63:fa:c6:15:b3:fd:ba:
         f9:1d:86:2a:9f:ff:3c:c3:d6:19:16:76:4e:f2:7f:74:03:a5:
         2d:b3:fe:62:68:58:7f:d1:a0:11:d1:59:9a:5b:25:9e:4a:cc:
         4e:df:cc:05:6b:2a:63:5e:38:c8:98:65:a4:83:dc:2a:f5:5a:
         0a:6f:d1:5d:14:04:85:3c:05:4f:1b:2c:34:49:45:f5:11:9a:
         f8:dc:71:f9:ac:55:19:f9:60:f0:b6:28:b6:80:11:2e:10:b2:
         7f:b5:93:f4:cd:61:79:db:5f:2a:c5:f4:06:0a:e1:d5:ec:72:
         1f:d4:57:5d:3e:d3:49:19:f3:70:20:20:c4:fc:e6:77:62:eb:
         db:d1:77:0c:00:6d:43:08:a6:22:97:05:b9:59:8c:14:59:4b:
         a4:e5:e0:8c:1c:e1:bd:e0:c1:e9:69:c1:16:88:a5:a9:d4:59:
         9a:41:0e:62:37:3c:7e:e1:c0:de:b1:fa:53:52:27:b6:ee:54:
         55:e8:0a:ba:22:52:b3:4c:1e:55:bc:6c:d1:ef:85:32:ba:7e:
         ee:5c:d6:6b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHpEIUNqSkH8B/dsA2MvhUaoRwM0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMwMTdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY0MjY0NGJjMzE0YjVjNjhiZTM3ODJiZDFmMDAwZDI5YTI0MDVlZmZmOTk1
MmY3OGJiYzU2Y2Y1MzFmZGFmNzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANhNhegYVF2cwyyo/lgceN1EkEHWeoqvbaugH/aybYZE4BJGgy5WaRkeTQ9F
cT+3Tst8i3IYiMdJRCky77YuuP/w8wemmqCw6BIcyTsCTxJ+6oFOH3akwTPyGFVZ
NJJbNgNrWs5dey4xp5nSpW/wnyEtWuB5hHa9kTq/uf7xcqIAVIKx7GR8vwrVHc6b
kZlJ3x8EhuWfejxNfeOYYF0PXw7Q0frpuzBejpxJVDNP7pbFHAn3ob3DhY1++8bg
ym/VWepsK3M3550Mtf1Hsda6LKcrTdrd1dQrMnQE6V1q4GtBNFL326WEPlBSIiTk
VmGrXSA7oN3jWOOZPCKeaeWsKiMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSXl/rd
s2ndo8bAkSHJ4cilKmGajjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWQwOTAxNjQtMjQ4ZC00NzQ0LWFjODUtZTVjYWRiYzQxYTcwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hfg
MA0GCSqGSIb3DQEBCwUAA4IBAQB/cSAvB3fsAEjERnGkpZo7EfEUvYqb/O9jkS5i
q4KS+tUgine4HpURbrREtdszwmP6xhWz/br5HYYqn/88w9YZFnZO8n90A6Uts/5i
aFh/0aAR0VmaWyWeSsxO38wFaypjXjjImGWkg9wq9VoKb9FdFASFPAVPGyw0SUX1
EZr43HH5rFUZ+WDwtii2gBEuELJ/tZP0zWF5218qxfQGCuHV7HIf1FddPtNJGfNw
ICDE/OZ3Yuvb0XcMAG1DCKYilwW5WYwUWUuk5eCMHOG94MHpacEWiKWp1FmaQQ5i
Nzx+4cDesfpTUie27lRV6Aq6IlKzTB5VvGzR74Uyun7uXNZr
-----END CERTIFICATE-----