Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ed0f44c7-c286-45c9-9156-5644f580ab41.roa
File:                     ed0f44c7-c286-45c9-9156-5644f580ab41.roa (raw, json)
Hash identifier:          o0Yy/xrlkgQbbnjViO4VvxEcAVLui7GIfNm3/Uq6TMI=
Subject key identifier:   90:85:66:05:4E:69:50:02:E4:C5:26:03:F0:67:3F:5A:77:5E:1F:6D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       80F04F53372B516B57DA2318FE8D92971D1F6A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ed0f44c7-c286-45c9-9156-5644f580ab41.roa
Signing time:             Mon 31 Mar 2025 20:51:03 +0000
ROA not before:           Mon 31 Mar 2025 20:51:03 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:b000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            80:f0:4f:53:37:2b:51:6b:57:da:23:18:fe:8d:92:97:1d:1f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:51:03 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:35:24:f2:c8:6d:73:f5:63:6f:e8:9f:4d:45:
                    2d:c7:59:42:d2:82:7e:33:7b:66:d6:7b:e6:17:79:
                    a2:3b:e1:da:b7:4b:31:5a:ec:e1:4f:0b:ce:46:be:
                    87:98:42:c9:41:c6:2c:44:f8:39:b5:88:b8:4e:51:
                    d9:fd:98:ce:8f:77:96:30:bc:aa:2f:28:5e:26:d5:
                    a3:31:a4:a4:c6:9d:1f:3b:cb:9a:69:a4:e1:c8:0a:
                    ad:f2:72:c3:89:ef:82:ff:77:4c:72:1c:9f:8f:91:
                    94:b9:ff:92:2e:b7:0b:cb:c9:a0:a6:cb:4b:90:9b:
                    23:f5:60:28:89:cc:f8:74:27:a1:51:2d:a0:45:00:
                    7d:fe:6d:ef:7d:22:f1:4d:19:62:4c:97:80:91:12:
                    0c:fb:d5:76:13:42:98:ad:1d:47:26:80:59:81:d6:
                    89:2a:db:61:bd:ba:83:39:f3:13:b3:6b:1e:7e:9f:
                    35:1e:8e:52:f2:c3:9e:1b:3c:4a:c6:95:cc:d2:a3:
                    13:4e:d5:89:9a:0b:68:84:24:33:61:83:9d:fa:ab:
                    15:64:50:87:23:1e:11:d1:7c:d8:b1:2a:51:ab:ff:
                    41:4d:76:8b:76:21:5a:74:5f:a1:b7:01:71:d3:eb:
                    8a:b5:f9:01:f3:fb:bc:66:86:98:df:98:5d:35:72:
                    3f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:85:66:05:4E:69:50:02:E4:C5:26:03:F0:67:3F:5A:77:5E:1F:6D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ed0f44c7-c286-45c9-9156-5644f580ab41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         64:6f:fa:ba:34:e0:9c:f5:6e:7f:c7:e0:2c:7b:10:7c:df:2f:
         9e:08:80:0c:19:ea:05:ab:76:9e:df:7f:ae:bd:b0:58:78:a1:
         23:a5:ab:c5:84:60:39:93:3d:7a:12:82:03:4a:15:a4:22:4d:
         ab:2f:7b:fe:e5:db:bd:71:9e:cb:f3:28:99:96:d0:6e:d9:43:
         3e:28:0a:f5:41:e0:27:b2:43:84:1a:c9:c4:ba:a4:8b:9a:49:
         b1:19:bc:e5:ae:c0:b1:03:46:4e:0d:3e:6a:7c:00:79:ff:90:
         fe:ad:4a:ef:b5:fc:82:d3:06:e2:80:58:94:e8:33:01:a9:82:
         7d:05:8c:ed:8b:69:1c:48:b5:c7:79:1f:f1:af:69:88:93:38:
         13:2e:d6:81:b8:90:c1:ff:18:bb:61:41:94:ce:ee:61:00:7b:
         a5:c6:b2:ec:52:22:69:00:93:a0:20:d8:0c:71:b7:0c:07:f4:
         3b:d4:82:12:85:ea:ca:66:5e:7f:03:ea:52:22:23:2c:09:7f:
         e2:27:73:f9:e4:95:98:2e:70:29:b1:8f:9c:b5:a8:cf:b0:9d:
         b4:ea:51:51:40:22:5b:fa:b0:44:ae:5f:58:bd:7a:c0:76:1b:
         64:02:22:a8:47:64:ba:af:a3:18:f9:56:0c:1c:bf:49:2c:59:
         41:a9:92:98
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAIDwT1M3K1FrV9ojGP6NkpcdH2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDUxMDNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3MWI4NzQyNjU2NzIwZjIzYmEwY2IwYjlhMGZjNWVjZGNjMTA1ODI5OWY3
MTVkNTkwZWNjM2NiYWMzZGE1ZWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOg1JPLIbXP1Y2/on01FLcdZQtKCfjN7ZtZ75hd5ojvh2rdLMVrs4U8Lzka+
h5hCyUHGLET4ObWIuE5R2f2Yzo93ljC8qi8oXibVozGkpMadHzvLmmmk4cgKrfJy
w4nvgv93THIcn4+RlLn/ki63C8vJoKbLS5CbI/VgKInM+HQnoVEtoEUAff5t730i
8U0ZYkyXgJESDPvVdhNCmK0dRyaAWYHWiSrbYb26gznzE7NrHn6fNR6OUvLDnhs8
SsaVzNKjE07ViZoLaIQkM2GDnfqrFWRQhyMeEdF82LEqUav/QU12i3YhWnRfobcB
cdPrirX5AfP7vGaGmN+YXTVyP2MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSQhWYF
TmlQAuTFJgPwZz9ad14fbTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWQwZjQ0YzctYzI4Ni00NWM5LTkxNTYtNTY0NGY1ODBhYjQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fiw
MA0GCSqGSIb3DQEBCwUAA4IBAQBkb/q6NOCc9W5/x+AsexB83y+eCIAMGeoFq3ae
33+uvbBYeKEjpavFhGA5kz16EoIDShWkIk2rL3v+5du9cZ7L8yiZltBu2UM+KAr1
QeAnskOEGsnEuqSLmkmxGbzlrsCxA0ZODT5qfAB5/5D+rUrvtfyC0wbigFiU6DMB
qYJ9BYzti2kcSLXHeR/xr2mIkzgTLtaBuJDB/xi7YUGUzu5hAHulxrLsUiJpAJOg
INgMcbcMB/Q71IISherKZl5/A+pSIiMsCX/iJ3P55JWYLnApsY+ctajPsJ206lFR
QCJb+rBErl9YvXrAdhtkAiKoR2S6r6MY+VYMHL9JLFlBqZKY
-----END CERTIFICATE-----