Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f0de92d9-9b14-4323-b2e0-a464f60f76b6.roa
File:                     f0de92d9-9b14-4323-b2e0-a464f60f76b6.roa (raw, json)
Hash identifier:          KmkqI6ludlYcqt8Bj0XYgy/Zb53wcL8m6ItKgfUkexM=
Subject key identifier:   0C:91:B5:ED:42:A7:A4:DC:F1:39:9D:D4:F9:28:10:00:14:85:C0:46
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       24B1D7F73DD6AE3B4D87C4284457D6C48801BDBA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f0de92d9-9b14-4323-b2e0-a464f60f76b6.roa
Signing time:             Mon 31 Mar 2025 20:31:45 +0000
ROA not before:           Mon 31 Mar 2025 20:31:45 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:1000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:b1:d7:f7:3d:d6:ae:3b:4d:87:c4:28:44:57:d6:c4:88:01:bd:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:45 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:13:20:d4:d4:b5:ba:ef:b2:a6:eb:df:64:a5:
                    7b:c6:06:1d:b5:3b:91:3e:c6:16:a1:2b:8c:ca:65:
                    1b:eb:c8:e8:09:2d:30:15:cc:6d:71:b6:13:b0:9d:
                    c3:c3:c5:0b:1f:7a:68:ed:95:a1:0e:6d:6e:ea:4a:
                    cc:79:bb:2e:a3:ca:d6:1b:88:f2:c3:25:be:6b:98:
                    71:af:5d:2a:fc:a0:d1:5e:df:e9:f5:d7:c2:18:c1:
                    ff:55:e3:a6:fb:37:76:76:6e:27:3f:cc:4f:b8:7d:
                    86:a3:96:e7:27:33:ea:46:f9:3b:61:8d:04:c0:53:
                    83:a5:57:b2:4a:bc:ca:ca:41:9a:f0:64:28:41:7e:
                    98:8d:02:09:97:f1:ff:24:98:2c:cb:06:81:ee:b7:
                    89:5c:5a:ed:3d:b5:19:a2:1d:8e:3e:d6:88:e9:94:
                    f5:c8:e5:d5:24:30:db:af:b5:94:e0:ca:8f:90:d8:
                    b3:14:7f:f6:f9:a7:8b:a1:7f:7b:8d:b9:a3:f9:43:
                    90:96:c0:35:4a:2b:58:77:00:af:5d:da:2b:26:9f:
                    8d:b0:ec:f1:9c:d7:96:f5:69:0d:c0:b5:2a:57:0a:
                    e7:ce:fe:eb:b7:c5:bb:d9:6d:70:7b:ff:bb:9f:86:
                    90:62:56:d8:3f:e1:ee:fa:0f:66:a0:c8:f9:ff:f7:
                    90:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:91:B5:ED:42:A7:A4:DC:F1:39:9D:D4:F9:28:10:00:14:85:C0:46
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f0de92d9-9b14-4323-b2e0-a464f60f76b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         19:be:e3:ed:ad:0f:bb:c5:bd:b8:a4:ac:44:14:b7:09:57:43:
         5d:a6:81:06:dd:39:10:74:9c:4f:3c:d2:5e:70:00:3f:d5:84:
         a3:67:03:fc:7e:bd:63:c5:cb:58:06:4d:e2:f4:44:08:a4:cb:
         b8:3d:ae:a8:b6:95:b8:3d:74:e9:43:bd:5f:f4:63:7c:e2:9c:
         4e:87:fe:dc:43:2b:a1:a5:a1:4c:37:5a:7f:2f:dc:77:be:66:
         ba:b6:d0:99:a0:86:29:cf:3a:36:ff:88:6e:16:80:28:3c:87:
         03:f6:2b:27:5b:1f:01:13:b5:4e:63:b3:18:06:83:ee:d7:ec:
         0d:ab:09:e9:d7:71:ca:ba:a6:ca:64:2e:62:55:d2:eb:08:59:
         22:50:80:e4:ed:3e:76:e6:d7:ba:79:95:83:f5:6c:b5:52:b6:
         1f:b0:8c:67:92:86:27:f2:ce:80:89:4c:0f:f7:60:45:23:82:
         1f:92:3c:71:67:74:19:45:af:63:48:ae:c4:42:d7:37:85:33:
         3d:5b:7d:d2:36:51:e8:f4:60:da:0c:2a:84:51:d2:87:e4:1c:
         f1:de:f9:b1:8f:86:25:19:f4:c0:09:6d:74:48:e4:8f:59:b5:
         91:07:f6:37:10:1f:6b:a4:b5:27:11:f2:a0:b1:3a:9b:29:b6:
         7f:23:5e:2e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJLHX9z3WrjtNh8QoRFfWxIgBvbowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxNDVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhhMmYxZDZhZmVmMTc4OGM4MmJjODFjNjcyZWZjZWQyNDA2YWU0YWYxZjAy
NDFkOTVmNzkzZWVhOWMwN2YxNjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI0TINTUtbrvsqbr32Sle8YGHbU7kT7GFqErjMplG+vI6AktMBXMbXG2E7Cd
w8PFCx96aO2VoQ5tbupKzHm7LqPK1huI8sMlvmuYca9dKvyg0V7f6fXXwhjB/1Xj
pvs3dnZuJz/MT7h9hqOW5ycz6kb5O2GNBMBTg6VXskq8yspBmvBkKEF+mI0CCZfx
/ySYLMsGge63iVxa7T21GaIdjj7WiOmU9cjl1SQw26+1lODKj5DYsxR/9vmni6F/
e425o/lDkJbANUorWHcAr13aKyafjbDs8ZzXlvVpDcC1KlcK587+67fFu9ltcHv/
u5+GkGJW2D/h7voPZqDI+f/3kBMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQMkbXt
Qqek3PE5ndT5KBAAFIXARjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjBkZTkyZDktOWIxNC00MzIzLWIyZTAtYTQ2NGY2MGY3NmI2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DUQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAZvuPtrQ+7xb24pKxEFLcJV0NdpoEG3TkQdJxP
PNJecAA/1YSjZwP8fr1jxctYBk3i9EQIpMu4Pa6otpW4PXTpQ71f9GN84pxOh/7c
QyuhpaFMN1p/L9x3vma6ttCZoIYpzzo2/4huFoAoPIcD9isnWx8BE7VOY7MYBoPu
1+wNqwnp13HKuqbKZC5iVdLrCFkiUIDk7T525te6eZWD9Wy1UrYfsIxnkoYn8s6A
iUwP92BFI4IfkjxxZ3QZRa9jSK7EQtc3hTM9W33SNlHo9GDaDCqEUdKH5Bzx3vmx
j4YlGfTACW10SOSPWbWRB/Y3EB9rpLUnEfKgsTqbKbZ/I14u
-----END CERTIFICATE-----