Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f490cfa0-ccb9-443c-9e85-719668591c22.roa
File:                     f490cfa0-ccb9-443c-9e85-719668591c22.roa (raw, json)
Hash identifier:          CEfXunDt8vq4EFrW5u4o+EcSAgxUsGpglSkSVaMwero=
Subject key identifier:   77:D0:AD:CC:C8:5B:CC:BC:45:7A:7F:61:92:10:2B:7D:51:F7:9D:97
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       32CFB95D8F43F9593416CE8A8B2D6CA618540E7D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f490cfa0-ccb9-443c-9e85-719668591c22.roa
Signing time:             Mon 31 Mar 2025 20:10:19 +0000
ROA not before:           Mon 31 Mar 2025 20:10:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:c040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:cf:b9:5d:8f:43:f9:59:34:16:ce:8a:8b:2d:6c:a6:18:54:0e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:10:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:11:f4:fb:cc:9e:52:16:d1:57:ce:24:af:d4:
                    0d:76:05:81:cd:72:06:c3:8d:fe:ce:d2:de:87:20:
                    b1:98:fb:ac:b0:c5:a3:80:98:25:a4:21:97:93:a7:
                    cd:a2:6a:d8:c9:76:fc:b2:34:e8:72:53:b7:90:16:
                    57:45:27:51:1f:dd:15:22:f7:9d:4c:1d:53:50:e4:
                    3f:89:06:17:43:27:28:af:6b:69:26:3f:31:f7:59:
                    47:f2:94:fb:5b:d7:f6:9c:19:2c:ef:58:85:2f:1a:
                    07:20:86:64:62:85:c9:fe:25:1f:fd:ac:a7:34:1b:
                    2e:de:cf:ce:74:fe:de:e3:eb:d1:38:4b:6d:17:90:
                    81:e0:d5:e6:16:da:8d:34:f8:fc:28:df:fb:30:a5:
                    26:92:a6:3c:79:2d:17:2c:a6:ae:f5:f3:4b:44:29:
                    0d:fa:51:a1:d8:ab:54:6b:05:6d:bb:9b:c9:83:d8:
                    03:33:dd:9c:b6:6c:72:36:69:3d:f6:d3:bc:bd:41:
                    c9:4c:93:78:35:28:6e:d7:6a:b2:04:dd:3f:bb:92:
                    20:ef:33:e7:75:2a:16:0b:16:c4:35:65:e5:6c:c1:
                    80:34:35:72:c4:54:6d:74:90:16:1d:fc:7e:d0:55:
                    f8:40:95:20:62:1e:9b:a6:5e:cc:d4:d6:66:c8:61:
                    e7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D0:AD:CC:C8:5B:CC:BC:45:7A:7F:61:92:10:2B:7D:51:F7:9D:97
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f490cfa0-ccb9-443c-9e85-719668591c22.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:c040::/46

    Signature Algorithm: sha256WithRSAEncryption
         a1:1f:d7:bd:a9:24:cf:19:a2:76:cc:0d:e3:63:9a:16:92:7e:
         73:72:d7:83:6a:15:8c:6f:37:a4:37:c1:27:8e:e7:c9:77:80:
         21:eb:dc:c6:e2:81:9f:fd:c9:75:6a:b9:91:02:e1:1c:b9:be:
         03:22:33:96:fc:f9:ec:80:62:a2:d7:7e:fc:7e:a6:0d:a8:c3:
         8e:41:8f:98:58:a3:99:c5:72:59:69:b9:f6:18:fe:b9:ed:21:
         29:43:01:8a:38:c9:48:ca:50:5c:0d:c8:6f:47:8b:bc:62:97:
         70:84:fe:02:f4:0e:69:3c:a6:04:c6:c0:59:4f:c2:a0:fe:6a:
         5f:38:e3:de:ad:9b:49:61:fe:e4:ed:0b:ab:37:52:a0:da:54:
         64:ee:38:0a:9d:13:18:38:63:65:79:18:2b:df:af:fa:e0:33:
         47:0a:cb:5c:a1:22:40:a5:59:73:a8:1c:c8:93:73:d6:16:e7:
         f1:37:cd:cc:e8:69:ed:b5:d9:e9:eb:b6:63:dc:a7:3b:98:4a:
         83:06:f4:18:59:d4:29:b3:86:b2:a7:fc:fd:be:e5:17:f0:43:
         28:04:6c:e7:09:07:30:62:95:52:52:14:17:fc:db:c1:27:16:
         f6:2d:98:f2:6d:c3:c1:38:fe:8c:24:46:cc:92:18:e9:54:68:
         44:09:82:e1
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUMs+5XY9D+Vk0Fs6Kiy1sphhUDn0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDEwMTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDRlY2U4Nzk5ZTAzZDQ3OTA0YTJkYzA1YWI3OTc0Y2JjNGY0OWJmNDY2MTFj
MGVkNjA3N2Y5NmE3NzE2YTUzNTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwR9PvMnlIW0VfOJK/UDXYFgc1yBsON/s7S3ocgsZj7rLDFo4CYJaQhl5On
zaJq2Ml2/LI06HJTt5AWV0UnUR/dFSL3nUwdU1DkP4kGF0MnKK9raSY/MfdZR/KU
+1vX9pwZLO9YhS8aByCGZGKFyf4lH/2spzQbLt7PznT+3uPr0ThLbReQgeDV5hba
jTT4/Cjf+zClJpKmPHktFyymrvXzS0QpDfpRodirVGsFbbubyYPYAzPdnLZscjZp
PfbTvL1ByUyTeDUobtdqsgTdP7uSIO8z53UqFgsWxDVl5WzBgDQ1csRUbXSQFh38
ftBV+ECVIGIem6ZezNTWZshh5xUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR30K3M
yFvMvEV6f2GSECt9UfedlzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjQ5MGNmYTAtY2NiOS00NDNjLTllODUtNzE5NjY4NTkxYzIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DXA
QDANBgkqhkiG9w0BAQsFAAOCAQEAoR/XvakkzxmidswN42OaFpJ+c3LXg2oVjG83
pDfBJ47nyXeAIevcxuKBn/3JdWq5kQLhHLm+AyIzlvz57IBiotd+/H6mDajDjkGP
mFijmcVyWWm59hj+ue0hKUMBijjJSMpQXA3Ib0eLvGKXcIT+AvQOaTymBMbAWU/C
oP5qXzjj3q2bSWH+5O0LqzdSoNpUZO44Cp0TGDhjZXkYK9+v+uAzRwrLXKEiQKVZ
c6gcyJNz1hbn8TfNzOhp7bXZ6eu2Y9ynO5hKgwb0GFnUKbOGsqf8/b7lF/BDKARs
5wkHMGKVUlIUF/zbwScW9i2Y8m3DwTj+jCRGzJIY6VRoRAmC4Q==
-----END CERTIFICATE-----