Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7a46ea9-b416-4218-a790-28cf84d702ce.roa
File:                     f7a46ea9-b416-4218-a790-28cf84d702ce.roa (raw, json)
Hash identifier:          d/Q4WeK6bfpApLNgyIHpLWnGEhfBkRRdHEu8ckgnLmY=
Subject key identifier:   5E:E5:1C:FF:46:4A:60:B4:6B:2F:8B:22:98:E8:AF:44:13:E0:0D:80
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       217F22A2B5FFF7237EC0B09E375D9FCC36E949AD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7a46ea9-b416-4218-a790-28cf84d702ce.roa
Signing time:             Mon 31 Mar 2025 21:20:21 +0000
ROA not before:           Mon 31 Mar 2025 21:20:21 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d026::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:7f:22:a2:b5:ff:f7:23:7e:c0:b0:9e:37:5d:9f:cc:36:e9:49:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:20:21 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:71:01:28:14:9c:95:ae:ed:7c:6a:85:d8:c7:
                    ab:95:c1:1a:48:9b:dc:63:46:49:eb:9c:c5:80:72:
                    46:19:3a:ad:71:d1:b7:16:59:f6:04:33:c7:56:11:
                    79:8c:e3:ab:c8:91:33:e9:0e:18:07:bd:68:4d:f6:
                    e5:37:96:3a:22:28:87:69:18:b9:1b:2a:93:5f:18:
                    c4:ff:24:b1:b8:70:cc:a1:77:45:98:67:f8:45:86:
                    34:8a:d9:88:38:50:32:1c:47:83:86:cd:ef:25:8b:
                    7a:67:58:5c:15:02:29:b9:36:0f:43:b8:c1:b0:f9:
                    0f:38:37:e1:9c:55:bd:6d:c3:da:0a:b4:c4:5f:f6:
                    d1:fe:a2:bc:f3:fe:aa:ee:76:50:e3:de:70:fa:60:
                    47:e1:68:22:77:b3:9f:7a:d6:fb:3d:4e:74:12:67:
                    e4:0b:8c:7e:86:e9:b4:f3:c8:3d:fa:3d:f6:09:77:
                    75:65:89:6f:2e:ca:52:55:60:b8:14:6e:37:10:e4:
                    ac:ac:ca:77:04:cc:e1:04:80:67:a4:b3:6d:88:2b:
                    42:e2:08:5c:29:38:d6:13:21:cb:ee:8b:5b:26:81:
                    f9:db:8e:9e:92:f0:ae:8e:5b:8a:27:72:cd:18:61:
                    e6:a8:da:b8:62:ce:4d:bd:a2:d8:06:6e:b1:b7:55:
                    91:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E5:1C:FF:46:4A:60:B4:6B:2F:8B:22:98:E8:AF:44:13:E0:0D:80
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7a46ea9-b416-4218-a790-28cf84d702ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d026::/36

    Signature Algorithm: sha256WithRSAEncryption
         3a:2b:4d:90:17:e7:66:09:aa:ec:72:60:1c:a8:97:aa:90:d7:
         51:aa:17:dd:52:f5:6f:f2:d6:a9:1d:b7:ee:bc:60:49:a7:75:
         20:20:fd:b9:d7:42:eb:bb:6b:ed:ea:5e:27:00:46:52:88:c3:
         f0:67:4a:ea:fa:1e:94:5c:cf:40:0f:09:f9:2b:ac:db:4d:f9:
         e3:05:c3:c6:15:8c:87:dd:a1:a6:4b:71:d5:3f:e6:e7:c1:54:
         27:1f:b3:34:36:46:f2:5e:22:ed:17:66:31:32:3c:05:ac:77:
         f5:df:f4:ed:91:f4:6b:db:9f:2b:17:f8:fd:f2:53:0b:18:53:
         25:04:ab:24:63:8c:d5:0d:b5:9a:41:f0:2c:d0:d8:bd:48:d7:
         92:44:e3:f0:d8:8f:75:96:74:d6:2f:7a:89:81:a0:99:ad:60:
         93:32:24:b9:59:df:ae:7d:77:c9:ab:36:6e:e1:05:b9:ec:a7:
         0f:28:cc:86:60:44:d7:62:bd:ae:46:f3:9a:03:b4:55:34:4d:
         f9:d3:25:ad:1c:f1:0e:52:f4:23:78:a3:51:02:be:f5:aa:fa:
         33:01:06:05:ac:aa:a3:3a:d3:2b:cb:d2:cb:97:5f:67:d2:54:
         d3:c0:a3:ce:1f:3b:1b:9f:6d:93:ec:35:38:47:8e:9a:43:a7:
         75:57:73:d3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIX8iorX/9yN+wLCeN12fzDbpSa0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTIwMjFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJkYmEzMGI2ZjVmZDZjZjdlY2FjZTA0MzliNDczYjQyNGNhZjY2MjhhNTBl
MjNjODY3ODBlNmEyYjliM2NkMzgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpxASgUnJWu7XxqhdjHq5XBGkib3GNGSeucxYByRhk6rXHRtxZZ9gQzx1YR
eYzjq8iRM+kOGAe9aE325TeWOiIoh2kYuRsqk18YxP8ksbhwzKF3RZhn+EWGNIrZ
iDhQMhxHg4bN7yWLemdYXBUCKbk2D0O4wbD5Dzg34ZxVvW3D2gq0xF/20f6ivPP+
qu52UOPecPpgR+FoInezn3rW+z1OdBJn5AuMfobptPPIPfo99gl3dWWJby7KUlVg
uBRuNxDkrKzKdwTM4QSAZ6SzbYgrQuIIXCk41hMhy+6LWyaB+duOnpLwro5biidy
zRhh5qjauGLOTb2i2AZusbdVkWMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRe5Rz/
RkpgtGsviyKY6K9EE+ANgDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjdhNDZlYTktYjQxNi00MjE4LWE3OTAtMjhjZjg0ZDcwMmNlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CYA
MA0GCSqGSIb3DQEBCwUAA4IBAQA6K02QF+dmCarscmAcqJeqkNdRqhfdUvVv8tap
HbfuvGBJp3UgIP2510Lru2vt6l4nAEZSiMPwZ0rq+h6UXM9ADwn5K6zbTfnjBcPG
FYyH3aGmS3HVP+bnwVQnH7M0NkbyXiLtF2YxMjwFrHf13/TtkfRr258rF/j98lML
GFMlBKskY4zVDbWaQfAs0Ni9SNeSROPw2I91lnTWL3qJgaCZrWCTMiS5Wd+ufXfJ
qzZu4QW57KcPKMyGYETXYr2uRvOaA7RVNE350yWtHPEOUvQjeKNRAr71qvozAQYF
rKqjOtMry9LLl19n0lTTwKPOHzsbn22T7DU4R46aQ6d1V3PT
-----END CERTIFICATE-----