Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
File:                     f97778b4-85b1-4580-ac38-a4872d19261b.roa (raw, json)
Hash identifier:          hIMMqWMlUM7bS96J0yUOQCw9iQxPaLwBgd1jDuUcTyE=
Subject key identifier:   BC:D7:1E:69:81:21:65:A6:24:53:94:5A:75:F1:2D:EE:C0:C3:57:36
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       07E696106D573F4ECFE29E351DE36A728FBC3466
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
Signing time:             Mon 31 Mar 2025 21:01:00 +0000
ROA not before:           Mon 31 Mar 2025 21:01:00 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:e6:96:10:6d:57:3f:4e:cf:e2:9e:35:1d:e3:6a:72:8f:bc:34:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:01:00 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:77:60:06:6b:2c:a0:18:04:80:1f:c8:ce:bc:
                    ff:74:cc:08:fd:7d:eb:65:ee:4b:59:3a:da:db:65:
                    9c:cd:47:e2:ae:01:08:3b:f0:32:b7:b0:3c:5e:6a:
                    3e:1b:56:05:10:20:a9:90:97:7c:3e:03:0c:80:c9:
                    68:95:23:6d:60:28:36:45:b4:94:5d:ac:9c:cc:e2:
                    c0:47:52:ab:c7:3e:99:a7:23:84:1a:9d:81:e7:f3:
                    bd:2e:fe:b1:89:24:61:c2:be:d0:96:97:b0:8c:18:
                    47:f2:8f:d7:f7:36:a8:11:31:36:27:4a:2e:9c:53:
                    0f:fc:95:1f:a2:6a:e5:8d:a0:31:e3:cd:10:68:96:
                    b5:e3:32:b9:37:a4:8b:00:3a:5a:73:1c:10:e2:2b:
                    2a:11:db:7b:9b:15:0f:46:77:ca:a2:7e:be:03:c0:
                    a0:d7:eb:66:6a:87:84:98:eb:a2:50:7e:73:b0:9f:
                    04:c5:9f:47:bf:7f:f7:ee:45:a0:9f:35:cc:a6:ba:
                    1b:ee:93:b1:1a:35:08:8c:88:31:00:f2:92:1d:5f:
                    b5:f6:07:fe:6d:e0:aa:0f:af:c5:0b:2e:29:c2:7e:
                    9d:52:cb:f3:46:10:8e:7b:2b:ac:3b:a9:20:91:5a:
                    3d:76:1f:f2:93:86:8c:89:f9:47:57:8b:17:6d:97:
                    71:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:D7:1E:69:81:21:65:A6:24:53:94:5A:75:F1:2D:EE:C0:C3:57:36
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ac:88:1b:81:a2:c0:c1:18:e3:16:c8:08:62:a1:9b:e7:72:78:
         69:ba:e1:0b:d0:57:d2:bd:99:36:5a:01:4f:bc:3b:15:21:c0:
         41:c4:5e:f7:7e:a2:d4:9f:6c:99:dc:9e:cf:6e:20:c8:f0:00:
         dc:3a:27:ef:92:6c:c4:fa:b3:bf:8a:09:f6:91:ac:56:34:1d:
         9d:a6:b2:af:f0:31:6b:63:b5:dc:59:e2:47:1e:97:eb:92:63:
         2c:7b:9f:c7:d5:6f:a5:cf:d0:32:2b:8c:21:0b:24:fe:5f:80:
         5f:6b:0d:2f:76:6c:59:12:d0:7b:c1:18:6e:50:5c:04:24:66:
         98:7f:3e:b8:c6:b5:d4:9f:c0:04:e7:01:f9:53:ff:ec:ce:b7:
         dd:b4:96:46:46:dd:85:a4:29:2e:a2:76:00:99:0a:4f:52:86:
         af:ff:17:54:35:04:8a:79:03:3b:a0:38:70:5d:26:a1:db:e4:
         29:85:43:1a:87:e8:30:9f:65:85:18:55:fd:9a:e9:97:93:39:
         cd:03:e6:19:a2:be:e5:5c:37:96:de:b7:b3:13:be:64:6a:ea:
         d2:8e:e9:2f:5a:5c:2a:a4:84:02:b1:45:d7:23:e0:37:94:2a:
         f2:e8:2b:2b:f1:02:33:ee:2f:27:db:b2:f9:3b:74:ba:12:b1:
         66:66:7a:30
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUB+aWEG1XP07P4p41HeNqco+8NGYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAxMDBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDYzMGVkN2ViYWE4OTUzZjNiYTc1Njk2ODU5MzhkZjlkN2I1ZGIyZWU0MDk0
MTkzMTJiOWUwYTY5YmM2OWFlNDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALF3YAZrLKAYBIAfyM68/3TMCP1962XuS1k62ttlnM1H4q4BCDvwMrewPF5q
PhtWBRAgqZCXfD4DDIDJaJUjbWAoNkW0lF2snMziwEdSq8c+macjhBqdgefzvS7+
sYkkYcK+0JaXsIwYR/KP1/c2qBExNidKLpxTD/yVH6Jq5Y2gMePNEGiWteMyuTek
iwA6WnMcEOIrKhHbe5sVD0Z3yqJ+vgPAoNfrZmqHhJjrolB+c7CfBMWfR79/9+5F
oJ81zKa6G+6TsRo1CIyIMQDykh1ftfYH/m3gqg+vxQsuKcJ+nVLL80YQjnsrrDup
IJFaPXYf8pOGjIn5R1eLF22Xcb8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS81x5p
gSFlpiRTlFp18S3uwMNXNjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Zjk3Nzc4YjQtODViMS00NTgwLWFjMzgtYTQ4NzJkMTkyNjFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCsiBuBosDBGOMWyAhioZvncnhpuuEL0FfSvZk2
WgFPvDsVIcBBxF73fqLUn2yZ3J7PbiDI8ADcOifvkmzE+rO/ign2kaxWNB2dprKv
8DFrY7XcWeJHHpfrkmMse5/H1W+lz9AyK4whCyT+X4Bfaw0vdmxZEtB7wRhuUFwE
JGaYfz64xrXUn8AE5wH5U//szrfdtJZGRt2FpCkuonYAmQpPUoav/xdUNQSKeQM7
oDhwXSah2+QphUMah+gwn2WFGFX9mumXkznNA+YZor7lXDeW3rezE75kaurSjukv
WlwqpIQCsUXXI+A3lCry6Csr8QIz7i8n27L5O3S6ErFmZnow
-----END CERTIFICATE-----