Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fbd3a3af-f307-4148-9e34-70199540a838.roa
File:                     fbd3a3af-f307-4148-9e34-70199540a838.roa (raw, json)
Hash identifier:          SWVuVarqhw0klIaKXyLmB92bE8NvWbTgSOol5toY8zI=
Subject key identifier:   F4:FA:7D:38:3D:E0:B3:F4:41:C3:F0:77:AE:07:C0:94:A0:57:B4:FA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2F7D5DAFF09598D4CA16868BE0DE09937888BC53
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fbd3a3af-f307-4148-9e34-70199540a838.roa
Signing time:             Mon 31 Mar 2025 19:50:09 +0000
ROA not before:           Mon 31 Mar 2025 19:50:09 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:b000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:7d:5d:af:f0:95:98:d4:ca:16:86:8b:e0:de:09:93:78:88:bc:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:50:09 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2e:a5:a8:cd:78:af:f9:11:f5:68:37:03:a9:
                    5e:3f:d6:9d:d5:61:db:2c:1c:f9:0d:06:11:ae:21:
                    fa:28:0d:3a:29:5a:1e:37:86:55:23:ff:52:1e:1d:
                    9a:6d:28:3f:b8:7a:1d:15:60:e7:bb:28:ba:08:7e:
                    02:55:cd:97:48:97:aa:d9:54:7b:d5:40:c1:cf:0f:
                    ce:20:50:d5:a1:b1:9e:52:a5:12:3b:b5:38:23:1c:
                    94:8e:83:35:0f:24:11:69:5c:e6:7b:4e:82:4c:db:
                    09:22:65:6d:57:9b:3c:c2:d1:0a:9a:6a:d4:47:ca:
                    84:0e:16:79:1f:1b:d8:f0:42:ba:37:d4:30:fd:0f:
                    57:db:2b:1b:96:fc:1a:cc:80:85:71:c4:1a:c1:96:
                    41:c0:4c:65:17:52:8b:31:42:a4:ac:58:80:bd:37:
                    ef:6c:1b:b4:2a:a0:8b:3c:59:b1:fa:26:38:91:9f:
                    1f:c8:e6:4a:4c:46:09:c6:2f:17:43:28:1d:a4:5b:
                    19:5a:63:27:a3:cd:20:00:fb:30:86:87:cb:75:d9:
                    20:55:ba:70:ed:b3:1b:aa:94:c7:03:3c:e4:80:0a:
                    2a:c8:10:36:eb:5c:5a:b4:13:55:d7:03:23:cd:cf:
                    51:7c:6b:d1:43:fa:b0:0b:56:23:68:e9:38:80:5c:
                    73:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:FA:7D:38:3D:E0:B3:F4:41:C3:F0:77:AE:07:C0:94:A0:57:B4:FA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fbd3a3af-f307-4148-9e34-70199540a838.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         17:b2:b7:e3:f7:1e:39:9c:a5:67:13:77:fb:c8:5d:4a:20:ca:
         75:63:77:dd:49:f0:24:28:95:10:e1:f1:98:2a:89:91:7a:9c:
         0b:1c:0f:61:48:c0:f9:54:7e:0a:b0:2c:bf:2e:1a:c5:1b:0f:
         2c:7e:77:f4:be:30:43:b7:20:25:63:3d:93:89:42:7a:33:5f:
         d8:94:14:03:32:93:de:3b:ce:65:aa:72:f3:0d:f3:f2:69:4b:
         d2:b0:78:2e:6c:90:0d:8e:27:95:e9:e2:e4:e7:c4:43:6b:4d:
         44:99:d1:6d:60:53:f4:71:21:73:7b:d7:19:64:a8:5d:74:54:
         4f:87:26:a5:46:4a:5f:cb:b5:80:b8:52:36:f7:ae:89:c6:d6:
         22:42:83:7f:a2:2e:0f:34:54:7d:c5:2f:f8:c5:ff:d1:73:ee:
         b4:14:3b:57:0c:cc:d7:f8:52:18:62:07:02:ef:b9:82:98:e4:
         ad:e3:b5:95:89:d6:4a:82:61:54:18:0d:c0:de:1c:e6:2e:a7:
         d7:46:98:74:cc:fc:55:eb:3f:93:32:0d:80:e3:cb:42:42:3a:
         bd:83:f1:ff:42:39:1e:40:b4:bc:d4:76:5e:2e:c2:34:da:e9:
         1c:38:19:22:ca:03:ca:4b:40:a5:19:ec:5c:2c:f8:8b:49:a2:
         d2:53:2f:a3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUL31dr/CVmNTKFoaL4N4Jk3iIvFMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUwMDlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGY4ZDc4Y2ViYjhlYTgzMjBiN2E1YWY3NTczNTFiNjdhNmNkNTRjNmU5OTcx
YmYzZGMwMTc4NDUwMWY4NmYwNDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALIupajNeK/5EfVoNwOpXj/WndVh2ywc+Q0GEa4h+igNOilaHjeGVSP/Uh4d
mm0oP7h6HRVg57sough+AlXNl0iXqtlUe9VAwc8PziBQ1aGxnlKlEju1OCMclI6D
NQ8kEWlc5ntOgkzbCSJlbVebPMLRCppq1EfKhA4WeR8b2PBCujfUMP0PV9srG5b8
GsyAhXHEGsGWQcBMZRdSizFCpKxYgL0372wbtCqgizxZsfomOJGfH8jmSkxGCcYv
F0MoHaRbGVpjJ6PNIAD7MIaHy3XZIFW6cO2zG6qUxwM85IAKKsgQNutcWrQTVdcD
I83PUXxr0UP6sAtWI2jpOIBccxcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT0+n04
PeCz9EHD8HeuB8CUoFe0+jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmJkM2EzYWYtZjMwNy00MTQ4LTllMzQtNzAxOTk1NDBhODM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Diw
MA0GCSqGSIb3DQEBCwUAA4IBAQAXsrfj9x45nKVnE3f7yF1KIMp1Y3fdSfAkKJUQ
4fGYKomRepwLHA9hSMD5VH4KsCy/LhrFGw8sfnf0vjBDtyAlYz2TiUJ6M1/YlBQD
MpPeO85lqnLzDfPyaUvSsHgubJANjieV6eLk58RDa01EmdFtYFP0cSFze9cZZKhd
dFRPhyalRkpfy7WAuFI2966JxtYiQoN/oi4PNFR9xS/4xf/Rc+60FDtXDMzX+FIY
YgcC77mCmOSt47WVidZKgmFUGA3A3hzmLqfXRph0zPxV6z+TMg2A48tCQjq9g/H/
QjkeQLS81HZeLsI02ukcOBkiygPKS0ClGexcLPiLSaLSUy+j
-----END CERTIFICATE-----