Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f8d2f8f-3d48-47ce-8524-66406f0de004.roa
File:                     3f8d2f8f-3d48-47ce-8524-66406f0de004.roa (raw, json)
Hash identifier:          NAxnxDQMnVUmNGQNZvdsU7qUfxqLIWAR6yoY1aG4els=
Subject key identifier:   CF:13:2D:B5:C1:82:8D:4A:49:E7:8C:94:8B:DB:C3:AB:C2:FA:EC:D3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1BFCE3200398DE0017EA9820E9C52D01AC21FDA0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f8d2f8f-3d48-47ce-8524-66406f0de004.roa
Signing time:             Wed 05 Mar 2025 17:30:23 +0000
ROA not before:           Wed 05 Mar 2025 17:30:23 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:b000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:fc:e3:20:03:98:de:00:17:ea:98:20:e9:c5:2d:01:ac:21:fd:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:30:23 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:20:e8:92:0f:5b:f4:74:19:31:66:7a:79:c7:
                    9d:c8:d3:f0:c5:9a:2b:4d:46:d7:99:f7:3e:59:30:
                    95:cf:26:22:f5:a7:37:1c:e3:fe:fc:0c:85:60:bd:
                    ff:37:2c:7c:f4:d6:58:34:91:f4:db:b7:94:fe:6d:
                    65:d1:42:6d:4c:c1:d4:38:cd:1c:fa:33:01:d3:04:
                    81:92:3a:ab:31:f7:8c:31:3c:52:91:c5:c6:c1:1b:
                    22:18:a0:67:78:59:66:37:5d:9e:09:1f:70:7d:53:
                    6a:1b:5b:f4:a4:79:27:66:b2:a2:da:ef:0b:d5:9f:
                    23:70:5e:cb:61:89:9f:a7:51:06:ef:33:cb:14:8d:
                    ed:95:ad:93:7d:a3:82:06:e6:c9:25:9b:6d:3f:ae:
                    a7:9c:1d:b3:f3:54:8f:d4:a6:37:c0:28:b1:72:d0:
                    30:f8:19:70:10:20:74:14:3f:ce:e2:ef:28:1d:3d:
                    d9:db:73:c1:9c:64:65:0e:5d:8d:90:15:b4:d2:22:
                    37:81:d4:da:c5:a8:c3:43:0c:01:3e:d2:0f:36:3b:
                    e0:84:3e:6d:fe:81:e4:91:6f:78:90:6f:09:09:40:
                    8a:0d:17:95:c8:64:6f:1f:0a:ee:4a:de:71:9c:fc:
                    89:13:ae:e6:b8:ce:c4:f9:25:9b:5d:fd:98:82:6d:
                    f7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:13:2D:B5:C1:82:8D:4A:49:E7:8C:94:8B:DB:C3:AB:C2:FA:EC:D3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f8d2f8f-3d48-47ce-8524-66406f0de004.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:d6:1b:7c:ea:a6:8b:e3:3c:e8:09:04:88:e6:75:e4:fb:7e:
         44:22:70:62:98:04:42:63:ea:3e:33:5b:9b:88:13:aa:84:c9:
         e2:1f:91:64:00:a4:7a:e8:cd:3a:44:71:4d:db:61:63:af:43:
         e2:36:49:91:00:04:44:32:3c:8d:5b:4c:df:06:eb:15:1c:3a:
         bf:7e:38:6c:c2:4d:73:fc:25:2f:44:3a:28:f8:46:33:b3:29:
         bb:93:61:ab:3d:90:d2:b6:92:9e:f2:e9:10:1c:a7:ff:c8:95:
         6d:b5:c3:5e:57:b5:b2:84:8d:43:09:1a:bd:de:5a:5c:74:b2:
         45:97:3d:0c:fa:99:fc:f8:d8:9f:5f:2d:7d:64:06:19:5d:7e:
         93:aa:34:53:27:a6:02:d4:af:ce:ee:88:11:87:93:04:c0:3d:
         ff:64:7b:af:dc:70:66:d0:45:b4:4e:b8:f6:7c:db:75:d5:76:
         ab:8b:55:00:45:31:31:b6:a3:0f:56:a7:f6:ca:bd:13:d4:fc:
         47:48:02:55:f6:50:03:ff:6d:8d:12:c5:7a:81:42:68:3c:4b:
         bd:43:d8:4f:1c:c2:ed:b0:23:11:d8:05:48:47:89:da:9b:59:
         00:17:ac:bf:5d:dd:d7:09:df:67:44:da:56:63:e2:67:33:30:
         33:78:fd:f6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUG/zjIAOY3gAX6pgg6cUtAawh/aAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzMwMjNaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDUxNWJiMzAwODk3NWZkYjQ0NWVkMWVhNGU0NTNhODZmOWNkNDNmMGQyNDgy
ZDU1ZDQ5YmU2ZGI5OGFlZjM4OGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIog6JIPW/R0GTFmennHncjT8MWaK01G15n3Plkwlc8mIvWnNxzj/vwMhWC9
/zcsfPTWWDSR9Nu3lP5tZdFCbUzB1DjNHPozAdMEgZI6qzH3jDE8UpHFxsEbIhig
Z3hZZjddngkfcH1Tahtb9KR5J2ayotrvC9WfI3Bey2GJn6dRBu8zyxSN7ZWtk32j
ggbmySWbbT+up5wds/NUj9SmN8AosXLQMPgZcBAgdBQ/zuLvKB092dtzwZxkZQ5d
jZAVtNIiN4HU2sWow0MMAT7SDzY74IQ+bf6B5JFveJBvCQlAig0Xlchkbx8K7kre
cZz8iROu5rjOxPklm139mIJt94sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTPEy21
wYKNSknnjJSL28Orwvrs0zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2Y4ZDJmOGYtM2Q0OC00N2NlLTg1MjQtNjY0MDZmMGRlMDA0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DSw
MA0GCSqGSIb3DQEBCwUAA4IBAQCI1ht86qaL4zzoCQSI5nXk+35EInBimARCY+o+
M1ubiBOqhMniH5FkAKR66M06RHFN22Fjr0PiNkmRAAREMjyNW0zfBusVHDq/fjhs
wk1z/CUvRDoo+EYzsym7k2GrPZDStpKe8ukQHKf/yJVttcNeV7WyhI1DCRq93lpc
dLJFlz0M+pn8+NifXy19ZAYZXX6TqjRTJ6YC1K/O7ogRh5MEwD3/ZHuv3HBm0EW0
Trj2fNt11Xari1UARTExtqMPVqf2yr0T1PxHSAJV9lAD/22NEsV6gUJoPEu9Q9hP
HMLtsCMR2AVIR4nam1kAF6y/Xd3XCd9nRNpWY+JnMzAzeP32
-----END CERTIFICATE-----