Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d96d3ad-0ee7-4630-9a49-a0dcc2b71da5.roa
File:                     7d96d3ad-0ee7-4630-9a49-a0dcc2b71da5.roa (raw, json)
Hash identifier:          OBvQSJ+IxNvi8Ep7nQt/CvmfP0qTWvtCw/TB0EAQJvg=
Subject key identifier:   58:27:99:AD:A6:9C:0A:09:7A:DD:E7:19:65:45:B9:05:B8:FB:97:D3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5EC1F6562FE3345A2DA5125B4154E755A3E5DA0C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d96d3ad-0ee7-4630-9a49-a0dcc2b71da5.roa
Signing time:             Wed 05 Mar 2025 17:21:31 +0000
ROA not before:           Wed 05 Mar 2025 17:21:31 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d075:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:c1:f6:56:2f:e3:34:5a:2d:a5:12:5b:41:54:e7:55:a3:e5:da:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:21:31 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:76:95:a3:0f:01:2c:11:1f:59:5d:24:6b:ee:
                    55:4a:60:ba:53:d2:7a:1d:d1:96:1a:38:d1:87:52:
                    02:fa:15:d4:74:a5:88:1b:e4:8a:e3:33:99:07:74:
                    fb:92:44:39:f4:74:4c:80:2f:69:91:9c:87:aa:6c:
                    2e:04:f7:bb:c9:61:28:20:3a:e0:0e:7a:5a:01:08:
                    7a:d7:a2:8e:8f:9f:c7:36:5a:4c:9a:55:38:65:47:
                    b1:eb:1e:79:cb:dd:b5:42:41:dc:1d:95:54:17:53:
                    90:93:4b:78:5c:8e:e8:02:2e:1a:1b:17:71:c1:bc:
                    fd:89:4f:4b:f2:5c:c7:a3:b8:02:79:88:62:87:2f:
                    2c:01:85:e3:c7:d6:fc:45:79:5e:3b:b6:b5:2c:76:
                    22:30:f5:83:e1:63:34:68:c3:33:97:a2:a6:08:a5:
                    64:84:f4:48:64:5b:6e:c0:a2:9d:e1:9c:de:00:6b:
                    96:3a:cd:fe:21:65:84:f1:c7:33:da:c0:94:8f:48:
                    4c:8e:ce:b8:36:ea:b4:dd:8c:52:7a:e4:86:58:33:
                    b0:52:c6:88:b6:26:e1:9a:b5:86:10:9f:4b:a8:4f:
                    69:1a:0c:64:02:7c:1e:5d:6e:27:90:1c:d8:ab:90:
                    b6:5b:eb:ed:b7:a7:e7:99:a7:f8:82:5a:5e:de:37:
                    8a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:27:99:AD:A6:9C:0A:09:7A:DD:E7:19:65:45:B9:05:B8:FB:97:D3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d96d3ad-0ee7-4630-9a49-a0dcc2b71da5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d075:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         35:e2:4c:56:34:19:64:2d:ef:02:6e:36:01:b0:30:08:a2:7d:
         d0:55:61:c5:bb:f9:8b:5f:42:7b:5f:14:c9:5e:15:cc:ee:51:
         77:19:ce:c6:3b:d8:0b:53:db:ea:39:02:0e:70:79:b7:66:2b:
         5f:27:22:3a:a1:c7:56:78:90:64:14:6f:ac:d1:94:ab:26:ca:
         2a:05:41:a5:bf:07:41:91:bc:87:a6:03:e3:5f:66:41:7a:55:
         5e:cb:aa:fd:b8:95:98:0b:28:95:c1:17:d0:59:5c:8c:38:35:
         69:cc:8a:fa:e6:12:65:3b:29:ea:19:9a:00:1e:a3:a4:fd:cb:
         56:68:27:db:86:dd:21:6e:79:40:1a:e2:c9:31:0a:ae:40:de:
         82:9c:be:79:51:9f:b2:78:f9:d8:6c:5d:8a:34:d3:79:15:bf:
         a1:02:a3:35:ac:2c:59:77:6e:11:0a:bc:37:fe:46:82:26:b6:
         af:88:4d:40:ab:23:53:46:1f:c0:e5:b9:50:27:40:ad:8e:eb:
         9a:4e:fe:62:8a:30:38:16:26:e5:b4:34:83:69:59:22:e6:52:
         f5:26:9a:42:4b:b8:f6:ed:30:90:1b:8a:88:d6:52:27:ec:9d:
         e8:d6:5e:5f:d5:2f:ad:4f:ae:b1:a8:ff:2e:c5:b7:87:78:3a:
         17:fe:2f:c7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXsH2Vi/jNFotpRJbQVTnVaPl2gwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzIxMzFaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGE1ODZkNGUxMzAxOGI3MjAxYzgzNDBiYTNlYjgxYjlhZWM1OGJlNjdjM2Rh
MDNlMWE2ZWY3Njk3ZGE5MmQ4NGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKt2laMPASwRH1ldJGvuVUpgulPSeh3Rlho40YdSAvoV1HSliBvkiuMzmQd0
+5JEOfR0TIAvaZGch6psLgT3u8lhKCA64A56WgEIeteijo+fxzZaTJpVOGVHsese
ecvdtUJB3B2VVBdTkJNLeFyO6AIuGhsXccG8/YlPS/Jcx6O4AnmIYocvLAGF48fW
/EV5Xju2tSx2IjD1g+FjNGjDM5eipgilZIT0SGRbbsCineGc3gBrljrN/iFlhPHH
M9rAlI9ITI7OuDbqtN2MUnrkhlgzsFLGiLYm4Zq1hhCfS6hPaRoMZAJ8Hl1uJ5Ac
2KuQtlvr7ben55mn+IJaXt43ig8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRYJ5mt
ppwKCXrd5xllRbkFuPuX0zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2Q5NmQzYWQtMGVlNy00NjMwLTlhNDktYTBkY2MyYjcxZGE1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HWQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA14kxWNBlkLe8CbjYBsDAIon3QVWHFu/mLX0J7
XxTJXhXM7lF3Gc7GO9gLU9vqOQIOcHm3ZitfJyI6ocdWeJBkFG+s0ZSrJsoqBUGl
vwdBkbyHpgPjX2ZBelVey6r9uJWYCyiVwRfQWVyMODVpzIr65hJlOynqGZoAHqOk
/ctWaCfbht0hbnlAGuLJMQquQN6CnL55UZ+yePnYbF2KNNN5Fb+hAqM1rCxZd24R
Crw3/kaCJraviE1AqyNTRh/A5blQJ0CtjuuaTv5iijA4FibltDSDaVki5lL1JppC
S7j27TCQG4qI1lIn7J3o1l5f1S+tT66xqP8uxbeHeDoX/i/H
-----END CERTIFICATE-----