Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
File:                     8553b3da-6a47-43ee-87d3-5259a23c371b.roa (raw, json)
Hash identifier:          eMq9s1kOHXYA2J/12ik1IRTQeHqgtG6hrvLtFR7G1rM=
Subject key identifier:   69:AA:32:BE:A0:16:D2:A8:6D:AE:6F:16:67:63:2D:AF:76:EA:34:A0
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2F96B567DBE8AC0C8F66A5AD68AF07577DD7A14C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
Signing time:             Wed 05 Mar 2025 17:31:59 +0000
ROA not before:           Wed 05 Mar 2025 17:31:59 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d071:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:96:b5:67:db:e8:ac:0c:8f:66:a5:ad:68:af:07:57:7d:d7:a1:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:31:59 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:28:df:f3:6b:5a:27:40:41:30:69:e3:f0:0a:
                    58:d2:d5:1f:81:bc:da:4c:87:3a:f2:fb:b0:69:b7:
                    a0:16:c9:72:73:58:8b:c4:89:c9:2e:34:ab:37:13:
                    8b:29:a3:03:f0:0f:48:40:d5:9d:0c:a5:a9:16:d7:
                    cf:19:3b:27:e2:6e:b6:6e:6c:14:95:9e:b6:38:b4:
                    89:2e:de:07:35:3e:2b:c4:80:c2:0d:c5:9c:6f:2b:
                    64:a6:a9:7e:c1:14:ef:3f:26:37:aa:8c:4b:69:ad:
                    40:c2:8b:7b:2b:ac:60:37:04:2f:dc:dd:04:6d:5c:
                    f6:68:8a:33:7f:87:84:aa:89:3a:78:6c:37:74:4d:
                    0f:ea:5c:11:3e:f6:63:fe:1e:61:c6:79:6f:14:b1:
                    26:33:2a:f1:eb:9b:38:7a:2b:ae:f6:67:e8:eb:33:
                    09:fc:51:98:88:80:fa:b2:97:8c:8d:21:19:ba:4f:
                    e3:69:6f:b8:6f:da:46:22:95:83:73:15:ba:81:25:
                    2a:ca:48:71:7d:59:f2:46:62:0b:b5:8f:4c:cb:54:
                    c1:1e:f1:8c:ef:74:61:e9:d6:6e:07:51:4e:ea:5a:
                    89:17:dd:1c:8e:d3:b6:f1:e0:65:21:8e:22:17:c2:
                    1d:a5:ad:1a:0a:7f:9f:8f:8a:71:61:7d:87:4b:2c:
                    e1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:AA:32:BE:A0:16:D2:A8:6D:AE:6F:16:67:63:2D:AF:76:EA:34:A0
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d071:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         56:4e:38:1a:5d:d2:19:f1:70:6d:ac:a1:a3:48:37:36:cb:91:
         26:a0:b2:67:41:08:05:91:11:ad:4c:ff:8b:c4:71:51:5c:cf:
         03:c6:a1:ce:11:24:c6:6c:88:f4:5b:0d:77:3b:53:fc:9c:8e:
         83:0a:d4:54:e2:39:b9:2b:c6:7c:26:a7:78:a0:2a:1e:91:29:
         60:00:01:d8:56:7b:7a:d5:e7:5e:54:e0:1d:f9:53:a9:fe:c1:
         63:59:29:a7:f6:17:6d:46:5d:90:43:70:6c:92:38:e9:42:32:
         49:a8:d1:6d:bd:81:ff:71:6b:09:0f:3f:67:a2:b9:10:b6:2e:
         c5:4a:b9:72:e2:3e:3e:50:e7:a7:77:e3:dc:15:08:fe:a3:ee:
         30:62:e7:94:1e:7f:4a:f7:04:06:3b:2e:fa:75:1a:3e:33:0b:
         aa:16:0d:02:6b:cb:32:5a:78:99:22:4a:c2:c0:0b:78:04:1d:
         a9:80:33:49:f6:5b:e4:e5:6b:b4:cb:ec:3f:b1:32:6a:eb:86:
         c9:5d:8e:52:bc:af:d6:9a:e7:f8:c1:95:6b:ca:fa:fd:a4:c4:
         7a:85:a4:50:7c:73:a9:22:1a:b7:e8:9a:c3:4e:00:58:a7:3f:
         e3:00:de:5f:0c:a7:cd:42:0c:9e:57:7f:08:48:85:90:09:dd:
         f2:72:bd:18
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUL5a1Z9vorAyPZqWtaK8HV33XoUwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzMxNTlaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDhlYTgwMDg0N2Y0YjhhYjg3Y2YxNDBmZjAzZWFkNGM4M2JmYmQ5ZjQ0M2Q5
MWM1NzY3YTAxMjU0N2U5ZWFiMTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALEo3/NrWidAQTBp4/AKWNLVH4G82kyHOvL7sGm3oBbJcnNYi8SJyS40qzcT
iymjA/APSEDVnQylqRbXzxk7J+Jutm5sFJWetji0iS7eBzU+K8SAwg3FnG8rZKap
fsEU7z8mN6qMS2mtQMKLeyusYDcEL9zdBG1c9miKM3+HhKqJOnhsN3RND+pcET72
Y/4eYcZ5bxSxJjMq8eubOHorrvZn6OszCfxRmIiA+rKXjI0hGbpP42lvuG/aRiKV
g3MVuoElKspIcX1Z8kZiC7WPTMtUwR7xjO90YenWbgdRTupaiRfdHI7TtvHgZSGO
IhfCHaWtGgp/n4+KcWF9h0ss4RUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRpqjK+
oBbSqG2ubxZnYy2vduo0oDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODU1M2IzZGEtNmE0Ny00M2VlLTg3ZDMtNTI1OWEyM2MzNzFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEg
MA0GCSqGSIb3DQEBCwUAA4IBAQBWTjgaXdIZ8XBtrKGjSDc2y5EmoLJnQQgFkRGt
TP+LxHFRXM8DxqHOESTGbIj0Ww13O1P8nI6DCtRU4jm5K8Z8Jqd4oCoekSlgAAHY
Vnt61edeVOAd+VOp/sFjWSmn9hdtRl2QQ3BskjjpQjJJqNFtvYH/cWsJDz9norkQ
ti7FSrly4j4+UOend+PcFQj+o+4wYueUHn9K9wQGOy76dRo+MwuqFg0Ca8syWniZ
IkrCwAt4BB2pgDNJ9lvk5Wu0y+w/sTJq64bJXY5SvK/Wmuf4wZVryvr9pMR6haRQ
fHOpIhq36JrDTgBYpz/jAN5fDKfNQgyeV38ISIWQCd3ycr0Y
-----END CERTIFICATE-----