Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
File:                     868cbba8-4804-4fbd-b9b8-7e9402c44956.roa (raw, json)
Hash identifier:          Z6y/hWiXYheLh3iMPZLNUYHFCCBanC6uZir+t1xVUzA=
Subject key identifier:   2D:8B:36:27:A4:1F:7F:18:7B:33:53:B4:3F:4D:93:C3:06:02:5D:09
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5AB2FA5FFE0C5D55D1C77C0705764EFC72EC6B9A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
Signing time:             Wed 02 Apr 2025 00:30:43 +0000
ROA not before:           Wed 02 Apr 2025 00:30:43 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d06f:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:b2:fa:5f:fe:0c:5d:55:d1:c7:7c:07:05:76:4e:fc:72:ec:6b:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  2 00:30:43 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f2:76:56:e3:ab:4e:16:c9:e0:7b:c0:6e:71:
                    58:87:4b:b2:68:d7:1a:c4:26:37:dd:3b:97:d1:f1:
                    0c:f8:9f:94:b9:c5:1b:ce:ce:22:c3:e5:0d:f3:6b:
                    09:e7:6c:3b:54:66:ac:6f:93:35:62:67:a6:30:32:
                    e9:5d:d5:e2:63:55:d6:8d:65:64:b2:8e:d1:7f:de:
                    46:2f:a2:ff:e8:d4:e0:7b:ee:81:1f:33:5f:88:aa:
                    1a:d1:14:10:b1:e0:2f:60:3b:47:6e:45:56:d7:0a:
                    fe:e0:39:79:71:52:99:d1:cb:a2:25:ad:10:71:ea:
                    b2:bf:51:e6:ea:e2:9d:3a:47:43:2e:83:dc:8e:d5:
                    92:6b:ee:c9:16:2f:02:ee:c9:87:6d:67:71:47:20:
                    45:b4:58:9d:ce:1a:99:22:ff:d5:d2:e9:2d:03:45:
                    07:fa:52:a2:12:c4:86:97:d8:2b:cc:2f:38:74:d3:
                    13:fd:96:64:a0:f9:57:ab:1e:7e:de:ec:72:4a:13:
                    01:71:c2:50:b8:f5:2a:aa:8f:a6:fd:b0:d0:20:22:
                    94:d0:e4:f6:c4:a6:e5:09:a3:1b:ea:b4:14:7d:8e:
                    3a:02:5a:c6:3c:82:50:6b:95:63:81:7a:f5:14:cf:
                    b7:f7:cf:6e:c6:e9:47:9d:fc:d0:2f:b5:58:d1:8c:
                    7f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:8B:36:27:A4:1F:7F:18:7B:33:53:B4:3F:4D:93:C3:06:02:5D:09
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         36:70:05:f4:3f:40:8b:b2:a8:cf:e6:76:8f:e4:92:21:f0:05:
         4f:04:38:2c:1b:cc:9d:4a:35:24:c8:11:91:ef:1c:34:9c:da:
         c0:cb:86:4e:13:e6:1d:fb:d6:fe:38:99:b3:3b:49:75:18:b8:
         0c:1b:01:87:41:78:80:b3:32:5b:a0:05:cc:cf:b9:8b:07:03:
         e4:b8:ba:a7:ec:50:c5:3c:14:3f:93:c4:05:57:cc:4e:eb:21:
         a5:68:5b:50:30:cb:e4:b0:e5:ff:c0:73:df:4e:7e:ef:c7:85:
         94:d9:e1:95:8f:1d:08:bd:66:8f:7d:a6:79:03:f4:49:3f:9a:
         0a:45:c3:53:bc:e5:4e:d8:3c:2e:d2:a4:e7:c5:01:cd:52:86:
         56:61:ca:b4:d1:3b:4e:44:7e:01:be:90:dd:e6:c7:2a:ef:02:
         d9:e4:5d:da:37:00:21:f9:fc:00:81:b2:13:be:3e:dd:36:ee:
         9f:3d:24:25:86:90:7c:de:ab:78:20:e3:8e:73:7a:91:20:00:
         af:b2:dc:98:c0:b3:b2:52:01:e9:eb:8a:ee:c8:67:1e:ce:f9:
         d5:78:f7:5b:05:0a:c4:b2:55:06:9a:5a:f1:f2:24:cc:85:2d:
         2b:72:93:1b:6c:4f:7e:b1:89:54:45:61:6e:ed:13:70:2b:47:
         a0:27:bb:68
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWrL6X/4MXVXRx3wHBXZO/HLsa5owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDIwMDMwNDNaFw0yNTA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGU4NzdhMjI1OWJmNzllZjJkYWRiZDQ3OWQwNzIzM2NlYzU5YmRkNWIxNmRm
ZTg0MTk4OTU1NjhlYzc1ZmM3MTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANTydlbjq04WyeB7wG5xWIdLsmjXGsQmN907l9HxDPiflLnFG87OIsPlDfNr
CedsO1RmrG+TNWJnpjAy6V3V4mNV1o1lZLKO0X/eRi+i/+jU4HvugR8zX4iqGtEU
ELHgL2A7R25FVtcK/uA5eXFSmdHLoiWtEHHqsr9R5urinTpHQy6D3I7VkmvuyRYv
Au7Jh21ncUcgRbRYnc4amSL/1dLpLQNFB/pSohLEhpfYK8wvOHTTE/2WZKD5V6se
ft7sckoTAXHCULj1KqqPpv2w0CAilNDk9sSm5QmjG+q0FH2OOgJaxjyCUGuVY4F6
9RTPt/fPbsbpR5380C+1WNGMf3UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQtizYn
pB9/GHszU7Q/TZPDBgJdCTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODY4Y2JiYTgtNDgwNC00ZmJkLWI5YjgtN2U5NDAyYzQ0OTU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQA2cAX0P0CLsqjP5naP5JIh8AVPBDgsG8ydSjUk
yBGR7xw0nNrAy4ZOE+Yd+9b+OJmzO0l1GLgMGwGHQXiAszJboAXMz7mLBwPkuLqn
7FDFPBQ/k8QFV8xO6yGlaFtQMMvksOX/wHPfTn7vx4WU2eGVjx0IvWaPfaZ5A/RJ
P5oKRcNTvOVO2Dwu0qTnxQHNUoZWYcq00TtORH4BvpDd5scq7wLZ5F3aNwAh+fwA
gbITvj7dNu6fPSQlhpB83qt4IOOOc3qRIACvstyYwLOyUgHp64ruyGcezvnVePdb
BQrEslUGmlrx8iTMhS0rcpMbbE9+sYlURWFu7RNwK0egJ7to
-----END CERTIFICATE-----