Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e492412-994d-4c48-a29e-9082ebce3349.roa
File:                     8e492412-994d-4c48-a29e-9082ebce3349.roa (raw, json)
Hash identifier:          8o5sDft4Dcg8hFG1UyWj7BsemXXB1M5NGaDHsOhhqNw=
Subject key identifier:   4E:D5:52:23:C3:18:11:5B:BD:81:05:58:4E:10:CD:A8:63:1D:0C:5A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       52562AB97CE6DE75355C7CBDD5B18A5884633B9D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e492412-994d-4c48-a29e-9082ebce3349.roa
Signing time:             Wed 05 Mar 2025 17:20:57 +0000
ROA not before:           Wed 05 Mar 2025 17:20:57 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07a:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:56:2a:b9:7c:e6:de:75:35:5c:7c:bd:d5:b1:8a:58:84:63:3b:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:20:57 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b1:98:6f:16:e6:4d:be:ae:c4:46:fa:c3:75:
                    7c:57:6e:bf:95:6b:52:e2:00:67:5b:d8:e9:34:94:
                    2c:95:89:10:cf:9e:9b:53:a3:3f:bc:2d:f7:01:19:
                    d5:70:5f:c3:d7:51:7b:87:95:0d:ca:07:1d:cb:18:
                    ca:68:b8:58:95:33:f7:a6:5a:36:92:c3:50:4a:b7:
                    b9:11:b4:15:60:1b:66:b5:8a:94:2e:95:15:24:7b:
                    29:11:f3:4c:88:e3:56:7d:1e:9d:9a:6c:77:0d:28:
                    88:81:3f:d1:f9:9d:40:31:50:b8:6d:9a:d2:1c:6b:
                    61:c4:ca:ac:26:b0:71:f1:72:8a:26:9a:74:c9:93:
                    a4:ee:da:b7:84:24:c1:9f:c6:08:62:11:ff:63:03:
                    66:7d:80:7f:a2:be:e5:3a:06:f6:83:d3:64:07:3c:
                    ce:e3:23:f3:1a:54:ad:9c:6f:97:da:9b:2f:dd:5f:
                    e2:8e:01:0e:52:72:54:05:c5:cc:c5:69:3f:dd:92:
                    31:e5:8b:7b:cb:7e:79:4a:6a:5a:0b:28:9e:0d:e5:
                    8c:c9:ba:28:25:b9:84:93:d7:5f:f2:70:60:13:fe:
                    15:69:f2:21:ac:83:84:b9:11:df:41:63:a8:6e:ec:
                    5a:a7:4c:84:eb:6c:ef:f4:43:38:10:a9:92:bf:b2:
                    eb:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D5:52:23:C3:18:11:5B:BD:81:05:58:4E:10:CD:A8:63:1D:0C:5A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e492412-994d-4c48-a29e-9082ebce3349.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07a:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:94:8a:6b:f9:85:44:47:cc:20:30:e5:a5:23:e5:4e:5b:ef:
         9c:70:7c:d8:20:90:c7:90:95:59:81:cd:c4:09:83:a2:d6:e7:
         cb:0c:b7:50:64:50:1d:39:61:34:03:89:c4:9c:ef:28:cd:e8:
         e8:ac:30:cd:b5:18:65:b2:cc:6d:f2:28:36:1d:4b:42:28:51:
         73:39:d9:d0:f9:4f:61:f2:bd:3e:f5:16:10:3f:19:81:4d:4f:
         1c:17:87:17:d7:d6:dd:6e:1b:38:f3:24:39:d1:e9:43:c7:dd:
         08:aa:07:ac:4f:cc:7d:fb:b4:3e:f0:f5:70:a6:14:86:28:12:
         b1:97:44:5a:dc:45:c4:5d:e3:07:95:bb:45:09:15:29:b2:f9:
         db:bc:97:db:6e:6a:6e:87:97:8d:4e:6f:52:af:84:17:08:e8:
         9c:1d:07:d7:da:36:2d:92:db:5a:56:e8:a2:1e:14:4b:77:fe:
         75:dc:02:c3:c8:88:6d:59:97:9a:71:e6:71:33:d8:f7:a7:37:
         82:5d:cd:66:7e:5a:ac:88:e0:14:a8:f6:d4:8f:cc:30:bd:f2:
         fa:89:82:57:a9:f2:4f:7d:84:ef:09:d9:65:47:63:db:80:68:
         2b:48:d9:06:69:76:ae:0d:5d:ef:7b:72:af:c3:8f:67:e2:a6:
         17:46:2b:76
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUlYquXzm3nU1XHy91bGKWIRjO50wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzIwNTdaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDljMTk2NTA4MjE5MmM0MDgyODA2YzA0NTdmYjM2NTcyMGM4NDgyYWM4ZTkz
YWQ0OGYyN2M5YzkwNGNiMWRlYzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKOxmG8W5k2+rsRG+sN1fFduv5VrUuIAZ1vY6TSULJWJEM+em1OjP7wt9wEZ
1XBfw9dRe4eVDcoHHcsYymi4WJUz96ZaNpLDUEq3uRG0FWAbZrWKlC6VFSR7KRHz
TIjjVn0enZpsdw0oiIE/0fmdQDFQuG2a0hxrYcTKrCawcfFyiiaadMmTpO7at4Qk
wZ/GCGIR/2MDZn2Af6K+5ToG9oPTZAc8zuMj8xpUrZxvl9qbL91f4o4BDlJyVAXF
zMVpP92SMeWLe8t+eUpqWgsong3ljMm6KCW5hJPXX/JwYBP+FWnyIayDhLkR30Fj
qG7sWqdMhOts7/RDOBCpkr+y6yECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRO1VIj
wxgRW72BBVhOEM2oYx0MWjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGU0OTI0MTItOTk0ZC00YzQ4LWEyOWUtOTA4MmViY2UzMzQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HqA
MA0GCSqGSIb3DQEBCwUAA4IBAQANlIpr+YVER8wgMOWlI+VOW++ccHzYIJDHkJVZ
gc3ECYOi1ufLDLdQZFAdOWE0A4nEnO8ozejorDDNtRhlssxt8ig2HUtCKFFzOdnQ
+U9h8r0+9RYQPxmBTU8cF4cX19bdbhs48yQ50elDx90IqgesT8x9+7Q+8PVwphSG
KBKxl0Ra3EXEXeMHlbtFCRUpsvnbvJfbbmpuh5eNTm9Sr4QXCOicHQfX2jYtktta
VuiiHhRLd/513ALDyIhtWZeaceZxM9j3pzeCXc1mflqsiOAUqPbUj8wwvfL6iYJX
qfJPfYTvCdllR2PbgGgrSNkGaXauDV3ve3Kvw49n4qYXRit2
-----END CERTIFICATE-----