Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9ea9340f-dd25-4e30-a952-27ce8d9906df.roa
File:                     9ea9340f-dd25-4e30-a952-27ce8d9906df.roa (raw, json)
Hash identifier:          85jxMH/pikK2Q4QbhWokVrYVQJOg7GIGyGsCmaVTfco=
Subject key identifier:   77:E1:B6:76:B7:87:53:9A:E9:D0:9F:27:8E:8C:EA:7D:19:81:E1:E8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5123AE10E86DFDCDF322898853A670DAAB4905EB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9ea9340f-dd25-4e30-a952-27ce8d9906df.roa
Signing time:             Fri 21 Mar 2025 15:00:13 +0000
ROA not before:           Fri 21 Mar 2025 15:00:13 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d030:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:23:ae:10:e8:6d:fd:cd:f3:22:89:88:53:a6:70:da:ab:49:05:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:00:13 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ac:ef:07:3c:9d:78:4c:a9:bc:49:ce:2e:3b:
                    05:41:d0:e5:13:7b:a9:d6:10:f5:84:05:b2:d9:d6:
                    a6:81:25:bc:a8:b2:01:71:dd:47:ac:1a:6f:2c:99:
                    09:fc:e6:4e:ec:28:99:8e:e7:cc:c3:35:34:65:d7:
                    4a:82:ff:6e:ea:58:65:22:ce:68:db:96:7a:85:26:
                    50:71:33:06:3e:61:a3:01:3c:99:85:87:b1:d3:6e:
                    76:98:1b:20:c0:8a:9e:a7:ea:5e:06:04:43:50:a5:
                    ec:65:61:aa:48:ce:d2:fb:6a:a9:34:69:ca:93:b2:
                    63:e5:7c:98:50:44:2b:2f:71:9a:26:22:06:b8:86:
                    e3:a9:d2:ef:8a:74:7f:f7:c8:65:a5:89:81:57:e0:
                    b3:82:1c:bf:22:fb:15:31:e1:bc:12:6d:41:cf:75:
                    80:31:43:a1:b6:48:08:65:e0:ed:7a:b4:ed:d8:2f:
                    3f:97:7f:1b:92:2f:98:55:5f:40:ee:d5:06:bf:b3:
                    5b:9f:b3:28:9f:91:a0:93:b2:12:31:95:10:a1:e1:
                    95:04:d0:b7:d2:36:ce:5b:c2:27:3f:5d:65:76:99:
                    f9:a9:8a:1a:33:7e:18:97:e1:b9:04:b7:0b:82:39:
                    89:1a:e9:42:ec:2c:23:e7:9a:56:08:7d:6b:a8:23:
                    10:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E1:B6:76:B7:87:53:9A:E9:D0:9F:27:8E:8C:EA:7D:19:81:E1:E8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9ea9340f-dd25-4e30-a952-27ce8d9906df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         79:f1:ac:ae:9c:14:c3:b1:bf:56:26:a1:a1:dd:d0:22:14:ff:
         72:37:5e:90:1f:1d:22:f5:e5:6d:0e:a1:0d:16:65:30:c9:41:
         1c:45:df:72:56:e4:b7:a1:c1:ed:51:db:00:f4:e8:72:49:e0:
         cd:91:f3:95:5b:ea:ce:9e:20:a1:70:3e:3a:e3:13:02:8f:1c:
         d7:b6:f7:44:a6:30:74:6b:b5:88:75:89:a5:cb:ba:b6:fe:71:
         19:28:09:6b:fb:15:43:4a:54:f1:81:66:42:03:d3:74:9c:50:
         ee:54:9b:4b:c2:8a:03:cd:eb:2c:fa:87:cb:99:05:bf:1a:27:
         0d:27:05:e8:39:4b:9e:33:c6:d0:f6:a0:d2:92:ad:dc:2c:f3:
         3c:c8:d2:31:f8:f7:98:7f:bd:6c:4d:8e:7b:c2:91:42:5e:48:
         a8:b6:0e:c7:e2:3a:77:b1:f3:fd:3b:fc:fb:61:33:b0:78:6b:
         aa:45:0f:00:81:7e:e5:a8:c0:cc:cb:73:43:4a:12:a2:e5:65:
         eb:88:aa:bc:18:4f:f0:62:92:8f:85:19:23:19:60:f3:5f:af:
         23:03:87:82:64:09:f6:19:14:3d:e1:e0:7d:52:f5:86:04:16:
         a9:7f:3e:af:11:a6:66:c2:3c:e6:1d:4d:e4:c7:8e:2f:bf:c0:
         ec:44:4d:72
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUSOuEOht/c3zIomIU6Zw2qtJBeswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAwMTNaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDAwZTJhNGQyODg3NGMzYTNhOTc5YTA3YzY0N2M3MjljOTk3YzE1NjI3YWM2
MWVhM2Q2ZGM2ODQyZDcwNjA4NDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANys7wc8nXhMqbxJzi47BUHQ5RN7qdYQ9YQFstnWpoElvKiyAXHdR6wabyyZ
CfzmTuwomY7nzMM1NGXXSoL/bupYZSLOaNuWeoUmUHEzBj5howE8mYWHsdNudpgb
IMCKnqfqXgYEQ1Cl7GVhqkjO0vtqqTRpypOyY+V8mFBEKy9xmiYiBriG46nS74p0
f/fIZaWJgVfgs4IcvyL7FTHhvBJtQc91gDFDobZICGXg7Xq07dgvP5d/G5IvmFVf
QO7VBr+zW5+zKJ+RoJOyEjGVEKHhlQTQt9I2zlvCJz9dZXaZ+amKGjN+GJfhuQS3
C4I5iRrpQuwsI+eaVgh9a6gjEFUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR34bZ2
t4dTmunQnyeOjOp9GYHh6DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWVhOTM0MGYtZGQyNS00ZTMwLWE5NTItMjdjZThkOTkwNmRmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DBA
MA0GCSqGSIb3DQEBCwUAA4IBAQB58ayunBTDsb9WJqGh3dAiFP9yN16QHx0i9eVt
DqENFmUwyUEcRd9yVuS3ocHtUdsA9OhySeDNkfOVW+rOniChcD464xMCjxzXtvdE
pjB0a7WIdYmly7q2/nEZKAlr+xVDSlTxgWZCA9N0nFDuVJtLwooDzess+ofLmQW/
GicNJwXoOUueM8bQ9qDSkq3cLPM8yNIx+PeYf71sTY57wpFCXkiotg7H4jp3sfP9
O/z7YTOweGuqRQ8AgX7lqMDMy3NDShKi5WXriKq8GE/wYpKPhRkjGWDzX68jA4eC
ZAn2GRQ94eB9UvWGBBapfz6vEaZmwjzmHU3kx44vv8DsRE1y
-----END CERTIFICATE-----