Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad2460c-8206-4534-9b9b-355c2d524858.roa
File:                     bad2460c-8206-4534-9b9b-355c2d524858.roa (raw, json)
Hash identifier:          AQTtUY97UpSaaYXdQwXHaH+XmJ8sPAvbrmqC3O7NNeI=
Subject key identifier:   E3:B2:1F:23:15:2B:A4:FE:86:6F:32:24:1D:89:57:EC:3E:5E:64:3D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       711EF3746C332C985658FF9DF112A0FA455D8708
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad2460c-8206-4534-9b9b-355c2d524858.roa
Signing time:             Wed 05 Mar 2025 17:30:21 +0000
ROA not before:           Wed 05 Mar 2025 17:30:21 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:1e:f3:74:6c:33:2c:98:56:58:ff:9d:f1:12:a0:fa:45:5d:87:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:30:21 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:e9:1c:8a:51:c8:2c:26:8e:99:7e:bd:49:4e:
                    ce:51:57:89:01:f1:94:a6:66:d9:f3:64:a2:cd:3f:
                    9c:1f:cf:39:b1:52:c9:ad:5f:0b:15:b1:24:0a:a3:
                    02:f1:41:f5:92:74:65:72:08:3a:ae:08:13:2a:1d:
                    aa:00:cd:a3:bd:50:21:f8:cc:4e:94:19:9e:97:83:
                    1f:66:01:f7:27:52:af:65:2b:2d:46:e5:a4:f4:30:
                    21:41:c5:62:df:5c:a1:46:76:14:cc:e5:0f:ca:8c:
                    c9:e0:3f:ae:38:3f:1d:00:da:3d:e3:14:5b:94:94:
                    1d:4b:d9:1e:d1:50:d5:e8:57:31:9f:e5:2d:95:4e:
                    5d:dd:18:49:2b:06:35:ce:d9:18:fe:c9:f5:63:9b:
                    93:df:56:71:9f:0e:86:00:2b:31:ee:ae:25:df:5e:
                    2c:8f:b3:7f:06:6b:97:86:b3:5b:3a:54:c4:28:1f:
                    68:50:42:4c:b0:3a:5c:0b:5a:b1:3d:ae:92:5e:46:
                    b8:a3:1d:bd:54:91:80:62:21:7a:58:21:63:89:61:
                    2e:19:ca:38:41:72:7c:75:c6:1e:b6:99:96:d0:e8:
                    70:3f:a7:64:c5:f8:26:04:51:57:07:ba:7b:ae:a6:
                    29:fc:ab:61:9e:26:6c:35:e5:24:70:93:89:15:71:
                    90:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B2:1F:23:15:2B:A4:FE:86:6F:32:24:1D:89:57:EC:3E:5E:64:3D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad2460c-8206-4534-9b9b-355c2d524858.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         62:49:39:97:1f:fc:d5:32:fb:47:b6:9d:c8:07:e5:ae:6f:f9:
         69:16:71:72:27:d5:1b:76:2a:7b:2e:95:ea:67:87:69:72:62:
         34:01:f8:a0:54:a5:c8:97:9e:16:6e:ed:09:5f:f1:74:fd:cf:
         ca:a7:bc:a3:6e:82:fc:46:30:fc:2e:92:59:10:f3:e5:a6:c4:
         c7:cf:c1:c7:78:24:dc:ae:ed:f4:7c:de:3d:e1:c1:87:4d:c6:
         54:b3:a0:26:71:6a:61:44:1f:60:b3:aa:13:b9:15:2a:50:66:
         fd:54:32:8e:7a:d3:08:9a:e3:5a:61:2e:d9:c3:b6:0f:91:80:
         96:96:57:15:09:55:87:42:24:08:81:c9:20:14:1c:3a:12:55:
         35:f4:a7:5e:4e:1a:b5:04:09:45:fe:90:dd:77:1c:8e:b9:6c:
         50:13:7e:ad:22:54:41:74:8c:7f:c4:8c:76:37:e2:03:cd:51:
         96:39:56:23:29:13:4d:07:7f:d0:a6:9a:f8:ad:78:7d:b7:fc:
         85:30:13:70:65:ee:6c:04:d6:f2:24:d6:26:9a:35:70:de:9a:
         90:a5:b0:c5:c7:85:ae:e8:d0:1d:6c:91:ed:d1:8b:63:c4:92:
         d0:93:48:40:34:0d:ab:7d:cc:0a:e1:65:b5:eb:2b:a1:95:0e:
         6f:67:b0:3f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcR7zdGwzLJhWWP+d8RKg+kVdhwgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzMwMjFaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGQzZGJhYTI3ZmQ1YWViZTBkYmY0MDU4NjlhZTZmMjA1MWIyYjg1ZTZjZDcx
ODgyY2RmNTFlN2FlMTMwZTFmNDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOzpHIpRyCwmjpl+vUlOzlFXiQHxlKZm2fNkos0/nB/PObFSya1fCxWxJAqj
AvFB9ZJ0ZXIIOq4IEyodqgDNo71QIfjMTpQZnpeDH2YB9ydSr2UrLUblpPQwIUHF
Yt9coUZ2FMzlD8qMyeA/rjg/HQDaPeMUW5SUHUvZHtFQ1ehXMZ/lLZVOXd0YSSsG
Nc7ZGP7J9WObk99WcZ8OhgArMe6uJd9eLI+zfwZrl4azWzpUxCgfaFBCTLA6XAta
sT2ukl5GuKMdvVSRgGIhelghY4lhLhnKOEFyfHXGHraZltDocD+nZMX4JgRRVwe6
e66mKfyrYZ4mbDXlJHCTiRVxkBECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTjsh8j
FSuk/oZvMiQdiVfsPl5kPTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmFkMjQ2MGMtODIwNi00NTM0LTliOWItMzU1YzJkNTI0ODU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H5g
MA0GCSqGSIb3DQEBCwUAA4IBAQBiSTmXH/zVMvtHtp3IB+Wub/lpFnFyJ9Ubdip7
LpXqZ4dpcmI0AfigVKXIl54Wbu0JX/F0/c/Kp7yjboL8RjD8LpJZEPPlpsTHz8HH
eCTcru30fN494cGHTcZUs6AmcWphRB9gs6oTuRUqUGb9VDKOetMImuNaYS7Zw7YP
kYCWllcVCVWHQiQIgckgFBw6ElU19KdeThq1BAlF/pDddxyOuWxQE36tIlRBdIx/
xIx2N+IDzVGWOVYjKRNNB3/Qppr4rXh9t/yFMBNwZe5sBNbyJNYmmjVw3pqQpbDF
x4Wu6NAdbJHt0YtjxJLQk0hANA2rfcwK4WW16yuhlQ5vZ7A/
-----END CERTIFICATE-----