Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/12099bf5-f9c1-463e-9fc9-eaf791e339e4.roa
File:                     12099bf5-f9c1-463e-9fc9-eaf791e339e4.roa (raw, json)
Hash identifier:          O7/CDHlKgzYdd2BAkfGsj+GfHf14OtRqrwO6JCTl+8o=
Subject key identifier:   A3:95:A8:81:CC:73:EA:71:BF:52:88:82:32:AF:04:F3:5A:78:CA:BD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       06E07A080A0F91618B9DE0DED9F3A8BD2A4E5C49
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/12099bf5-f9c1-463e-9fc9-eaf791e339e4.roa
Signing time:             Mon 31 Mar 2025 21:10:57 +0000
ROA not before:           Mon 31 Mar 2025 21:10:57 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d011::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:e0:7a:08:0a:0f:91:61:8b:9d:e0:de:d9:f3:a8:bd:2a:4e:5c:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:10:57 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:91:76:aa:50:2d:26:dd:a7:a2:b0:44:ab:d0:
                    d6:9f:64:9a:a7:d4:25:a2:b0:c3:0c:8f:05:53:5b:
                    68:8e:e6:7d:9e:5c:75:e4:fb:13:51:12:a9:14:53:
                    64:a5:9e:a2:78:48:53:38:41:f5:a7:89:a1:46:75:
                    34:7f:e6:37:d0:47:71:e3:62:16:58:55:32:04:1b:
                    97:c3:e1:11:4f:4c:05:2d:f7:b8:71:20:26:59:6c:
                    8a:83:7c:66:c8:cd:0d:5f:53:a1:37:dc:ea:1d:98:
                    20:44:11:28:7c:ea:08:ea:d1:54:67:ab:6a:0c:fc:
                    76:76:2e:ca:19:8e:03:4b:24:fe:dd:08:b8:f9:4d:
                    12:4d:10:ba:95:c2:1b:fb:66:87:13:f2:c8:18:3e:
                    57:03:b5:1b:7b:3e:ee:de:0a:aa:10:01:01:2c:5a:
                    83:d6:c1:81:e8:39:e1:3f:64:a4:3b:97:ec:4b:20:
                    26:80:12:6f:de:9b:4f:f3:0b:1e:1e:8a:38:25:6c:
                    86:a2:b5:5c:45:02:27:98:e1:ac:72:15:32:08:2d:
                    a1:65:70:88:ac:51:d5:c4:4e:b4:ac:e6:40:9c:c1:
                    53:27:2b:8b:cf:d7:dd:07:1e:a1:4b:df:2d:b0:86:
                    67:f2:86:6f:73:23:c5:4f:56:9e:a8:d0:61:7e:69:
                    a8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:95:A8:81:CC:73:EA:71:BF:52:88:82:32:AF:04:F3:5A:78:CA:BD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/12099bf5-f9c1-463e-9fc9-eaf791e339e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d011::/38

    Signature Algorithm: sha256WithRSAEncryption
         7b:6b:47:5e:54:af:05:5f:74:9d:8d:d4:5e:c6:5c:d9:16:43:
         c3:1d:ba:03:03:0a:4f:ce:96:d2:90:0f:fd:40:31:b6:c5:5c:
         26:c7:5c:e4:93:e2:b8:33:88:0c:f5:df:f8:ee:66:31:86:4b:
         e9:ae:f8:72:fe:f2:a0:59:a0:df:87:73:6e:78:93:a2:7c:df:
         76:5c:56:41:6b:9a:ba:6d:a4:ae:a6:ae:68:97:08:84:af:97:
         81:25:2d:28:11:0f:b1:dc:99:b8:a6:f4:28:d6:58:83:a1:a9:
         32:80:23:ab:3d:ee:5c:77:a3:fe:f5:c5:c1:17:64:25:f9:00:
         f4:c9:97:7c:2d:6e:ef:06:16:77:49:8e:ef:a2:28:e8:4c:77:
         cc:42:43:e6:44:1c:d2:77:e6:42:56:f7:e6:ce:e0:65:b0:9a:
         e3:55:31:69:64:4f:64:d2:74:5b:b3:81:4a:97:fe:6f:31:93:
         91:4f:c2:e0:88:6f:91:6f:9e:04:d0:af:a1:d9:fd:fe:ab:c8:
         a5:09:9b:5a:14:c6:ee:0c:81:51:49:b0:b8:e5:4a:a7:e8:5e:
         80:d9:f2:39:e7:14:04:0a:b1:86:c0:02:d4:a2:fb:5e:21:68:
         09:52:b0:66:0a:2d:dd:ba:af:ae:91:79:e1:6b:4b:2b:00:30:
         8c:2f:64:f1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBuB6CAoPkWGLneDe2fOovSpOXEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTEwNTdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDlkYjY0OWQzZDAwOWRkMWVjNjM3NTIwNWU2MGM2YTNhYTRhOWIzYWU5ZTI2
OGY1NDEyZjQzMDM0Y2U5ZjZjY2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuRdqpQLSbdp6KwRKvQ1p9kmqfUJaKwwwyPBVNbaI7mfZ5cdeT7E1ESqRRT
ZKWeonhIUzhB9aeJoUZ1NH/mN9BHceNiFlhVMgQbl8PhEU9MBS33uHEgJllsioN8
ZsjNDV9ToTfc6h2YIEQRKHzqCOrRVGeragz8dnYuyhmOA0sk/t0IuPlNEk0QupXC
G/tmhxPyyBg+VwO1G3s+7t4KqhABASxag9bBgeg54T9kpDuX7EsgJoASb96bT/ML
Hh6KOCVshqK1XEUCJ5jhrHIVMggtoWVwiKxR1cROtKzmQJzBUycri8/X3QceoUvf
LbCGZ/KGb3MjxU9WnqjQYX5pqMUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSjlaiB
zHPqcb9SiIIyrwTzWnjKvTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTIwOTliZjUtZjljMS00NjNlLTlmYzktZWFmNzkxZTMzOWU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BEA
MA0GCSqGSIb3DQEBCwUAA4IBAQB7a0deVK8FX3SdjdRexlzZFkPDHboDAwpPzpbS
kA/9QDG2xVwmx1zkk+K4M4gM9d/47mYxhkvprvhy/vKgWaDfh3NueJOifN92XFZB
a5q6baSupq5olwiEr5eBJS0oEQ+x3Jm4pvQo1liDoakygCOrPe5cd6P+9cXBF2Ql
+QD0yZd8LW7vBhZ3SY7voijoTHfMQkPmRBzSd+ZCVvfmzuBlsJrjVTFpZE9k0nRb
s4FKl/5vMZORT8LgiG+Rb54E0K+h2f3+q8ilCZtaFMbuDIFRSbC45Uqn6F6A2fI5
5xQECrGGwALUovteIWgJUrBmCi3duq+ukXnha0srADCML2Tx
-----END CERTIFICATE-----