Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2cee858e-c572-427b-8123-23b2e05abc40.roa
File:                     2cee858e-c572-427b-8123-23b2e05abc40.roa (raw, json)
Hash identifier:          IvXYqOfcYVqrICsxDRP0jj/iUAe6VEj8+DVfr3jla7E=
Subject key identifier:   9F:EC:C8:9B:76:40:EE:EE:AD:1F:BD:1B:7B:98:58:2C:1C:5A:AC:AC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4E1D7A2EE2CC62AE732E7627E37D0543D8F90479
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2cee858e-c572-427b-8123-23b2e05abc40.roa
Signing time:             Mon 31 Mar 2025 19:00:16 +0000
ROA not before:           Mon 31 Mar 2025 19:00:16 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:c080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:1d:7a:2e:e2:cc:62:ae:73:2e:76:27:e3:7d:05:43:d8:f9:04:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:00:16 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:23:20:a6:c8:99:95:91:18:ae:79:e6:dd:9d:
                    a1:aa:e6:ef:13:78:64:db:06:d1:74:6c:12:32:ef:
                    e3:30:31:db:76:36:af:79:2d:bb:a3:9c:10:82:0c:
                    47:38:56:b5:0d:34:19:78:ca:d0:0e:53:95:1a:06:
                    dc:d0:1f:4e:d8:d5:9c:1a:5f:a0:fb:6f:8a:4c:bf:
                    87:55:1e:0a:df:01:f4:87:89:77:bf:a9:30:4c:c2:
                    74:70:e5:38:9c:ac:8e:89:28:fb:ac:09:fb:3d:94:
                    87:dd:e0:7d:22:60:fb:bd:83:9e:b6:b9:04:39:d1:
                    fa:44:71:04:ee:42:9a:c6:4b:d8:cf:ea:5a:81:d6:
                    75:3f:c1:03:d5:ce:f6:70:2c:31:c5:ad:fd:3f:73:
                    67:d1:a8:32:9c:19:10:81:28:b7:98:46:c4:1e:9a:
                    bf:14:46:5a:44:f8:88:f3:c1:99:6d:07:e7:62:d9:
                    68:8b:7c:fd:c5:84:05:e3:7e:5f:d1:b4:51:bc:47:
                    68:10:25:45:70:ee:31:f3:e8:c0:97:a7:1f:98:de:
                    bf:dc:e6:e3:f3:f6:b4:43:35:ee:60:20:e6:52:d2:
                    56:b7:50:11:b8:35:b3:76:21:6e:78:56:c0:86:08:
                    7b:ce:f9:a8:2b:97:93:8b:0e:ca:b6:28:36:ae:81:
                    3a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:EC:C8:9B:76:40:EE:EE:AD:1F:BD:1B:7B:98:58:2C:1C:5A:AC:AC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2cee858e-c572-427b-8123-23b2e05abc40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:c080::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:23:be:8c:3f:92:4e:c8:79:5e:43:b9:90:93:db:8e:27:a1:
         95:34:c2:f7:61:5f:6e:04:48:58:a5:9d:2e:86:f5:83:a9:ff:
         a2:6e:f2:5f:66:b5:60:6b:89:65:34:a4:84:82:4d:fc:cb:da:
         bc:01:56:47:49:ef:c3:4a:ab:2b:fc:9a:2d:1c:cb:e4:8d:88:
         6b:e9:36:15:85:19:50:06:97:2f:62:9c:38:e1:8e:6f:78:05:
         22:19:fc:bf:b8:49:e2:5c:19:b1:7e:5a:5b:b3:38:6d:51:f8:
         07:df:ee:68:59:04:22:42:e7:ea:e2:1c:66:77:bc:de:58:ca:
         d9:78:96:a7:6c:a6:61:a8:02:1b:61:a2:5c:3b:d7:2d:4e:56:
         4e:34:a3:6b:a8:45:02:83:7c:11:86:a2:9b:0a:56:2d:2b:eb:
         fe:64:ac:51:69:fd:e7:b5:cc:d0:52:7f:77:6c:e6:ed:ea:9e:
         8b:b8:47:e9:99:d6:e0:2a:12:da:94:82:15:7d:05:84:1b:33:
         1d:fa:33:5a:8f:69:ea:4f:a7:f1:ce:a8:8c:d2:72:0f:cc:45:
         b0:76:8b:95:99:42:41:86:05:50:18:f7:97:3b:b1:8b:17:32:
         ad:7e:f0:47:9f:a0:65:61:5c:73:52:ac:91:b3:59:94:ab:4c:
         12:9a:4d:bd
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUTh16LuLMYq5zLnYn430FQ9j5BHkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTAwMTZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwZTcyOGExNGY4OWMwM2Y2Yjk0NjMxNzNlNmMwYTNjNDUzMTRlZDMzMmUw
Y2E1ZjQ0ZmVjNDhhNTFjZDVjZjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYjIKbImZWRGK555t2doarm7xN4ZNsG0XRsEjLv4zAx23Y2r3ktu6OcEIIM
RzhWtQ00GXjK0A5TlRoG3NAfTtjVnBpfoPtviky/h1UeCt8B9IeJd7+pMEzCdHDl
OJysjoko+6wJ+z2Uh93gfSJg+72Dnra5BDnR+kRxBO5CmsZL2M/qWoHWdT/BA9XO
9nAsMcWt/T9zZ9GoMpwZEIEot5hGxB6avxRGWkT4iPPBmW0H52LZaIt8/cWEBeN+
X9G0UbxHaBAlRXDuMfPowJenH5jev9zm4/P2tEM17mAg5lLSVrdQEbg1s3YhbnhW
wIYIe875qCuXk4sOyrYoNq6BOkcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSf7Mib
dkDu7q0fvRt7mFgsHFqsrDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmNlZTg1OGUtYzU3Mi00MjdiLTgxMjMtMjNiMmUwNWFiYzQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLA
gDANBgkqhkiG9w0BAQsFAAOCAQEAvyO+jD+STsh5XkO5kJPbjiehlTTC92FfbgRI
WKWdLob1g6n/om7yX2a1YGuJZTSkhIJN/MvavAFWR0nvw0qrK/yaLRzL5I2Ia+k2
FYUZUAaXL2KcOOGOb3gFIhn8v7hJ4lwZsX5aW7M4bVH4B9/uaFkEIkLn6uIcZne8
3ljK2XiWp2ymYagCG2GiXDvXLU5WTjSja6hFAoN8EYaimwpWLSvr/mSsUWn957XM
0FJ/d2zm7eqei7hH6ZnW4CoS2pSCFX0FhBszHfozWo9p6k+n8c6ojNJyD8xFsHaL
lZlCQYYFUBj3lzuxixcyrX7wR5+gZWFcc1KskbNZlKtMEppNvQ==
-----END CERTIFICATE-----