Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa
File:                     538037c5-70a6-4b45-b84c-b4af8015af39.roa (raw, json)
Hash identifier:          4cELeyeVkc8g9kHkRfRSx8UitubNgf7suiF7dmpsT4Q=
Subject key identifier:   93:F8:4A:2B:41:6E:9E:15:22:DE:E8:A8:0A:77:75:00:3E:13:BE:92
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6EF54530107C1032E464CB66095283234D52F8A5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa
Signing time:             Mon 31 Mar 2025 21:20:18 +0000
ROA not before:           Mon 31 Mar 2025 21:20:18 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d029::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:f5:45:30:10:7c:10:32:e4:64:cb:66:09:52:83:23:4d:52:f8:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:20:18 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:59:e4:4e:af:9e:ac:93:a0:f4:38:60:27:61:
                    b6:04:f1:5a:36:aa:74:e0:74:75:96:97:5d:86:60:
                    9c:6b:44:c4:7a:73:37:b5:3e:42:31:8f:65:8a:ec:
                    fa:80:9d:6e:e7:2a:9b:eb:64:ac:09:29:61:c5:ab:
                    de:9f:f0:e4:7c:f2:2d:16:40:24:b6:e5:e9:f5:1e:
                    6b:34:b3:b1:f9:5a:e5:ce:02:e7:b2:81:1b:f1:a4:
                    2a:cc:3f:97:84:1e:53:52:23:6a:7c:ed:cf:0d:c5:
                    73:a9:e2:4e:9c:02:37:68:96:12:e9:59:d6:72:95:
                    49:58:43:cb:2e:5f:8b:cb:3a:81:ee:d3:a5:01:1f:
                    11:a7:11:88:85:08:44:0e:47:ea:7c:81:af:17:77:
                    75:fd:8c:55:44:86:8f:08:7a:24:3f:44:5a:b4:f1:
                    da:3e:06:78:6a:73:7d:6c:5f:42:01:ac:65:3a:6e:
                    bf:2f:b8:85:0a:4f:43:dc:3c:c0:35:80:59:7a:1c:
                    49:e4:d7:ea:97:d9:86:c5:77:3a:df:e6:14:df:67:
                    1d:e0:d2:6c:bd:61:0b:bf:e1:2b:2c:57:71:de:67:
                    b5:6e:01:6d:66:c9:32:8b:d8:6a:32:b8:dd:6f:4c:
                    a2:74:22:02:b0:57:0f:9a:db:d7:c5:64:d8:bc:8b:
                    49:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:F8:4A:2B:41:6E:9E:15:22:DE:E8:A8:0A:77:75:00:3E:13:BE:92
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d029::/36

    Signature Algorithm: sha256WithRSAEncryption
         b8:8a:2d:9a:7e:c4:43:22:37:26:1d:c8:f1:96:53:48:50:9b:
         e3:89:86:be:29:c2:14:5c:69:d6:cd:32:a6:a2:35:61:36:a9:
         db:97:be:8c:27:52:59:75:a0:1b:79:90:60:1a:08:88:2f:9a:
         ea:d7:fc:4e:68:e5:51:52:b5:1d:49:12:aa:c4:52:20:f0:7a:
         f7:29:93:e5:ba:53:13:04:c5:52:16:cd:57:7f:05:7d:dd:2e:
         93:aa:4a:c6:62:4d:50:12:72:8b:a4:c6:e9:72:bc:e5:b0:ba:
         6f:cf:1b:a5:5b:74:83:40:3a:99:80:b4:06:be:2c:15:00:e5:
         6d:01:8b:0b:96:bb:39:25:3b:82:3a:fa:0b:3e:3c:d1:d3:4f:
         78:eb:09:b1:ee:cc:58:c8:9c:4c:c0:13:e1:63:e2:e6:75:2f:
         3b:aa:17:b4:76:70:e8:9f:4d:79:36:e9:9b:ac:a8:2f:14:6b:
         f3:55:ae:4e:0c:99:14:9f:2b:54:b7:cf:7a:af:74:da:d1:6f:
         c4:58:ff:8a:21:4c:db:72:da:c4:17:d7:01:11:37:fb:86:b5:
         94:ed:e2:45:c3:8e:27:60:f5:17:28:65:8e:ec:5b:f1:1f:d7:
         9e:a3:c3:cb:c4:9b:3b:75:f5:fa:dc:a7:7c:47:3e:8d:f4:23:
         07:68:8b:f5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbvVFMBB8EDLkZMtmCVKDI01S+KUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTIwMThaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFmZWExYTg4MzgzOTczZjgyZDAyMzE3MDQwZTA1ZTA0YWY4OTNhZTIxMmUw
ZjgyNTgxYzEzYmQ1OGY4YWM5YjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJdZ5E6vnqyToPQ4YCdhtgTxWjaqdOB0dZaXXYZgnGtExHpzN7U+QjGPZYrs
+oCdbucqm+tkrAkpYcWr3p/w5HzyLRZAJLbl6fUeazSzsfla5c4C57KBG/GkKsw/
l4QeU1Ijanztzw3Fc6niTpwCN2iWEulZ1nKVSVhDyy5fi8s6ge7TpQEfEacRiIUI
RA5H6nyBrxd3df2MVUSGjwh6JD9EWrTx2j4GeGpzfWxfQgGsZTpuvy+4hQpPQ9w8
wDWAWXocSeTX6pfZhsV3Ot/mFN9nHeDSbL1hC7/hKyxXcd5ntW4BbWbJMovYajK4
3W9MonQiArBXD5rb18Vk2LyLSXkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBST+Eor
QW6eFSLe6KgKd3UAPhO+kjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTM4MDM3YzUtNzBhNi00YjQ1LWI4NGMtYjRhZjgwMTVhZjM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CkA
MA0GCSqGSIb3DQEBCwUAA4IBAQC4ii2afsRDIjcmHcjxllNIUJvjiYa+KcIUXGnW
zTKmojVhNqnbl76MJ1JZdaAbeZBgGgiIL5rq1/xOaOVRUrUdSRKqxFIg8Hr3KZPl
ulMTBMVSFs1XfwV93S6TqkrGYk1QEnKLpMbpcrzlsLpvzxulW3SDQDqZgLQGviwV
AOVtAYsLlrs5JTuCOvoLPjzR00946wmx7sxYyJxMwBPhY+LmdS87qhe0dnDon015
NumbrKgvFGvzVa5ODJkUnytUt896r3Ta0W/EWP+KIUzbctrEF9cBETf7hrWU7eJF
w44nYPUXKGWO7FvxH9eeo8PLxJs7dfX63Kd8Rz6N9CMHaIv1
-----END CERTIFICATE-----