Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9963ca7c-f411-4aae-ac61-2c650f8269e0.roa
File:                     9963ca7c-f411-4aae-ac61-2c650f8269e0.roa (raw, json)
Hash identifier:          UIiBWc1WOGTSPowgWnrt3E03zwGSkcmF4Xi37IP8KBk=
Subject key identifier:   63:9B:8D:82:23:09:2A:17:D2:A2:B8:DF:51:29:FD:E8:E1:E1:50:45
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       35E7621033EE971029EF003EC5E84865FD90F1C8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9963ca7c-f411-4aae-ac61-2c650f8269e0.roa
Signing time:             Mon 31 Mar 2025 21:10:08 +0000
ROA not before:           Mon 31 Mar 2025 21:10:08 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d011:400::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:e7:62:10:33:ee:97:10:29:ef:00:3e:c5:e8:48:65:fd:90:f1:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:10:08 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:53:9a:99:a7:16:6b:b5:b0:a6:26:7e:5d:0b:
                    e1:b9:c4:2a:52:04:6f:cc:f4:5a:53:5a:61:41:d1:
                    9e:7b:89:49:84:8d:1a:f9:84:a9:4a:96:17:05:5a:
                    fa:e6:83:6d:fd:cd:61:93:e8:ca:80:fd:f5:df:5f:
                    0e:f1:3d:67:fa:3d:cd:f1:00:91:5e:09:08:42:2f:
                    ba:c4:15:50:a8:6d:bc:e2:33:95:e5:d6:7d:7c:48:
                    4d:f5:0c:c5:7e:11:45:54:86:10:ed:be:10:22:1f:
                    3f:b6:f0:ab:77:6e:98:21:4d:69:e1:38:da:86:86:
                    35:11:cb:7c:0f:84:3c:a0:a8:7b:8b:cb:5a:c0:55:
                    6b:8a:54:eb:d8:9a:4c:04:5b:bc:28:57:d1:65:28:
                    52:69:ab:05:fe:a9:21:b3:a9:3f:1c:6c:c1:3b:e1:
                    4e:23:b5:88:ee:60:86:07:78:3c:48:df:77:dd:a2:
                    96:d2:30:c6:80:32:e5:c9:a6:1e:91:19:cc:8e:37:
                    5a:83:5f:21:4a:87:d7:64:a2:f8:34:5c:66:e5:d5:
                    1b:b8:65:eb:50:02:df:4c:bc:60:68:b0:3a:ad:bb:
                    f4:93:a1:39:42:4c:17:95:9e:ad:cd:fc:7a:e9:81:
                    92:08:67:33:a9:11:02:dc:29:1d:8a:95:7c:63:f5:
                    83:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:9B:8D:82:23:09:2A:17:D2:A2:B8:DF:51:29:FD:E8:E1:E1:50:45
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9963ca7c-f411-4aae-ac61-2c650f8269e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d011:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         64:27:33:97:ea:f7:11:1c:47:1c:5c:0c:d4:d2:d1:fd:71:54:
         9d:a0:f2:e8:30:de:92:6d:e9:2b:80:3a:19:19:27:78:ba:41:
         c6:10:dc:16:5c:13:6e:3c:8c:82:bf:0c:8f:94:74:b8:4f:74:
         1f:5a:43:f3:99:c8:02:63:bc:0e:43:71:3c:56:a5:88:31:20:
         74:c0:fc:bc:f7:ac:ea:32:59:d0:53:90:05:74:3f:60:9f:f7:
         2d:3b:02:16:ac:d6:56:ed:84:91:5e:4c:60:55:01:54:0a:47:
         d0:55:29:5c:91:cb:fb:9a:59:88:2b:c3:00:98:1c:34:af:ad:
         3f:5b:73:37:7c:ab:07:58:b0:bb:1c:31:64:2a:3d:68:88:41:
         e7:2a:35:22:8a:cb:13:75:f6:98:46:f8:71:13:c3:68:e0:f9:
         94:42:ae:3c:0c:9f:2b:0d:a9:23:ce:4b:94:2b:ca:e1:7a:50:
         b1:76:4e:04:29:98:6e:60:2f:71:d7:95:79:8f:17:03:6c:86:
         48:13:9f:dd:40:86:b3:67:0e:78:98:80:9d:3b:54:8c:da:a2:
         f4:a1:43:39:1e:75:0b:f8:2e:ab:c1:cd:e7:c8:df:e0:e7:03:
         6b:f5:41:50:8d:27:b3:ed:32:ae:9a:67:b6:f1:00:b1:89:94:
         9a:a8:98:a1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNediEDPulxAp7wA+xehIZf2Q8cgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTEwMDhaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ4MWM0YzgyMjZkOTE4OGZlZTlhNTQ3ZjVhMTMxMzEwMzMwNTY1N2FjNzUx
OGY1OWM0Zjg3N2E5Njc4ZDg3NmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKBTmpmnFmu1sKYmfl0L4bnEKlIEb8z0WlNaYUHRnnuJSYSNGvmEqUqWFwVa
+uaDbf3NYZPoyoD99d9fDvE9Z/o9zfEAkV4JCEIvusQVUKhtvOIzleXWfXxITfUM
xX4RRVSGEO2+ECIfP7bwq3dumCFNaeE42oaGNRHLfA+EPKCoe4vLWsBVa4pU69ia
TARbvChX0WUoUmmrBf6pIbOpPxxswTvhTiO1iO5ghgd4PEjfd92iltIwxoAy5cmm
HpEZzI43WoNfIUqH12Si+DRcZuXVG7hl61AC30y8YGiwOq279JOhOUJMF5Werc38
eumBkghnM6kRAtwpHYqVfGP1gxkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRjm42C
IwkqF9KiuN9RKf3o4eFQRTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTk2M2NhN2MtZjQxMS00YWFlLWFjNjEtMmM2NTBmODI2OWUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BEE
MA0GCSqGSIb3DQEBCwUAA4IBAQBkJzOX6vcRHEccXAzU0tH9cVSdoPLoMN6Sbekr
gDoZGSd4ukHGENwWXBNuPIyCvwyPlHS4T3QfWkPzmcgCY7wOQ3E8VqWIMSB0wPy8
96zqMlnQU5AFdD9gn/ctOwIWrNZW7YSRXkxgVQFUCkfQVSlckcv7mlmIK8MAmBw0
r60/W3M3fKsHWLC7HDFkKj1oiEHnKjUiissTdfaYRvhxE8No4PmUQq48DJ8rDakj
zkuUK8rhelCxdk4EKZhuYC9x15V5jxcDbIZIE5/dQIazZw54mICdO1SM2qL0oUM5
HnUL+C6rwc3nyN/g5wNr9UFQjSez7TKumme28QCxiZSaqJih
-----END CERTIFICATE-----