Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c753331a-9b4d-4856-abb9-330765ad02d0.roa
File:                     c753331a-9b4d-4856-abb9-330765ad02d0.roa (raw, json)
Hash identifier:          qopKtxgwfxkLiNxRwkJwSsfQB6ZxHQcVLt8mso03mfk=
Subject key identifier:   E9:BD:C2:9B:40:EC:7B:8E:51:1E:C8:93:FE:FB:22:7F:AD:36:F4:A3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       16F7A999C3BAFA9F3F4AE604ACF25C9AA49B8F58
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c753331a-9b4d-4856-abb9-330765ad02d0.roa
Signing time:             Wed 26 Mar 2025 19:21:56 +0000
ROA not before:           Wed 26 Mar 2025 19:21:56 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:8c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:f7:a9:99:c3:ba:fa:9f:3f:4a:e6:04:ac:f2:5c:9a:a4:9b:8f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:21:56 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:d3:ff:45:6b:95:d9:39:9f:f5:5b:36:d3:e8:
                    41:6e:bd:c7:96:65:ee:b9:80:87:d4:5c:16:0f:0b:
                    79:97:b7:79:b2:8e:25:a6:57:8e:33:c5:e9:ab:83:
                    40:75:9a:b4:7b:c9:60:37:d4:80:2f:4a:ca:1a:2c:
                    77:ab:03:db:cb:df:1f:97:d6:c7:68:39:3b:2b:d7:
                    23:5a:89:0a:4d:f9:85:8c:36:6c:ed:aa:21:d7:91:
                    13:da:63:d9:25:60:66:e9:b4:e2:1e:43:da:43:d6:
                    9d:61:dc:c7:ce:3b:be:6a:60:4a:2e:5d:c1:2f:df:
                    a9:cc:08:f8:5f:bc:60:53:92:16:ea:00:3b:f1:c6:
                    77:61:10:de:e1:cf:8c:47:0d:d6:72:18:31:ce:1b:
                    38:f7:01:f6:a0:a6:63:1d:49:e9:48:cb:9a:1a:80:
                    dc:aa:ae:7d:ce:a9:9a:28:c9:51:36:12:60:ce:0d:
                    ee:93:fc:5d:f5:77:9c:eb:f8:3d:12:b8:9f:9d:d2:
                    a7:71:d7:b3:06:32:88:05:f8:00:b1:c7:df:99:e9:
                    69:00:ca:53:02:65:1b:b1:8f:fc:63:aa:2d:9e:d0:
                    e5:14:53:0e:b0:20:5d:bb:a7:6c:4f:ed:01:1c:55:
                    01:1a:f0:88:98:54:88:91:bf:90:42:3b:d7:db:6b:
                    9e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:BD:C2:9B:40:EC:7B:8E:51:1E:C8:93:FE:FB:22:7F:AD:36:F4:A3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c753331a-9b4d-4856-abb9-330765ad02d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:8c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         ad:45:45:39:27:e7:96:99:84:36:c1:e7:7b:fc:dd:7f:df:2a:
         e2:01:d9:3b:0a:ee:84:3a:57:8f:97:0b:30:4f:9b:01:e4:91:
         6f:2d:18:38:cd:9f:00:b6:ef:be:c2:c7:1b:09:c5:c0:e3:78:
         62:6e:4a:5d:ac:db:1d:bc:4b:9b:0d:b4:0c:c8:fd:cb:55:b0:
         6a:ea:26:c7:c5:00:bc:b1:a2:d4:04:7d:db:c7:7c:45:18:b3:
         46:f3:6b:89:b8:b1:35:8c:4b:ac:01:4a:af:55:43:e6:d0:56:
         fc:c6:38:ff:f5:4b:7c:f8:b2:f8:d1:29:cf:bd:b6:40:56:c9:
         84:9e:97:4d:21:a9:b3:a3:dc:c1:dd:c5:e9:a3:97:67:9c:16:
         a2:c3:b4:83:1d:b9:58:87:0d:75:ee:e0:d5:a7:68:e3:2c:74:
         b9:73:42:cb:08:52:2e:51:e6:7f:16:9e:4f:54:5c:77:9a:2d:
         9d:13:8e:4f:b0:8c:e5:3d:5d:b7:4c:8c:df:91:41:6f:bb:28:
         af:93:7f:79:35:ff:0f:7b:5a:0b:54:ce:31:2a:a1:0b:7e:2e:
         65:e5:5c:9f:c3:8f:5f:bb:f9:3c:2e:68:4d:d5:2d:22:16:06:
         dc:e3:70:e8:aa:dd:4b:ad:be:41:7a:aa:9f:18:3d:d4:52:a8:
         ee:a5:ba:f6
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFvepmcO6+p8/SuYErPJcmqSbj1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTIxNTZaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwMTc3OTk5YmEyOWRlZThjZDYxYzg1MThhZTY2MjRiNzlkODdmYzE3N2Qy
YjMyYjgyNGYxMjJkZmMwZGQzNzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOXT/0Vrldk5n/VbNtPoQW69x5Zl7rmAh9RcFg8LeZe3ebKOJaZXjjPF6auD
QHWatHvJYDfUgC9Kyhosd6sD28vfH5fWx2g5OyvXI1qJCk35hYw2bO2qIdeRE9pj
2SVgZum04h5D2kPWnWHcx847vmpgSi5dwS/fqcwI+F+8YFOSFuoAO/HGd2EQ3uHP
jEcN1nIYMc4bOPcB9qCmYx1J6UjLmhqA3Kqufc6pmijJUTYSYM4N7pP8XfV3nOv4
PRK4n53Sp3HXswYyiAX4ALHH35npaQDKUwJlG7GP/GOqLZ7Q5RRTDrAgXbunbE/t
ARxVARrwiJhUiJG/kEI719trnmkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTpvcKb
QOx7jlEeyJP++yJ/rTb0ozAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzc1MzMzMWEtOWI0ZC00ODU2LWFiYjktMzMwNzY1YWQwMmQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DUI
wDANBgkqhkiG9w0BAQsFAAOCAQEArUVFOSfnlpmENsHne/zdf98q4gHZOwruhDpX
j5cLME+bAeSRby0YOM2fALbvvsLHGwnFwON4Ym5KXazbHbxLmw20DMj9y1Wwauom
x8UAvLGi1AR928d8RRizRvNribixNYxLrAFKr1VD5tBW/MY4//VLfPiy+NEpz722
QFbJhJ6XTSGps6Pcwd3F6aOXZ5wWosO0gx25WIcNde7g1ado4yx0uXNCywhSLlHm
fxaeT1Rcd5otnROOT7CM5T1dt0yM35FBb7sor5N/eTX/D3taC1TOMSqhC34uZeVc
n8OPX7v5PC5oTdUtIhYG3ONw6KrdS62+QXqqnxg91FKo7qW69g==
-----END CERTIFICATE-----