Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caeeaf61-b927-4d38-b398-1efb2c05d49e.roa
File:                     caeeaf61-b927-4d38-b398-1efb2c05d49e.roa (raw, json)
Hash identifier:          EFcU+BuL/TxCkr2tf7Ij4G7rh7gqod8g1i1I6E0ERNw=
Subject key identifier:   CB:A4:39:F1:B7:4F:DE:D2:A7:12:31:6A:F3:18:03:D7:02:86:76:F2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       75AC8594F9B7D7472E6E71FE0A892C44E82F0EF5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caeeaf61-b927-4d38-b398-1efb2c05d49e.roa
Signing time:             Wed 26 Mar 2025 19:37:03 +0000
ROA not before:           Wed 26 Mar 2025 19:37:03 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:ac:85:94:f9:b7:d7:47:2e:6e:71:fe:0a:89:2c:44:e8:2f:0e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:37:03 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a9:c1:79:8e:b8:fa:5d:8e:84:8a:2b:e4:be:
                    3a:04:6d:98:1f:d9:f1:bc:d4:15:51:03:51:38:e6:
                    e5:2d:05:86:fd:cf:6a:8a:66:c8:cd:cc:e4:82:46:
                    62:07:7f:4f:86:d9:2b:10:29:cb:bb:a4:dd:a3:61:
                    c2:09:7d:41:57:11:33:fe:e8:17:5b:39:82:92:a4:
                    a6:d8:74:30:b2:08:29:af:88:46:47:5b:57:48:19:
                    42:5a:e5:a0:b8:36:53:9c:fa:0b:dd:ed:47:32:9a:
                    12:ea:52:9c:ec:b2:7e:23:ba:3a:14:60:83:8a:af:
                    5a:28:c5:85:eb:58:02:2f:2e:09:2e:bf:5d:80:8b:
                    7b:13:cb:17:c5:17:5c:cc:90:a9:e3:67:30:ac:26:
                    84:ee:5d:be:7f:9e:ec:03:36:a1:b8:29:c1:4a:43:
                    22:c8:9c:97:c7:d8:11:a9:33:e4:3c:56:5c:ee:09:
                    a4:b5:a9:09:6f:20:94:37:32:85:b1:6b:41:e7:34:
                    c1:2d:94:a1:04:4e:3e:20:06:6a:1f:2e:07:ea:61:
                    c7:a9:d9:c1:60:73:f6:b1:8b:04:77:ed:4e:9e:b9:
                    b2:8a:ed:24:d2:d3:83:40:a8:2e:96:70:49:11:0c:
                    46:1f:e1:c5:eb:85:af:f2:23:0a:ee:0a:08:33:d1:
                    31:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A4:39:F1:B7:4F:DE:D2:A7:12:31:6A:F3:18:03:D7:02:86:76:F2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caeeaf61-b927-4d38-b398-1efb2c05d49e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         75:56:38:11:9d:df:99:e0:54:3b:b1:47:69:55:0f:f2:8b:92:
         bb:8b:f2:d1:d9:94:16:fc:43:7a:24:a1:68:c5:6d:40:0b:7e:
         c7:b3:69:b0:a0:de:33:2f:99:f5:be:ca:e6:e1:b5:03:cb:1d:
         e4:04:2d:44:74:be:75:64:f6:b7:ed:4c:cf:bd:0b:8e:21:fb:
         07:20:07:e8:19:cc:b7:d5:7f:2d:f2:8c:b5:23:90:e2:05:12:
         04:a5:ef:5c:a0:9e:ab:4f:8c:bb:96:c7:80:48:40:c1:89:25:
         a8:8e:fa:53:3b:b1:55:22:0b:34:96:05:0f:72:91:95:c0:5f:
         4c:e8:e2:2e:b8:e4:14:15:9d:a5:09:de:d6:0f:0d:01:ee:71:
         f5:b3:a7:57:f1:11:a1:e1:88:40:39:5f:d1:0e:97:32:65:9c:
         4e:19:a2:95:a3:6e:db:26:ea:34:9f:9a:f4:89:9a:15:a8:7a:
         07:bd:60:70:81:e2:30:70:db:8a:81:f3:5c:fc:fa:98:e6:23:
         86:40:ee:d8:23:dd:d2:74:95:0e:10:32:02:e3:66:29:4d:16:
         48:09:ef:ca:03:c8:73:d2:63:a3:ec:c8:21:38:a6:60:f1:30:
         5b:75:98:ea:db:1d:56:00:aa:04:24:1c:24:88:12:2d:63:5b:
         7e:83:a3:17
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdayFlPm310cubnH+CoksROgvDvUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTM3MDNaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDViODgzOTIzYWIyYjJhMTA3ODNhNmU3OTBmMjI2MWE2N2NkZWJjMjAzYTZi
NTE2ZjdkMTA3ZmFlNzQ5MmJjMTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANqpwXmOuPpdjoSKK+S+OgRtmB/Z8bzUFVEDUTjm5S0Fhv3PaopmyM3M5IJG
Ygd/T4bZKxApy7uk3aNhwgl9QVcRM/7oF1s5gpKkpth0MLIIKa+IRkdbV0gZQlrl
oLg2U5z6C93tRzKaEupSnOyyfiO6OhRgg4qvWijFhetYAi8uCS6/XYCLexPLF8UX
XMyQqeNnMKwmhO5dvn+e7AM2obgpwUpDIsicl8fYEakz5DxWXO4JpLWpCW8glDcy
hbFrQec0wS2UoQROPiAGah8uB+phx6nZwWBz9rGLBHftTp65sortJNLTg0CoLpZw
SREMRh/hxeuFr/IjCu4KCDPRMXcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTLpDnx
t0/e0qcSMWrzGAPXAoZ28jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2FlZWFmNjEtYjkyNy00ZDM4LWIzOTgtMWVmYjJjMDVkNDllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FgI
MA0GCSqGSIb3DQEBCwUAA4IBAQB1VjgRnd+Z4FQ7sUdpVQ/yi5K7i/LR2ZQW/EN6
JKFoxW1AC37Hs2mwoN4zL5n1vsrm4bUDyx3kBC1EdL51ZPa37UzPvQuOIfsHIAfo
Gcy31X8t8oy1I5DiBRIEpe9coJ6rT4y7lseASEDBiSWojvpTO7FVIgs0lgUPcpGV
wF9M6OIuuOQUFZ2lCd7WDw0B7nH1s6dX8RGh4YhAOV/RDpcyZZxOGaKVo27bJuo0
n5r0iZoVqHoHvWBwgeIwcNuKgfNc/PqY5iOGQO7YI93SdJUOEDIC42YpTRZICe/K
A8hz0mOj7MghOKZg8TBbdZjq2x1WAKoEJBwkiBItY1t+g6MX
-----END CERTIFICATE-----