Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb5ee4c1-dd36-49a9-8b09-89d58aa8035e.roa
File:                     cb5ee4c1-dd36-49a9-8b09-89d58aa8035e.roa (raw, json)
Hash identifier:          CT3TweDCnNqaBaTlD9XaFT0HvOB76QIDg4zb+X/DTuM=
Subject key identifier:   F2:67:B3:4B:18:19:C6:F7:50:43:96:E7:CB:AD:44:B7:92:58:F3:A7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       16623DEB0B9E6429C7975299774DA0C06DC44598
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb5ee4c1-dd36-49a9-8b09-89d58aa8035e.roa
Signing time:             Mon 31 Mar 2025 21:21:15 +0000
ROA not before:           Mon 31 Mar 2025 21:21:15 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d011:c00::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:62:3d:eb:0b:9e:64:29:c7:97:52:99:77:4d:a0:c0:6d:c4:45:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:21:15 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8c:78:ca:32:f9:3e:cd:41:7e:3b:af:77:0d:
                    95:c0:cb:bc:29:15:36:ce:26:a7:38:6a:e6:67:e9:
                    dd:87:b8:00:0f:01:24:0a:6a:93:b8:85:f1:49:d5:
                    02:a5:6c:13:75:aa:6a:12:ad:88:18:18:65:17:38:
                    a5:79:e6:d3:ff:d6:93:fd:72:4e:6a:b1:7f:f4:c0:
                    a0:d1:bc:2d:a3:cd:9e:df:94:cf:fc:e3:03:d9:ad:
                    1a:3f:52:47:1f:be:12:05:1e:b6:78:85:bc:8a:b3:
                    d1:68:35:2c:6c:d1:0c:41:a3:d6:f5:20:1b:f2:0b:
                    ce:8f:8a:4e:5c:e3:06:ed:60:21:37:ae:80:17:01:
                    00:02:c4:5e:04:d1:3a:94:82:06:3c:d0:be:20:97:
                    0c:66:07:fa:79:22:16:3f:1b:45:44:79:dd:d8:4a:
                    72:32:2c:d0:e3:b5:e2:1c:3b:3e:6b:a4:97:07:dd:
                    36:39:d5:cd:83:21:d0:d3:62:8c:49:3b:66:ae:f7:
                    16:89:45:fb:58:59:5e:72:6f:35:f5:c3:6d:af:40:
                    17:72:ee:6a:cb:5d:dc:cc:b8:cf:26:58:e3:0d:07:
                    f4:89:14:d3:ba:9d:1e:f4:97:60:5a:b1:49:30:d6:
                    42:68:3b:d7:53:03:1c:dd:e1:e0:00:b6:4d:3f:49:
                    51:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:67:B3:4B:18:19:C6:F7:50:43:96:E7:CB:AD:44:B7:92:58:F3:A7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb5ee4c1-dd36-49a9-8b09-89d58aa8035e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d011:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         27:ad:46:e2:de:44:84:ce:58:72:d9:42:04:d6:94:52:38:45:
         87:39:51:6c:61:92:94:0c:74:e7:41:ac:c1:94:41:ac:40:76:
         04:a7:cc:fd:a1:f2:e2:83:6a:a6:23:e8:ac:35:d0:cc:7e:95:
         20:ef:da:82:99:91:f9:64:6e:3a:9c:4c:78:5f:d6:38:2c:96:
         b7:a3:cc:e3:c6:14:1d:81:ea:d5:ae:ae:46:5c:9d:d3:bd:6a:
         a9:f2:5a:a2:e7:a0:2a:36:e5:1b:04:11:7b:d1:1e:e1:5b:69:
         2e:df:0a:46:91:ad:4e:ba:9b:0b:a4:59:69:a3:4b:d7:b8:34:
         cc:84:70:8f:9c:42:f5:1e:1b:d6:ed:4a:5b:29:f2:cf:60:67:
         41:44:05:6c:6d:9c:d8:fd:d8:ff:c3:71:d4:ec:8a:a7:e8:39:
         f3:e5:2c:35:6b:f4:db:1d:00:a4:7c:d8:f2:a3:2f:eb:0f:7f:
         c0:84:6d:ef:0b:64:79:23:d8:d8:cb:7e:0e:12:4a:7e:c6:80:
         80:3e:36:df:81:18:ed:f5:c2:2f:3f:23:76:bd:2b:e1:41:23:
         23:61:d7:35:bd:c9:34:cb:77:c0:b1:49:2e:8f:da:80:f5:64:
         50:2e:d2:11:87:54:c4:e6:78:74:fb:15:89:76:53:5b:a1:31:
         96:ef:ba:46
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFmI96wueZCnHl1KZd02gwG3ERZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTIxMTVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE4NTE2OTQxNzJhNjZjZmI5NmFlMzVjZjkxNmZlMDQ3OTM0YzQ5ZTNlZTlm
ZDU1MDM3YmQxZTVlZDllZmZmNTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI+MeMoy+T7NQX47r3cNlcDLvCkVNs4mpzhq5mfp3Ye4AA8BJApqk7iF8UnV
AqVsE3WqahKtiBgYZRc4pXnm0//Wk/1yTmqxf/TAoNG8LaPNnt+Uz/zjA9mtGj9S
Rx++EgUetniFvIqz0Wg1LGzRDEGj1vUgG/ILzo+KTlzjBu1gITeugBcBAALEXgTR
OpSCBjzQviCXDGYH+nkiFj8bRUR53dhKcjIs0OO14hw7PmuklwfdNjnVzYMh0NNi
jEk7Zq73FolF+1hZXnJvNfXDba9AF3Luastd3My4zyZY4w0H9IkU07qdHvSXYFqx
STDWQmg711MDHN3h4AC2TT9JUZcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTyZ7NL
GBnG91BDlufLrUS3kljzpzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2I1ZWU0YzEtZGQzNi00OWE5LThiMDktODlkNThhYTgwMzVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BEM
MA0GCSqGSIb3DQEBCwUAA4IBAQAnrUbi3kSEzlhy2UIE1pRSOEWHOVFsYZKUDHTn
QazBlEGsQHYEp8z9ofLig2qmI+isNdDMfpUg79qCmZH5ZG46nEx4X9Y4LJa3o8zj
xhQdgerVrq5GXJ3TvWqp8lqi56AqNuUbBBF70R7hW2ku3wpGka1OupsLpFlpo0vX
uDTMhHCPnEL1HhvW7UpbKfLPYGdBRAVsbZzY/dj/w3HU7Iqn6Dnz5Sw1a/TbHQCk
fNjyoy/rD3/AhG3vC2R5I9jYy34OEkp+xoCAPjbfgRjt9cIvPyN2vSvhQSMjYdc1
vck0y3fAsUkuj9qA9WRQLtIRh1TE5nh0+xWJdlNboTGW77pG
-----END CERTIFICATE-----