Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/533769c8-002c-491c-9b99-324fe9f5743c.roa
File:                     533769c8-002c-491c-9b99-324fe9f5743c.roa (raw, json)
Hash identifier:          XtHoZqrkYAxY2/YDTWQ+KZbFdPF77YEjIjAU8/Q26TE=
Subject key identifier:   15:0D:F7:58:4B:F0:79:F1:FB:BD:27:7A:01:90:B0:29:8D:B3:BA:94
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6BABA2DE4C934CC7BAAB4A15C311C33061E269A7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/533769c8-002c-491c-9b99-324fe9f5743c.roa
Signing time:             Wed 05 Mar 2025 17:50:21 +0000
ROA not before:           Wed 05 Mar 2025 17:50:21 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d022::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:ab:a2:de:4c:93:4c:c7:ba:ab:4a:15:c3:11:c3:30:61:e2:69:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:50:21 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:74:a6:81:da:a1:ed:c2:40:4f:9c:78:6b:1c:
                    3a:63:4e:6d:8c:21:1d:b7:00:a1:92:63:14:54:c0:
                    16:1e:56:0c:dd:fe:fd:71:03:e8:53:01:81:73:52:
                    fb:70:f7:c9:3b:50:f6:2d:83:3f:2a:5d:de:ed:27:
                    68:bf:62:3b:50:10:d1:eb:8b:03:9b:f7:b6:f0:f6:
                    62:a7:93:19:e4:a3:77:69:34:de:d1:c9:74:46:54:
                    ac:a6:a7:2e:95:df:11:6a:27:83:16:ff:f2:f7:50:
                    da:17:f1:30:c0:c2:3a:9f:be:63:e7:6a:be:89:5c:
                    c8:80:2c:c9:30:ae:a1:1a:d9:df:9a:30:3e:ad:02:
                    4f:23:8e:a9:7b:90:68:f8:cd:2f:5b:5c:87:d5:da:
                    60:93:e9:e2:d3:85:f1:c6:df:27:3d:78:fb:b2:20:
                    d4:25:d5:54:4b:a1:f9:02:ab:1f:67:f7:37:cd:3c:
                    c0:04:15:fa:28:8e:35:61:c7:2f:6d:9b:fd:d3:21:
                    9a:f3:81:2e:66:55:b3:47:d3:33:15:53:6b:83:44:
                    15:c2:1a:e6:43:4d:26:dc:19:5f:29:fe:de:62:95:
                    fa:95:ce:b2:4f:05:ae:fa:a7:95:d3:d9:d0:17:03:
                    74:8b:b6:d4:cb:d2:7f:1d:58:0b:53:e5:1d:2a:92:
                    a8:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:0D:F7:58:4B:F0:79:F1:FB:BD:27:7A:01:90:B0:29:8D:B3:BA:94
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/533769c8-002c-491c-9b99-324fe9f5743c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d022::/36

    Signature Algorithm: sha256WithRSAEncryption
         5e:a7:d7:4f:95:0e:21:e3:2d:37:d3:eb:22:48:27:10:8a:b9:
         71:6d:2a:8c:02:ef:cd:f2:bf:44:dd:5e:70:b6:25:0a:b3:61:
         35:04:8a:5f:b2:1d:93:48:d6:08:c2:05:8d:dd:a1:59:6d:24:
         17:f4:ee:00:d8:c2:4a:b8:6c:24:83:2d:74:cd:08:03:cb:7d:
         03:04:c6:9a:a9:ba:02:2d:36:6a:33:7c:22:22:f7:90:ce:d7:
         e0:3e:91:dc:62:86:5c:c3:a2:46:79:e7:3a:d6:54:51:bd:7c:
         01:46:67:3a:56:8c:58:8c:04:2e:44:21:16:b3:b3:26:bc:31:
         09:77:d4:e1:57:4d:1c:8e:47:ca:b2:64:2f:2e:54:f2:59:40:
         65:96:9b:16:56:7d:2d:5c:2b:aa:42:3b:4b:d0:39:8f:e0:67:
         7a:91:b0:fe:91:ba:f8:1d:04:6e:a1:32:5f:8f:be:2b:a7:e1:
         c4:af:cb:20:23:94:c5:46:54:fa:f8:37:b1:da:2e:5c:33:5d:
         ff:10:b6:2b:40:b2:ad:d1:33:d6:6c:22:4a:aa:15:d4:b3:7b:
         28:b4:37:95:2e:29:a4:5e:c9:4c:4a:da:fe:e1:58:9a:89:4b:
         50:ed:33:c5:ec:99:98:26:c8:6a:b5:3a:ca:6e:de:a3:bc:5e:
         dc:0a:62:58
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUa6ui3kyTTMe6q0oVwxHDMGHiaacwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzUwMjFaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGFlOTM4ZmYzYjU1M2EzZDA5ZGNjOGE2MmQyNDJkODFiNTUxNzU0NGI5MjYx
NWE0NWI4ZDM5YmQxZDhmODE0NTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKF0poHaoe3CQE+ceGscOmNObYwhHbcAoZJjFFTAFh5WDN3+/XED6FMBgXNS
+3D3yTtQ9i2DPypd3u0naL9iO1AQ0euLA5v3tvD2YqeTGeSjd2k03tHJdEZUrKan
LpXfEWongxb/8vdQ2hfxMMDCOp++Y+dqvolcyIAsyTCuoRrZ35owPq0CTyOOqXuQ
aPjNL1tch9XaYJPp4tOF8cbfJz14+7Ig1CXVVEuh+QKrH2f3N808wAQV+iiONWHH
L22b/dMhmvOBLmZVs0fTMxVTa4NEFcIa5kNNJtwZXyn+3mKV+pXOsk8FrvqnldPZ
0BcDdIu21MvSfx1YC1PlHSqSqEUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQVDfdY
S/B58fu9J3oBkLApjbO6lDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTMzNzY5YzgtMDAyYy00OTFjLTliOTktMzI0ZmU5ZjU3NDNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CIA
MA0GCSqGSIb3DQEBCwUAA4IBAQBep9dPlQ4h4y030+siSCcQirlxbSqMAu/N8r9E
3V5wtiUKs2E1BIpfsh2TSNYIwgWN3aFZbSQX9O4A2MJKuGwkgy10zQgDy30DBMaa
qboCLTZqM3wiIveQztfgPpHcYoZcw6JGeec61lRRvXwBRmc6VoxYjAQuRCEWs7Mm
vDEJd9ThV00cjkfKsmQvLlTyWUBllpsWVn0tXCuqQjtL0DmP4Gd6kbD+kbr4HQRu
oTJfj74rp+HEr8sgI5TFRlT6+Dex2i5cM13/ELYrQLKt0TPWbCJKqhXUs3sotDeV
LimkXslMStr+4ViaiUtQ7TPF7JmYJshqtTrKbt6jvF7cCmJY
-----END CERTIFICATE-----