Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6a5acff-b5d8-4c80-9ecc-9415406576f2.roa
File:                     c6a5acff-b5d8-4c80-9ecc-9415406576f2.roa (raw, json)
Hash identifier:          OlzdWU3tDogPw9Wov3Mc8I/TF6DAacLpOp0f8MwXPRs=
Subject key identifier:   DC:C9:85:64:85:EF:7D:08:3C:F1:43:33:64:1A:F1:16:E8:53:71:91
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       355F16E652368E549CACA57051F7A5E5BCF57938
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6a5acff-b5d8-4c80-9ecc-9415406576f2.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d075:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:5f:16:e6:52:36:8e:54:9c:ac:a5:70:51:f7:a5:e5:bc:f5:79:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f0:0f:0f:97:2b:d2:f3:97:88:60:65:e7:1b:
                    2e:f6:42:37:3f:14:83:d5:52:c7:02:03:e6:3f:3c:
                    a3:a3:23:3f:3e:f7:74:6a:c2:52:ec:0b:f3:de:52:
                    07:59:10:5f:93:c9:9e:25:c2:fb:80:c7:41:b8:1d:
                    a4:8a:14:df:c4:df:13:1e:27:a5:87:28:a7:43:e2:
                    74:6f:39:8e:df:82:3d:a8:cb:e6:09:f5:77:16:7b:
                    34:fc:d5:28:88:d2:be:98:e9:03:e1:65:0b:07:cb:
                    7a:f1:3c:46:a3:80:a6:86:1a:9e:ea:ca:ab:1f:47:
                    cd:67:32:3e:15:10:ef:45:66:9c:7e:20:77:1e:ac:
                    07:33:4d:09:0f:05:99:a4:d8:32:0e:64:df:48:76:
                    54:4b:ec:68:c9:87:2f:bd:07:58:0b:6c:ad:00:e7:
                    83:ca:a1:4a:d7:d4:3b:7d:b7:6a:ea:71:1c:fe:cc:
                    2f:21:fc:2c:75:6a:5b:7e:4a:50:d0:96:da:fb:16:
                    2a:de:4a:ed:0a:66:35:00:b2:8a:a7:4e:d8:75:76:
                    a1:18:cf:a8:e3:8b:f5:c5:54:cf:f9:94:94:a9:e9:
                    c4:c9:a6:5f:d0:45:e5:cf:4b:e4:81:5b:23:b9:4b:
                    89:f0:79:cf:92:0b:5e:f0:93:07:d5:c9:97:5c:cc:
                    2f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C9:85:64:85:EF:7D:08:3C:F1:43:33:64:1A:F1:16:E8:53:71:91
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6a5acff-b5d8-4c80-9ecc-9415406576f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d075:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:d4:14:12:ed:1e:92:1c:4f:d0:8f:50:2f:04:ea:b9:f2:ce:
         65:70:7a:33:9e:58:87:cb:04:13:19:0e:c7:ef:49:c2:0a:68:
         eb:c8:2e:52:c2:59:eb:1e:cf:2d:da:9d:55:34:21:5e:d2:35:
         b1:63:35:c5:be:ea:b6:d1:5e:82:76:d0:ed:ea:83:bd:d4:d3:
         27:9f:af:e6:0c:55:68:ef:6e:b1:70:d1:3b:8c:56:16:96:83:
         09:35:33:f2:c2:80:6b:8a:8b:70:52:e4:48:55:34:32:47:a0:
         9d:1b:eb:b2:87:6e:55:4c:95:87:c9:64:6d:63:f3:bc:3d:63:
         b7:85:a8:b0:7c:df:f0:79:f1:0b:58:26:a8:e3:19:aa:a6:43:
         bb:bc:9e:07:e5:f5:a4:1c:8f:4e:41:67:54:2c:7a:64:30:67:
         f4:9a:9d:30:6d:8f:bf:a0:32:e5:6e:f2:81:ac:cb:38:ed:c2:
         3a:e9:20:e1:69:14:58:d4:60:de:55:8d:80:37:bb:3e:a0:13:
         7f:5e:b3:c2:73:98:f7:9c:21:17:0e:3a:77:7b:92:49:e1:fe:
         70:fb:db:5b:2e:7f:3c:72:61:c0:54:0d:d0:ca:d2:e9:95:ae:
         54:96:27:b0:cf:60:5d:0d:c7:ea:4e:66:5d:b4:28:48:db:8e:
         db:e5:56:e7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNV8W5lI2jlScrKVwUfel5bz1eTgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDMwNWE5YjUyYjQzYjg2MmE3MDM2YjZhYmY5MWIxYjM5YzVmNWIyMmYxYmM2
ZjJhM2JiMDRhZDA3MWM4YjMwNmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALLwDw+XK9Lzl4hgZecbLvZCNz8Ug9VSxwID5j88o6MjPz73dGrCUuwL895S
B1kQX5PJniXC+4DHQbgdpIoU38TfEx4npYcop0PidG85jt+CPajL5gn1dxZ7NPzV
KIjSvpjpA+FlCwfLevE8RqOApoYanurKqx9HzWcyPhUQ70VmnH4gdx6sBzNNCQ8F
maTYMg5k30h2VEvsaMmHL70HWAtsrQDng8qhStfUO323aupxHP7MLyH8LHVqW35K
UNCW2vsWKt5K7QpmNQCyiqdO2HV2oRjPqOOL9cVUz/mUlKnpxMmmX9BF5c9L5IFb
I7lLifB5z5ILXvCTB9XJl1zMLzkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTcyYVk
he99CDzxQzNkGvEW6FNxkTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzZhNWFjZmYtYjVkOC00YzgwLTllY2MtOTQxNTQwNjU3NmYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HUg
MA0GCSqGSIb3DQEBCwUAA4IBAQDC1BQS7R6SHE/Qj1AvBOq58s5lcHoznliHywQT
GQ7H70nCCmjryC5SwlnrHs8t2p1VNCFe0jWxYzXFvuq20V6CdtDt6oO91NMnn6/m
DFVo726xcNE7jFYWloMJNTPywoBriotwUuRIVTQyR6CdG+uyh25VTJWHyWRtY/O8
PWO3haiwfN/wefELWCao4xmqpkO7vJ4H5fWkHI9OQWdULHpkMGf0mp0wbY+/oDLl
bvKBrMs47cI66SDhaRRY1GDeVY2AN7s+oBN/XrPCc5j3nCEXDjp3e5JJ4f5w+9tb
Ln88cmHAVA3QytLpla5Uliewz2BdDcfqTmZdtChI247b5Vbn
-----END CERTIFICATE-----