Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/01edd097-8881-46b9-b8a4-4897174f4b86.roa
File:                     01edd097-8881-46b9-b8a4-4897174f4b86.roa (raw, json)
Hash identifier:          MdRaFUeF8J6lsMgHC7wy2CNyc7X3c3W4lrQoRNQsQSk=
Subject key identifier:   1D:59:3C:37:8B:76:B8:BA:AE:EA:15:AD:49:E8:E0:B6:A7:4A:C5:1D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1A89CC6A2770797C6C885AF06E421CD7CBAB112C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/01edd097-8881-46b9-b8a4-4897174f4b86.roa
Signing time:             Mon 10 Feb 2025 00:00:00 +0000
ROA not before:           Mon 10 Feb 2025 00:00:00 +0000
ROA not after:            Mon 17 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:89:cc:6a:27:70:79:7c:6c:88:5a:f0:6e:42:1c:d7:cb:ab:11:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb 10 00:00:00 2025 GMT
            Not After : Mar 17 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:40:23:2e:9d:ba:05:97:3f:d3:ed:82:63:d2:
                    25:2a:10:36:12:25:4d:6a:42:4c:47:56:d0:29:15:
                    0f:6a:1c:d9:d0:f4:9f:ef:f7:04:ac:c2:e2:98:e2:
                    99:70:b0:cf:21:d6:2f:54:7a:88:af:cb:0a:7c:b8:
                    ca:aa:7f:4e:ad:b4:f4:16:28:2d:c1:e3:c7:fc:d6:
                    de:00:9f:f0:e1:ff:3e:61:a2:3d:2e:2b:fb:19:5f:
                    60:dc:c1:40:f8:6a:5d:39:98:26:d7:81:93:28:fa:
                    b1:0f:80:86:4c:7f:40:8a:78:8a:fc:90:e1:b3:9d:
                    79:58:ca:7d:e4:f4:d5:82:86:b7:c8:f1:9e:d9:63:
                    63:5d:01:9d:2e:e7:73:d7:91:d9:37:02:b2:4e:0d:
                    09:bf:db:fc:39:de:74:41:c5:f7:ab:8f:35:e7:bb:
                    a7:61:c2:f9:1c:dc:c1:4d:0b:15:fc:cc:9f:47:82:
                    47:41:b4:b7:7c:43:59:f5:ae:00:fc:21:31:74:84:
                    bf:6d:ac:fc:7e:ef:43:7e:dc:87:4c:17:f2:b6:58:
                    4f:fc:98:b7:39:ac:a1:39:ec:1d:df:87:27:f0:e6:
                    d7:7e:72:b8:fe:9b:1c:c0:d3:53:bc:9f:d5:75:f5:
                    e7:36:19:72:20:55:35:6f:2d:6d:d1:32:ac:23:35:
                    f5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:59:3C:37:8B:76:B8:BA:AE:EA:15:AD:49:E8:E0:B6:A7:4A:C5:1D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/01edd097-8881-46b9-b8a4-4897174f4b86.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         36:a2:8d:c1:d2:27:4d:74:a2:33:77:fc:04:e9:bb:a5:15:7e:
         ab:49:c4:58:bf:9e:57:9e:48:8e:04:85:f3:b9:f6:f7:e6:e3:
         35:8f:85:e5:9b:c9:2c:97:f4:d1:60:86:99:42:e5:59:5d:c9:
         00:99:66:12:33:57:5d:58:e9:13:57:10:5a:9b:c2:31:f6:3f:
         fa:b0:ea:a5:5a:f6:e6:5b:6e:db:25:34:19:75:36:f8:0a:ee:
         a9:88:94:7c:a9:6f:f3:06:cc:7c:9f:ad:40:a5:c0:83:92:b0:
         58:1b:6f:7a:2c:b5:47:a2:2f:e3:35:97:4a:12:96:c3:ca:19:
         8d:28:68:80:36:2f:90:e6:a5:60:b1:f3:e5:a7:e4:e0:74:69:
         80:08:7c:f8:61:41:b3:1b:a0:96:22:d9:3e:2e:25:52:0d:35:
         34:23:9b:7d:12:5f:cc:64:f1:e9:e0:43:ce:c3:9b:6f:48:5d:
         57:3d:db:bd:d7:1f:0d:89:e1:e9:12:05:3d:bb:2c:c9:21:fc:
         a4:aa:5b:f7:1a:e9:58:a7:09:c4:e5:5c:0e:61:f2:9b:41:de:
         8b:aa:61:24:8b:46:2c:80:83:73:03:74:1f:df:50:b1:28:87:
         fd:7c:ff:a2:43:37:cf:90:16:2a:2a:6c:77:43:a1:c7:a8:7f:
         5d:b4:f2:1f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGonMaidweXxsiFrwbkIc18urESwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMTAwMDAwMDBaFw0yNTAzMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGRmZDM3MGQ3MmFkZDE1M2JlYzk4NzU2NmQ2NTE1MWNkYTIwYmMzZGFmMGIy
Y2Y3ODAzZmM2N2U1NjQzMjJjNjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALtAIy6dugWXP9PtgmPSJSoQNhIlTWpCTEdW0CkVD2oc2dD0n+/3BKzC4pji
mXCwzyHWL1R6iK/LCny4yqp/Tq209BYoLcHjx/zW3gCf8OH/PmGiPS4r+xlfYNzB
QPhqXTmYJteBkyj6sQ+Ahkx/QIp4ivyQ4bOdeVjKfeT01YKGt8jxntljY10BnS7n
c9eR2TcCsk4NCb/b/DnedEHF96uPNee7p2HC+RzcwU0LFfzMn0eCR0G0t3xDWfWu
APwhMXSEv22s/H7vQ37ch0wX8rZYT/yYtzmsoTnsHd+HJ/Dm135yuP6bHMDTU7yf
1XX15zYZciBVNW8tbdEyrCM19XkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQdWTw3
i3a4uq7qFa1J6OC2p0rFHTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDFlZGQwOTctODg4MS00NmI5LWI4YTQtNDg5NzE3NGY0Yjg2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FnA
MA0GCSqGSIb3DQEBCwUAA4IBAQA2oo3B0idNdKIzd/wE6bulFX6rScRYv55XnkiO
BIXzufb35uM1j4Xlm8ksl/TRYIaZQuVZXckAmWYSM1ddWOkTVxBam8Ix9j/6sOql
WvbmW27bJTQZdTb4Cu6piJR8qW/zBsx8n61ApcCDkrBYG296LLVHoi/jNZdKEpbD
yhmNKGiANi+Q5qVgsfPlp+TgdGmACHz4YUGzG6CWItk+LiVSDTU0I5t9El/MZPHp
4EPOw5tvSF1XPdu91x8NieHpEgU9uyzJIfykqlv3GulYpwnE5VwOYfKbQd6LqmEk
i0YsgINzA3Qf31CxKIf9fP+iQzfPkBYqKmx3Q6HHqH9dtPIf
-----END CERTIFICATE-----