Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
File:                     0f3fbd71-85b4-48a7-8479-e942c9578262.roa (raw, json)
Hash identifier:          au34i28WiSIk0++uiE4oNpwOeQeIP/Ua+U4PF+9YFgk=
Subject key identifier:   C8:44:60:21:32:46:AC:74:60:8C:69:95:C7:1E:F5:45:C4:E7:9E:EE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4D54EEB4B7315BE00F5940CDFBD902FD44CBBAB8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d071:1000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:54:ee:b4:b7:31:5b:e0:0f:59:40:cd:fb:d9:02:fd:44:cb:ba:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:50:cb:9a:fc:f1:d3:9c:bc:00:92:66:f4:05:
                    ea:a5:06:35:f5:98:3c:5b:2d:c4:f5:48:c0:d3:22:
                    27:ba:0e:fb:48:ad:66:18:3f:ca:3e:6c:1b:53:e5:
                    f5:f0:43:94:b8:b5:7b:cf:70:63:11:c9:4b:0d:b5:
                    6a:8e:e9:f9:c6:b7:46:5a:69:c5:72:74:8f:ac:bc:
                    ac:02:2e:bf:0c:e0:67:fe:7f:58:b9:ef:46:62:8f:
                    26:60:5c:64:de:30:9d:97:3a:b4:4d:f8:08:c4:98:
                    73:39:1d:9e:16:05:d6:0e:b7:35:31:b3:af:88:b5:
                    81:0e:58:fc:f6:a6:95:be:4c:61:98:f6:fb:2a:30:
                    40:e8:10:db:d1:3c:57:85:fe:76:f4:79:d9:38:ad:
                    6b:44:47:c0:fd:c7:bb:aa:73:87:25:d4:d2:e0:93:
                    6d:6d:e0:68:95:2d:cc:e2:bf:4e:5d:86:c6:ef:20:
                    93:95:c7:8c:22:56:f3:ad:58:2f:e2:ae:ee:56:5b:
                    57:99:cb:88:4b:a8:51:d4:a2:53:09:18:af:e6:21:
                    8f:57:ce:19:b8:4c:e2:3d:74:76:2c:65:ee:81:b9:
                    5c:f1:25:f8:50:54:65:33:98:a1:46:b9:78:12:7d:
                    61:95:15:b8:9b:ae:5f:77:24:44:f7:b7:f0:bf:c7:
                    e3:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:44:60:21:32:46:AC:74:60:8C:69:95:C7:1E:F5:45:C4:E7:9E:EE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d071:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4c:5c:26:d6:27:ae:b8:b0:22:17:3f:1a:d3:e9:c1:ed:cf:3f:
         59:66:81:fc:28:54:87:13:af:ef:48:1b:24:1c:52:f0:71:68:
         12:90:d2:59:66:1a:b3:95:c7:bf:1e:ff:b8:74:da:aa:6f:9d:
         4e:e7:55:24:39:6f:99:5b:1a:02:a2:71:c1:e4:32:3c:1f:1a:
         53:c0:f2:14:ff:25:39:2f:e4:13:1c:36:4f:e5:06:26:65:77:
         68:74:3e:53:1c:fe:19:8b:ad:0e:1d:5f:4c:25:43:04:89:44:
         b8:89:6c:78:ac:b1:11:8a:2c:3d:6a:a3:5f:f2:a7:33:41:13:
         65:cb:34:67:65:47:0c:b1:03:e6:ca:c5:2a:69:86:a0:4b:07:
         0e:e2:83:23:90:b9:af:94:69:c8:23:c9:3d:b9:d1:35:6d:25:
         f9:86:82:57:89:09:a7:b9:8e:84:c1:c0:18:c8:b2:e5:ba:77:
         d3:a9:65:69:f8:36:bb:f1:45:11:a1:2e:98:c8:d7:72:a1:13:
         54:9f:c0:38:04:d4:7e:8a:7f:1e:cb:7e:9a:31:bf:04:6a:13:
         f4:a5:d0:90:83:19:f2:f1:5a:1c:4b:fb:66:84:65:67:74:0b:
         e7:fb:b7:da:cc:2b:9c:0d:b5:b4:10:cf:28:7a:3d:d6:5b:62:
         85:f7:35:61
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTVTutLcxW+APWUDN+9kC/UTLurgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlYjY2MThmNWQwZGFlYzVlNjE0NzdlMWYxOWNkOTZlYTZhYmUwODhkZmJj
NDE0NzIyOTk4ZTEyMWY4OTYyYjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI5Qy5r88dOcvACSZvQF6qUGNfWYPFstxPVIwNMiJ7oO+0itZhg/yj5sG1Pl
9fBDlLi1e89wYxHJSw21ao7p+ca3RlppxXJ0j6y8rAIuvwzgZ/5/WLnvRmKPJmBc
ZN4wnZc6tE34CMSYczkdnhYF1g63NTGzr4i1gQ5Y/Pamlb5MYZj2+yowQOgQ29E8
V4X+dvR52Tita0RHwP3Hu6pzhyXU0uCTbW3gaJUtzOK/Tl2Gxu8gk5XHjCJW861Y
L+Ku7lZbV5nLiEuoUdSiUwkYr+Yhj1fOGbhM4j10dixl7oG5XPEl+FBUZTOYoUa5
eBJ9YZUVuJuuX3ckRPe38L/H4x0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTIRGAh
MkasdGCMaZXHHvVFxOee7jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGYzZmJkNzEtODViNC00OGE3LTg0NzktZTk0MmM5NTc4MjYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBMXCbWJ664sCIXPxrT6cHtzz9ZZoH8KFSHE6/v
SBskHFLwcWgSkNJZZhqzlce/Hv+4dNqqb51O51UkOW+ZWxoConHB5DI8HxpTwPIU
/yU5L+QTHDZP5QYmZXdodD5THP4Zi60OHV9MJUMEiUS4iWx4rLERiiw9aqNf8qcz
QRNlyzRnZUcMsQPmysUqaYagSwcO4oMjkLmvlGnII8k9udE1bSX5hoJXiQmnuY6E
wcAYyLLlunfTqWVp+Da78UURoS6YyNdyoRNUn8A4BNR+in8ey36aMb8EahP0pdCQ
gxny8VocS/tmhGVndAvn+7fazCucDbW0EM8oej3WW2KF9zVh
-----END CERTIFICATE-----