Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/183eb583-3fb3-4c3a-badb-9fe0a4e50fd2.roa
File:                     183eb583-3fb3-4c3a-badb-9fe0a4e50fd2.roa (raw, json)
Hash identifier:          6lME5o7vsfTNRQ0gAHDquOmbUFqxlySkk0fwkqiFlwA=
Subject key identifier:   BA:9C:97:4D:C6:40:DE:80:E5:B7:15:C6:A8:F4:26:B8:39:CB:9C:B1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5C90BBD0CC163FC3A382B3C618F213538CBB0984
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/183eb583-3fb3-4c3a-badb-9fe0a4e50fd2.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:1000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:90:bb:d0:cc:16:3f:c3:a3:82:b3:c6:18:f2:13:53:8c:bb:09:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ce:05:6d:7f:37:a1:16:c2:70:c2:d4:3c:d5:
                    88:ed:09:57:0b:68:a4:dc:f5:c4:3c:ce:3e:a9:aa:
                    5a:5d:d7:c8:eb:32:9d:c6:41:aa:a1:a0:5e:d1:8a:
                    c7:38:3e:a3:cb:b2:b3:30:41:ad:09:c6:de:2c:3a:
                    6e:5c:86:b6:16:92:92:88:7f:4d:6a:36:75:a6:ad:
                    bb:8e:c8:d4:9e:bd:24:8d:15:18:59:16:62:18:58:
                    6f:ac:9c:7f:93:7b:00:50:3f:b0:48:c6:6d:d6:83:
                    a7:0c:40:9a:62:d0:e0:5b:75:de:36:64:10:1b:be:
                    a3:e4:a8:bc:15:49:42:f0:b4:d3:72:89:17:eb:c5:
                    dc:48:15:cd:e3:9f:4c:3e:8c:ab:d9:5b:6b:d6:1c:
                    3a:71:0a:bc:a0:e4:3a:38:20:56:af:65:52:f2:bc:
                    25:68:ec:2e:ed:77:70:99:82:c2:d7:d9:c6:2c:30:
                    b9:f0:4c:a2:6b:aa:4e:69:4f:34:2e:fe:29:61:de:
                    37:4a:12:74:3a:c7:45:9b:aa:0f:b0:04:3d:6f:fe:
                    35:a0:20:72:cd:82:ff:72:6f:36:2f:0d:93:89:e9:
                    70:04:74:c3:71:2a:0a:33:f7:ea:17:2b:dd:74:4f:
                    f5:7b:9a:e3:e5:1e:b0:46:95:72:ab:9b:e7:29:df:
                    f2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:9C:97:4D:C6:40:DE:80:E5:B7:15:C6:A8:F4:26:B8:39:CB:9C:B1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/183eb583-3fb3-4c3a-badb-9fe0a4e50fd2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1d:f9:97:a9:70:0a:9e:47:32:a6:35:54:46:f2:a7:ee:23:1d:
         49:b4:3f:bb:57:95:46:a2:76:4b:b4:1f:74:26:99:11:19:e0:
         7b:7f:f3:50:c6:3a:fc:88:9b:98:3b:4a:88:be:a8:67:15:ec:
         7a:fe:32:83:24:28:57:38:80:46:09:f0:45:0d:16:6e:97:12:
         59:66:04:3d:d4:93:e8:cd:cc:a6:bc:f4:23:96:12:1a:ba:c5:
         62:30:78:8b:2e:23:b3:45:f3:a7:cc:56:1c:f0:dd:da:30:91:
         38:da:86:f6:0e:50:44:ae:f2:d2:77:9b:a3:d0:95:c6:23:92:
         8c:f6:dc:33:14:1a:48:dc:61:21:40:a9:ef:1d:9c:ab:75:3d:
         74:36:77:2e:43:94:af:8a:1f:3a:39:58:e3:6a:24:39:20:8e:
         a6:9c:64:8e:2a:ad:a3:28:63:a0:eb:1d:24:47:cd:04:20:13:
         d5:c1:c2:fa:3e:70:7c:c5:3f:91:ae:47:39:12:50:4a:d9:94:
         52:5c:91:c8:bb:cb:02:57:64:15:72:8e:81:88:bc:c4:d3:0c:
         30:59:e0:06:60:0b:54:83:b3:ac:36:d9:1e:ae:9e:23:3e:b5:
         76:0e:20:cc:04:93:57:0b:20:9a:c8:b4:1d:1c:d5:fa:38:24:
         45:ad:f5:5e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXJC70MwWP8OjgrPGGPITU4y7CYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDE4YmUyYjRiY2EwMzRhMzVlZGIzNTQyNGZjNDg2ZThjMDdlZGMwOWYyZjY4
ZDI3ODkwOWJmM2U1N2QxYTBmNDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANfOBW1/N6EWwnDC1DzViO0JVwtopNz1xDzOPqmqWl3XyOsyncZBqqGgXtGK
xzg+o8uyszBBrQnG3iw6blyGthaSkoh/TWo2daatu47I1J69JI0VGFkWYhhYb6yc
f5N7AFA/sEjGbdaDpwxAmmLQ4Ft13jZkEBu+o+SovBVJQvC003KJF+vF3EgVzeOf
TD6Mq9lba9YcOnEKvKDkOjggVq9lUvK8JWjsLu13cJmCwtfZxiwwufBMomuqTmlP
NC7+KWHeN0oSdDrHRZuqD7AEPW/+NaAgcs2C/3JvNi8Nk4npcAR0w3EqCjP36hcr
3XRP9Xua4+UesEaVcqub5ynf8oUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS6nJdN
xkDegOW3Fcao9Ca4OcucsTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTgzZWI1ODMtM2ZiMy00YzNhLWJhZGItOWZlMGE0ZTUwZmQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAd+ZepcAqeRzKmNVRG8qfuIx1JtD+7V5VGonZL
tB90JpkRGeB7f/NQxjr8iJuYO0qIvqhnFex6/jKDJChXOIBGCfBFDRZulxJZZgQ9
1JPozcymvPQjlhIausViMHiLLiOzRfOnzFYc8N3aMJE42ob2DlBErvLSd5uj0JXG
I5KM9twzFBpI3GEhQKnvHZyrdT10NncuQ5Svih86OVjjaiQ5II6mnGSOKq2jKGOg
6x0kR80EIBPVwcL6PnB8xT+Rrkc5ElBK2ZRSXJHIu8sCV2QVco6BiLzE0wwwWeAG
YAtUg7OsNtkerp4jPrV2DiDMBJNXCyCayLQdHNX6OCRFrfVe
-----END CERTIFICATE-----