Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/190e1645-8146-4d32-be0a-feed324f8efa.roa
File:                     190e1645-8146-4d32-be0a-feed324f8efa.roa (raw, json)
Hash identifier:          t4vsCcZ07ezidVyBzlLgTVkya/LLCe+Q2NRCBtRS9z8=
Subject key identifier:   E0:63:96:DD:A6:FF:D7:17:45:CE:5B:12:58:0D:16:9C:7D:E0:A2:7A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3EC172BD3477E90005F8E21586C3CBAFF6CE7EF9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/190e1645-8146-4d32-be0a-feed324f8efa.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:c1:72:bd:34:77:e9:00:05:f8:e2:15:86:c3:cb:af:f6:ce:7e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:06:9c:d2:7d:d7:2b:b0:ad:de:d9:9a:fb:75:
                    e0:59:80:88:fe:b2:e0:d2:b4:40:30:c7:fe:e4:69:
                    99:47:0f:5d:3e:96:c9:23:66:90:af:08:49:5d:58:
                    1e:07:54:36:05:39:e4:2f:00:6f:06:04:71:2f:cc:
                    6a:f1:c4:8b:42:3f:49:4b:b2:fc:28:56:22:ae:42:
                    b1:e8:58:22:f5:3e:99:00:61:68:1c:6c:1c:a2:bb:
                    10:f4:3d:9c:4c:84:4e:48:42:15:a6:57:eb:95:63:
                    8d:7f:06:23:24:92:ea:4e:80:1c:54:57:a9:d3:14:
                    56:c9:9f:63:b8:df:14:59:d3:72:c3:02:ef:04:e9:
                    8d:1f:17:cc:6a:d7:ea:ca:a2:bc:97:cc:11:1a:8c:
                    63:6b:be:08:86:b6:fa:83:d5:b5:0b:c2:da:a7:48:
                    68:78:68:bd:84:b3:fd:b9:9f:1b:45:1e:47:69:a5:
                    19:dd:c7:0b:57:63:ac:26:19:5c:3c:f5:5b:ec:17:
                    2d:2a:0e:f4:72:e9:d4:c1:97:59:34:f0:b6:b6:c2:
                    03:a7:3c:ae:b5:c0:c6:f2:d2:9f:80:7f:3b:2a:d4:
                    25:23:74:28:4e:43:04:cf:81:1a:e7:ef:14:01:52:
                    16:0a:04:86:6f:13:fd:ba:19:be:e0:14:2e:2a:57:
                    37:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:63:96:DD:A6:FF:D7:17:45:CE:5B:12:58:0D:16:9C:7D:E0:A2:7A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/190e1645-8146-4d32-be0a-feed324f8efa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         85:4f:2c:22:9d:f9:01:69:ed:5d:72:f5:86:dc:a3:07:5e:a0:
         05:58:ea:ef:9e:8f:da:51:33:f9:2c:29:4b:91:a4:c7:51:12:
         77:65:61:7a:1e:c4:0d:40:ce:d2:88:e1:4f:77:d2:79:a9:06:
         a5:ba:69:69:92:27:a7:8b:d5:6f:94:15:40:cb:40:77:97:b3:
         e0:fd:e5:02:9b:f5:04:f1:57:b9:86:d4:56:ba:03:b5:c1:c8:
         e6:6b:70:23:8e:92:8f:00:6d:e3:ba:d2:cb:72:1f:d9:69:67:
         9d:71:a5:67:79:2a:47:f1:7a:63:a8:fc:d7:f5:d6:7f:19:c6:
         60:62:fc:f7:bd:6b:c2:fa:79:d9:5c:0d:c4:60:00:e2:5d:53:
         e7:3a:b0:f5:28:46:da:9f:f6:e4:6c:2b:cd:9f:75:e5:94:14:
         22:37:fd:6a:2e:b7:f0:97:65:64:7a:77:c0:88:ad:de:bd:38:
         32:ab:10:09:6b:19:30:a2:00:5b:02:84:06:61:6b:17:28:97:
         4a:8c:0d:9b:18:2d:17:a2:6a:73:0d:3f:bf:d6:fe:d1:73:cc:
         7d:f8:5a:30:1d:f0:42:8d:7d:21:d2:91:11:f4:76:b1:ed:ff:
         b0:e6:0d:23:93:ae:2a:3f:36:dd:45:ca:7d:bd:90:62:ac:47:
         ed:0a:ac:65
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPsFyvTR36QAF+OIVhsPLr/bOfvkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ2N2ZmYjYyNzNlYzg0NjY1NTJjZmQ2ODRkZGFiOGMzOTQ2ZmNkMDNlYWRk
OGI3NzQ5M2I5NWQ5YTM3OTQ3MGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL8GnNJ91yuwrd7Zmvt14FmAiP6y4NK0QDDH/uRpmUcPXT6WySNmkK8ISV1Y
HgdUNgU55C8AbwYEcS/MavHEi0I/SUuy/ChWIq5CsehYIvU+mQBhaBxsHKK7EPQ9
nEyETkhCFaZX65VjjX8GIySS6k6AHFRXqdMUVsmfY7jfFFnTcsMC7wTpjR8XzGrX
6sqivJfMERqMY2u+CIa2+oPVtQvC2qdIaHhovYSz/bmfG0UeR2mlGd3HC1djrCYZ
XDz1W+wXLSoO9HLp1MGXWTTwtrbCA6c8rrXAxvLSn4B/OyrUJSN0KE5DBM+BGufv
FAFSFgoEhm8T/boZvuAULipXNzkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTgY5bd
pv/XF0XOWxJYDRacfeCiejAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTkwZTE2NDUtODE0Ni00ZDMyLWJlMGEtZmVlZDMyNGY4ZWZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DSg
MA0GCSqGSIb3DQEBCwUAA4IBAQCFTywinfkBae1dcvWG3KMHXqAFWOrvno/aUTP5
LClLkaTHURJ3ZWF6HsQNQM7SiOFPd9J5qQalumlpkieni9VvlBVAy0B3l7Pg/eUC
m/UE8Ve5htRWugO1wcjma3AjjpKPAG3jutLLch/ZaWedcaVneSpH8XpjqPzX9dZ/
GcZgYvz3vWvC+nnZXA3EYADiXVPnOrD1KEban/bkbCvNn3XllBQiN/1qLrfwl2Vk
enfAiK3evTgyqxAJaxkwogBbAoQGYWsXKJdKjA2bGC0XompzDT+/1v7Rc8x9+Fow
HfBCjX0h0pER9Hax7f+w5g0jk64qPzbdRcp9vZBirEftCqxl
-----END CERTIFICATE-----