Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ec007f6-6684-43b6-8751-2e5b258a98b3.roa
File:                     1ec007f6-6684-43b6-8751-2e5b258a98b3.roa (raw, json)
Hash identifier:          ugqhZ1eOQuoeJ+gelELUqXzaKrz1i64C9Amx6VgkHgQ=
Subject key identifier:   C0:23:E1:1E:92:73:EB:16:A0:45:B1:73:34:B7:43:51:A7:8E:A5:2D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3398B54F8D7FD0FC89121C7683E1487D86368D3E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ec007f6-6684-43b6-8751-2e5b258a98b3.roa
Signing time:             Wed 05 Mar 2025 17:21:18 +0000
ROA not before:           Wed 05 Mar 2025 17:21:18 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:98:b5:4f:8d:7f:d0:fc:89:12:1c:76:83:e1:48:7d:86:36:8d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:21:18 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:fd:67:77:59:17:73:14:9d:59:b9:1a:e5:7c:
                    3c:da:b0:fe:c7:33:8e:8e:8f:2a:99:f6:37:e3:77:
                    d9:50:3d:7a:f8:8f:44:9b:d6:8b:37:15:13:48:3d:
                    bb:d7:8d:3a:96:d5:e9:df:45:db:bc:5b:83:f4:95:
                    fa:f2:3a:ec:b7:18:85:bb:d2:e3:fa:2a:e7:9d:36:
                    8d:61:0c:e7:b1:14:ab:28:a1:fb:f9:ed:94:7e:f3:
                    d3:7b:1d:ac:bc:3d:3b:f2:35:11:51:f9:2e:af:0b:
                    f7:5e:d5:4d:eb:b1:6b:65:e0:8e:e0:44:15:8b:ea:
                    e4:90:da:bc:8a:ec:46:be:df:08:a4:ba:36:8e:ac:
                    4e:6e:c8:da:1c:de:29:89:93:53:f8:4a:d8:55:a4:
                    80:58:8b:ef:72:68:20:58:e7:b6:08:a6:c6:2d:2e:
                    cb:fe:b4:dd:8d:01:20:b5:05:c2:eb:0f:16:85:2f:
                    0f:b6:54:6c:32:ba:1d:73:d3:8e:1c:c5:27:10:fb:
                    3b:42:6f:7f:9d:68:9f:31:6b:de:06:6a:e0:60:d1:
                    9f:29:20:8c:dc:0b:50:b4:48:5c:8f:ce:ec:85:90:
                    9b:10:cc:8d:18:5b:87:7a:44:3b:18:45:b1:c5:3d:
                    f8:81:92:2b:ce:b9:99:fd:ba:e9:c1:0a:83:bc:24:
                    be:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:23:E1:1E:92:73:EB:16:A0:45:B1:73:34:B7:43:51:A7:8E:A5:2D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ec007f6-6684-43b6-8751-2e5b258a98b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         95:76:59:78:bc:84:5f:5e:46:f1:f2:2a:ed:0a:86:0a:7a:29:
         cc:86:db:e5:8d:29:e8:39:f8:8b:2c:4f:73:cd:5e:c9:0c:91:
         32:3e:a2:bf:ba:c5:e3:f5:97:98:f7:ad:4d:80:e6:0d:d1:16:
         49:23:aa:a4:0c:60:c2:c4:c1:2e:28:fe:79:d9:49:fd:07:72:
         d7:f9:73:40:38:a8:46:88:c5:89:b7:12:01:34:54:22:e3:6a:
         2e:aa:25:48:7b:af:b7:8f:d8:15:0d:38:a3:4a:16:a1:08:e8:
         f9:a3:c0:28:80:58:7e:88:29:f9:82:f8:30:52:cb:17:a1:50:
         45:72:77:6b:4b:d8:5d:54:d7:bf:1a:97:62:6f:77:63:43:38:
         c1:31:28:3d:ed:77:d8:5d:c2:c7:15:1f:82:1c:89:54:81:72:
         18:a1:de:6a:dd:13:c2:0e:90:0b:d7:7d:d5:92:3a:9b:8b:d8:
         82:ae:74:ae:0b:75:d4:50:c8:7a:d0:3d:b2:47:70:83:67:03:
         13:fb:de:68:1e:fd:47:97:66:c8:81:85:a9:b4:79:a4:b6:72:
         4b:31:10:7e:a0:e6:e1:5a:c7:32:10:3d:0e:b4:8f:98:7c:de:
         6a:be:a7:18:f4:9e:b3:6f:8a:59:12:0d:cb:45:6e:5e:23:07:
         cc:6f:27:4d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUM5i1T41/0PyJEhx2g+FIfYY2jT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzIxMThaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3MzBmZmI5MDIwN2FlYTBlOTA5YjdhYjA0YjYzOGM0NTI0ZDQzMjAzYjJm
ZWI3NTU3YTgwYzE1YmU5MzgzOTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPP9Z3dZF3MUnVm5GuV8PNqw/sczjo6PKpn2N+N32VA9eviPRJvWizcVE0g9
u9eNOpbV6d9F27xbg/SV+vI67LcYhbvS4/oq5502jWEM57EUqyih+/ntlH7z03sd
rLw9O/I1EVH5Lq8L917VTeuxa2XgjuBEFYvq5JDavIrsRr7fCKS6No6sTm7I2hze
KYmTU/hK2FWkgFiL73JoIFjntgimxi0uy/603Y0BILUFwusPFoUvD7ZUbDK6HXPT
jhzFJxD7O0Jvf51onzFr3gZq4GDRnykgjNwLULRIXI/O7IWQmxDMjRhbh3pEOxhF
scU9+IGSK865mf266cEKg7wkvt0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTAI+Ee
knPrFqBFsXM0t0NRp46lLTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWVjMDA3ZjYtNjY4NC00M2I2LTg3NTEtMmU1YjI1OGE5OGIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DQg
MA0GCSqGSIb3DQEBCwUAA4IBAQCVdll4vIRfXkbx8irtCoYKeinMhtvljSnoOfiL
LE9zzV7JDJEyPqK/usXj9ZeY961NgOYN0RZJI6qkDGDCxMEuKP552Un9B3LX+XNA
OKhGiMWJtxIBNFQi42ouqiVIe6+3j9gVDTijShahCOj5o8AogFh+iCn5gvgwUssX
oVBFcndrS9hdVNe/Gpdib3djQzjBMSg97XfYXcLHFR+CHIlUgXIYod5q3RPCDpAL
133Vkjqbi9iCrnSuC3XUUMh60D2yR3CDZwMT+95oHv1Hl2bIgYWptHmktnJLMRB+
oObhWscyED0OtI+YfN5qvqcY9J6zb4pZEg3LRW5eIwfMbydN
-----END CERTIFICATE-----