Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ec007f6-6684-43b6-8751-2e5b258a98b3.roa
File:                     1ec007f6-6684-43b6-8751-2e5b258a98b3.roa (raw, json)
Hash identifier:          kLcWHMNd9DA50m5hLrf8TLeIWuSMZOGvoXh3qGUAYIo=
Subject key identifier:   3F:B8:87:9C:42:7E:95:B2:B9:B3:88:02:CF:0F:1E:A8:61:57:C4:A0
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7AD29187A58883372BFC3B3DA919B5526DFEC18F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ec007f6-6684-43b6-8751-2e5b258a98b3.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:d2:91:87:a5:88:83:37:2b:fc:3b:3d:a9:19:b5:52:6d:fe:c1:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:87:7f:3b:b4:ca:90:e7:66:9c:a9:df:58:e7:
                    ec:84:cb:8a:80:ea:79:10:f8:0f:ef:9d:68:81:1d:
                    f8:04:94:dd:18:11:31:e0:a4:0a:ca:66:a1:83:f9:
                    47:6f:2d:6a:13:9d:81:f6:7a:30:21:c7:4d:93:45:
                    bf:90:d5:a6:5a:44:b2:ee:ac:da:50:73:6c:e7:d1:
                    3c:e9:f2:36:82:c3:3e:13:24:75:2c:a8:01:e2:f2:
                    02:98:c8:ce:06:c9:63:3c:cb:2a:cc:c2:a3:b3:9f:
                    30:31:6b:07:d1:b8:8a:9a:31:fb:bc:88:db:19:f4:
                    3e:61:5b:63:02:91:7e:d3:b2:0d:6d:34:a1:c1:ce:
                    5f:61:88:fb:e3:bf:e5:6f:39:b0:36:7d:ec:4a:4b:
                    c5:b9:b2:6f:f0:cc:34:25:a1:7a:6c:5c:88:b6:6a:
                    8f:4e:96:ec:2e:30:61:9f:b9:39:11:c1:8c:8c:48:
                    25:84:8b:d3:38:46:04:ad:0e:fb:8d:cd:05:8e:06:
                    f4:55:44:88:1c:82:e2:0e:8a:29:6c:5c:14:83:fd:
                    69:94:ec:70:db:66:76:e0:11:cf:ae:13:8a:c6:ad:
                    3b:f8:02:4f:76:36:9d:a7:19:ee:55:7d:af:62:c6:
                    d4:06:a9:51:b0:4b:ed:70:0e:e0:60:5c:41:07:bd:
                    b2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B8:87:9C:42:7E:95:B2:B9:B3:88:02:CF:0F:1E:A8:61:57:C4:A0
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ec007f6-6684-43b6-8751-2e5b258a98b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9f:b8:0b:df:8f:80:f1:2d:53:74:99:70:95:2d:42:2b:76:68:
         6c:8e:5f:78:c6:86:18:14:b1:d5:22:9f:f1:0e:eb:1b:01:3a:
         33:cb:08:c7:b1:3b:64:60:68:6c:5c:e4:1e:47:0d:4f:ad:0f:
         35:70:3c:90:56:14:ad:a3:d7:a4:d9:30:16:2c:2f:91:00:d0:
         ab:e4:fe:91:cb:b4:da:e3:2b:a7:ff:11:dc:6b:0e:d7:d6:35:
         fd:e6:1e:3f:c3:f8:6e:a4:1d:86:ca:42:bf:7b:3b:2a:5f:01:
         15:56:8a:47:48:4a:0a:cb:9c:03:b6:ca:39:65:87:c7:ee:f7:
         3b:25:96:7d:64:0b:50:2d:c3:14:68:d6:83:7e:ac:ef:3e:fd:
         5d:d6:fd:ab:3a:3b:68:3f:e0:96:7a:2b:ae:41:50:44:1d:24:
         85:e9:e1:0d:0c:30:33:be:09:eb:49:1a:e8:bf:dd:29:0e:1b:
         30:f9:69:21:81:e3:d8:df:27:16:33:4e:4e:ac:1f:41:b1:28:
         73:90:01:d4:db:3a:d2:c7:ce:55:f4:24:14:c6:f8:4d:b4:36:
         31:e7:a5:a9:4d:06:9f:7b:7a:e2:1b:7c:95:b8:28:e5:80:39:
         af:57:03:07:d2:14:52:08:80:78:f9:9b:4b:bc:96:c1:a1:e5:
         3b:b0:e3:27
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUetKRh6WIgzcr/Ds9qRm1Um3+wY8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlYzk3NTdiOTVhYmY3MTQxOWFhMDk1ZTI2OGI5MWFjNDczZjhmMWQxNzFi
ODk4NDc4MzE4OTA1ODM4OWY3MzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALaHfzu0ypDnZpyp31jn7ITLioDqeRD4D++daIEd+ASU3RgRMeCkCspmoYP5
R28tahOdgfZ6MCHHTZNFv5DVplpEsu6s2lBzbOfRPOnyNoLDPhMkdSyoAeLyApjI
zgbJYzzLKszCo7OfMDFrB9G4ipox+7yI2xn0PmFbYwKRftOyDW00ocHOX2GI++O/
5W85sDZ97EpLxbmyb/DMNCWhemxciLZqj06W7C4wYZ+5ORHBjIxIJYSL0zhGBK0O
+43NBY4G9FVEiByC4g6KKWxcFIP9aZTscNtmduARz64TisatO/gCT3Y2nacZ7lV9
r2LG1AapUbBL7XAO4GBcQQe9snUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ/uIec
Qn6VsrmziALPDx6oYVfEoDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWVjMDA3ZjYtNjY4NC00M2I2LTg3NTEtMmU1YjI1OGE5OGIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DQg
MA0GCSqGSIb3DQEBCwUAA4IBAQCfuAvfj4DxLVN0mXCVLUIrdmhsjl94xoYYFLHV
Ip/xDusbATozywjHsTtkYGhsXOQeRw1PrQ81cDyQVhSto9ek2TAWLC+RANCr5P6R
y7Ta4yun/xHcaw7X1jX95h4/w/hupB2GykK/ezsqXwEVVopHSEoKy5wDtso5ZYfH
7vc7JZZ9ZAtQLcMUaNaDfqzvPv1d1v2rOjtoP+CWeiuuQVBEHSSF6eENDDAzvgnr
SRrov90pDhsw+WkhgePY3ycWM05OrB9BsShzkAHU2zrSx85V9CQUxvhNtDYx56Wp
TQafe3riG3yVuCjlgDmvVwMH0hRSCIB4+ZtLvJbBoeU7sOMn
-----END CERTIFICATE-----