Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d6c805-f312-4cce-8017-ebfd2169880d.roa
File:                     25d6c805-f312-4cce-8017-ebfd2169880d.roa (raw, json)
Hash identifier:          4HzkC+lwVYapZRj0AXeofAsv6CDX0ClW8ajf6vP9/yE=
Subject key identifier:   68:15:EC:A6:84:BB:72:90:BF:D2:20:43:E5:29:6A:D4:FB:44:D2:B4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0561746DEE484A3B1D97C4D62612F9A6DE9484C2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d6c805-f312-4cce-8017-ebfd2169880d.roa
Signing time:             Mon 10 Feb 2025 00:00:00 +0000
ROA not before:           Mon 10 Feb 2025 00:00:00 +0000
ROA not after:            Mon 17 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:61:74:6d:ee:48:4a:3b:1d:97:c4:d6:26:12:f9:a6:de:94:84:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb 10 00:00:00 2025 GMT
            Not After : Mar 17 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d2:3f:e3:63:b2:eb:02:7c:95:0d:e1:ff:67:
                    e4:d3:dc:a5:3b:a9:60:d1:91:d1:cc:3e:7d:d8:17:
                    8e:f2:a2:16:a6:d8:af:4c:31:a4:6f:a2:05:e5:b2:
                    e2:e3:9c:68:7a:d7:ad:a0:db:fc:08:f6:76:d9:dc:
                    43:eb:bf:31:03:5a:13:14:60:9f:30:cd:29:1f:3b:
                    4d:f7:0e:48:d5:05:56:35:79:3f:94:e6:d7:bf:c6:
                    ad:c6:69:25:29:be:b6:a6:ed:9a:5c:fa:45:9f:16:
                    f8:56:00:c9:25:26:f9:35:3a:c6:11:82:6b:0d:f0:
                    72:58:ee:d1:0c:a9:1f:0f:59:c9:19:85:d5:22:7d:
                    e6:8b:6b:d7:19:ba:28:5e:a9:de:e0:6b:1e:2b:11:
                    61:3f:08:2f:60:3e:8a:4d:4c:19:9c:97:64:4f:ae:
                    da:cd:43:1c:f4:21:50:7b:70:8f:f6:2b:c2:68:e8:
                    70:ba:3b:db:b5:f5:fa:77:f3:cf:90:0b:8d:94:11:
                    97:dc:c8:dd:15:9a:db:fa:4f:e4:28:7a:84:c8:50:
                    22:d7:2f:45:d9:b5:3a:78:6e:8b:25:ba:65:26:f2:
                    94:e4:1c:c6:71:97:da:4d:3a:ce:69:41:8e:6f:87:
                    4d:15:9d:49:66:27:05:d2:55:15:cc:1e:1f:29:76:
                    f2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:15:EC:A6:84:BB:72:90:BF:D2:20:43:E5:29:6A:D4:FB:44:D2:B4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d6c805-f312-4cce-8017-ebfd2169880d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7d:36:84:d9:6d:ff:06:86:e2:b5:9e:8d:3a:3c:f7:ef:75:49:
         58:a0:1b:ce:27:cb:ce:33:50:83:1b:72:f4:5e:24:12:84:c0:
         20:9f:48:c6:64:60:94:e1:f8:21:f0:51:15:db:ef:19:26:36:
         a9:8f:99:7e:b0:b7:50:a0:e3:0c:47:e2:d7:c7:27:63:29:bd:
         6b:53:db:af:65:39:65:d1:cc:33:a8:4b:3c:31:50:53:4b:29:
         a5:b6:97:2e:39:5d:5b:8f:8d:94:08:92:39:41:4e:05:91:ff:
         ba:be:c7:2f:1e:96:ef:19:41:56:5b:49:c5:f6:8c:80:0e:97:
         8e:e9:2a:09:7f:9f:fe:23:05:d8:66:9c:21:c1:5c:e0:0c:4c:
         c3:77:51:ca:31:e0:63:8e:e4:93:92:4b:ea:4c:1b:e6:f3:56:
         e4:74:06:e1:47:ba:f2:3f:1a:31:d2:e1:32:fc:65:15:d6:5e:
         4d:4a:d9:41:a2:d9:50:14:60:c8:f6:10:2c:83:0e:eb:a7:07:
         b3:ef:2c:fc:51:19:99:24:bb:80:52:12:06:26:10:97:c4:8c:
         79:01:90:7e:21:fd:d6:4a:51:73:ea:80:97:b3:17:5b:a8:d9:
         11:02:d0:fe:d5:0d:6b:28:72:fe:bc:90:ef:c5:1d:63:b2:a0:
         5e:9e:70:50
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBWF0be5ISjsdl8TWJhL5pt6UhMIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMTAwMDAwMDBaFw0yNTAzMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDk3MjJjYjlmZmI1OGYzZjY4NDBkODI1NTYwMTJlYWZjZGQwNzY2YTI5OTNk
MjA4N2NlYzA0NjY5Y2U2YTMzNjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALbSP+NjsusCfJUN4f9n5NPcpTupYNGR0cw+fdgXjvKiFqbYr0wxpG+iBeWy
4uOcaHrXraDb/Aj2dtncQ+u/MQNaExRgnzDNKR87TfcOSNUFVjV5P5Tm17/GrcZp
JSm+tqbtmlz6RZ8W+FYAySUm+TU6xhGCaw3wclju0QypHw9ZyRmF1SJ95otr1xm6
KF6p3uBrHisRYT8IL2A+ik1MGZyXZE+u2s1DHPQhUHtwj/YrwmjocLo727X1+nfz
z5ALjZQRl9zI3RWa2/pP5Ch6hMhQItcvRdm1OnhuiyW6ZSbylOQcxnGX2k06zmlB
jm+HTRWdSWYnBdJVFcweHyl28kcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRoFeym
hLtykL/SIEPlKWrU+0TStDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjVkNmM4MDUtZjMxMi00Y2NlLTgwMTctZWJmZDIxNjk4ODBkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Flg
MA0GCSqGSIb3DQEBCwUAA4IBAQB9NoTZbf8GhuK1no06PPfvdUlYoBvOJ8vOM1CD
G3L0XiQShMAgn0jGZGCU4fgh8FEV2+8ZJjapj5l+sLdQoOMMR+LXxydjKb1rU9uv
ZTll0cwzqEs8MVBTSymltpcuOV1bj42UCJI5QU4Fkf+6vscvHpbvGUFWW0nF9oyA
DpeO6SoJf5/+IwXYZpwhwVzgDEzDd1HKMeBjjuSTkkvqTBvm81bkdAbhR7ryPxox
0uEy/GUV1l5NStlBotlQFGDI9hAsgw7rpwez7yz8URmZJLuAUhIGJhCXxIx5AZB+
If3WSlFz6oCXsxdbqNkRAtD+1Q1rKHL+vJDvxR1jsqBennBQ
-----END CERTIFICATE-----