Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
File:                     44d8b686-7db5-4309-8f09-3af611be3753.roa (raw, json)
Hash identifier:          HQZ603F5t8LSNDt6z2+QEH7hd6a1CxBTQXkYzsGYDm8=
Subject key identifier:   52:C0:A6:76:B4:33:D1:B8:3A:2A:86:11:52:6A:4D:C7:CA:9F:76:1F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       749396874CF9A1E26956C56FF91FBD4CD4FB1AAA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
Signing time:             Wed 05 Mar 2025 17:20:55 +0000
ROA not before:           Wed 05 Mar 2025 17:20:55 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07a:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:93:96:87:4c:f9:a1:e2:69:56:c5:6f:f9:1f:bd:4c:d4:fb:1a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:20:55 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:02:df:41:d7:46:38:60:78:4b:e3:7a:f2:01:
                    74:4e:96:cb:af:fc:cf:e6:88:e0:d1:6d:08:9a:65:
                    02:71:3d:73:b5:1d:c5:a1:8b:66:5d:a4:45:91:c9:
                    39:37:42:ed:26:4d:bc:0b:dd:3e:2a:42:8c:62:5e:
                    93:f0:6b:f0:3b:6a:06:15:50:fb:ef:f4:fb:86:a6:
                    a0:18:21:02:a4:08:f8:19:b4:19:f3:63:8d:ff:a0:
                    f6:ee:a0:95:51:23:31:43:a3:29:b8:30:ed:27:13:
                    39:d6:ee:d8:98:c2:27:43:72:4c:4e:ed:64:2b:57:
                    2d:24:c2:38:0e:ea:d4:18:d1:0e:84:a6:75:d3:d2:
                    e8:5b:85:91:71:15:27:2c:4b:31:4f:d8:3e:16:46:
                    9f:22:7e:a6:e9:63:7a:37:f6:76:6b:1c:03:4f:84:
                    e7:b5:e9:35:c9:49:56:f2:87:05:2e:f0:ff:11:d7:
                    df:45:28:ba:28:42:24:cb:33:b4:c4:e8:d5:55:61:
                    d5:3a:cd:03:ec:46:03:9e:8c:e3:b8:bb:8d:d6:be:
                    81:21:46:9a:6a:ef:ac:1a:90:90:d1:3a:13:bb:9d:
                    0c:08:92:1b:b4:64:ff:2a:2b:37:6f:10:dd:af:14:
                    6b:e2:b3:45:71:14:8a:5c:71:35:55:58:bc:2d:d4:
                    1f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C0:A6:76:B4:33:D1:B8:3A:2A:86:11:52:6A:4D:C7:CA:9F:76:1F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07a:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         50:08:6b:d2:71:68:eb:3b:5c:77:45:c6:e4:9e:3d:f9:60:e9:
         5a:fc:b4:cf:9c:ae:de:07:40:6e:8f:b0:98:3a:fb:6b:17:3a:
         c8:01:51:34:d7:e0:23:53:e4:7a:17:23:c9:25:98:98:27:4e:
         6e:34:1d:7c:0c:fa:05:9f:02:44:aa:0f:ac:8f:23:a4:d8:2e:
         1e:3c:a6:fd:55:ed:59:df:b0:72:04:20:d0:ca:fe:cf:ad:87:
         a9:42:08:7f:a1:c5:90:b5:dc:49:1b:a8:dd:95:17:e3:a5:22:
         37:db:cf:ba:3d:a6:d9:fc:5a:fb:22:0f:58:9f:22:da:33:ec:
         7d:02:4c:1a:17:2f:dd:11:56:5b:77:73:36:97:78:25:c7:c2:
         2d:3a:97:73:da:63:d4:af:43:35:eb:ef:cd:cc:39:ee:52:5d:
         52:2c:5e:fe:93:55:17:44:ff:5a:e4:87:00:61:5a:95:1a:29:
         d4:2d:62:30:50:aa:ec:6c:8f:3d:b9:15:b9:5b:7e:01:c1:63:
         65:8b:7a:0e:07:f6:ba:40:9c:f9:0a:d3:58:32:43:2f:dd:f3:
         c5:35:f3:ff:50:c7:1b:8f:51:15:ff:1a:43:51:61:b3:aa:df:
         bf:7f:92:c7:8f:1b:50:0c:de:0f:82:db:c3:cf:8a:ba:4e:be:
         7b:08:4a:2f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdJOWh0z5oeJpVsVv+R+9TNT7GqowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzIwNTVaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDk2ZmNlOTA5NWJkZTU5NTRlZjZmMTJhYzcxZmU2MTk1ZGUzMGFkZGYyMjg1
ZmIyNThkZGZkNDM0ZjA0YWMzZmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIkC30HXRjhgeEvjevIBdE6Wy6/8z+aI4NFtCJplAnE9c7UdxaGLZl2kRZHJ
OTdC7SZNvAvdPipCjGJek/Br8DtqBhVQ++/0+4amoBghAqQI+Bm0GfNjjf+g9u6g
lVEjMUOjKbgw7ScTOdbu2JjCJ0NyTE7tZCtXLSTCOA7q1BjRDoSmddPS6FuFkXEV
JyxLMU/YPhZGnyJ+puljejf2dmscA0+E57XpNclJVvKHBS7w/xHX30UouihCJMsz
tMTo1VVh1TrNA+xGA56M47i7jda+gSFGmmrvrBqQkNE6E7udDAiSG7Rk/yorN28Q
3a8Ua+KzRXEUilxxNVVYvC3UH6sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRSwKZ2
tDPRuDoqhhFSak3Hyp92HzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDRkOGI2ODYtN2RiNS00MzA5LThmMDktM2FmNjExYmUzNzUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HrA
MA0GCSqGSIb3DQEBCwUAA4IBAQBQCGvScWjrO1x3Rcbknj35YOla/LTPnK7eB0Bu
j7CYOvtrFzrIAVE01+AjU+R6FyPJJZiYJ05uNB18DPoFnwJEqg+sjyOk2C4ePKb9
Ve1Z37ByBCDQyv7PrYepQgh/ocWQtdxJG6jdlRfjpSI328+6PabZ/Fr7Ig9YnyLa
M+x9AkwaFy/dEVZbd3M2l3glx8ItOpdz2mPUr0M16+/NzDnuUl1SLF7+k1UXRP9a
5IcAYVqVGinULWIwUKrsbI89uRW5W34BwWNli3oOB/a6QJz5CtNYMkMv3fPFNfP/
UMcbj1EV/xpDUWGzqt+/f5LHjxtQDN4PgtvDz4q6Tr57CEov
-----END CERTIFICATE-----