Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4aa20760-fb28-4393-bec8-9ffb467f03e4.roa
File:                     4aa20760-fb28-4393-bec8-9ffb467f03e4.roa (raw, json)
Hash identifier:          88H3ltQnWYpOoMhzCRBQ0P1Xg6Bf6+krQouLpqoNWtI=
Subject key identifier:   5A:8D:7A:31:29:EE:31:FC:EB:CB:EF:97:BE:68:4A:C1:6F:94:C3:FC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7D66C33DFE6A28393DA9E7F7320F0CC42965A275
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4aa20760-fb28-4393-bec8-9ffb467f03e4.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07a:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:66:c3:3d:fe:6a:28:39:3d:a9:e7:f7:32:0f:0c:c4:29:65:a2:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0f:27:10:9b:99:b0:17:3f:b0:e8:f9:95:40:
                    b6:79:69:78:5b:ff:7d:e9:95:bc:a2:05:95:92:51:
                    99:77:17:14:27:ba:e9:19:98:b3:1b:31:d2:10:59:
                    eb:eb:df:fa:38:55:f1:63:f9:57:6f:c2:1f:0f:c9:
                    0c:87:60:6a:78:35:42:5c:43:b7:73:fd:c3:56:a0:
                    d7:38:5d:4b:54:d4:5a:89:96:9d:eb:5c:ea:b2:39:
                    ac:01:db:d2:89:95:17:c1:0a:25:b3:97:64:76:49:
                    b7:44:55:04:77:7a:12:86:52:cd:21:44:ec:d7:04:
                    6c:77:5d:3b:ea:da:11:72:df:52:66:f4:ab:72:10:
                    f2:40:7c:29:6d:0d:01:83:c1:b4:84:5c:cb:e9:ab:
                    22:d0:21:40:df:f6:ac:f7:73:c5:e7:a6:b9:bd:76:
                    10:21:d6:cd:80:ca:dd:0f:57:a3:b1:1d:44:c9:1d:
                    14:e5:6a:f3:34:f8:c9:ce:8e:f9:cd:d4:07:d6:a7:
                    20:de:70:ef:a1:02:90:93:0f:54:2a:41:7d:71:c9:
                    b1:8f:4d:6f:fb:5b:ff:98:e3:23:d3:78:a9:53:af:
                    e2:48:db:66:54:4b:0a:5c:1a:6c:6c:df:84:f3:fe:
                    90:a0:b9:0f:21:de:97:e3:be:7f:9f:db:0e:70:13:
                    0a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:8D:7A:31:29:EE:31:FC:EB:CB:EF:97:BE:68:4A:C1:6F:94:C3:FC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4aa20760-fb28-4393-bec8-9ffb467f03e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07a:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         70:2a:e2:60:8c:e9:c7:8c:2a:32:ae:b2:89:b0:b5:28:9a:52:
         a6:74:d9:4e:b6:93:88:fd:f0:cd:ff:3b:56:4e:cf:62:9f:05:
         9d:44:7d:5b:23:dd:40:2c:eb:70:31:6a:49:f3:db:fd:6d:95:
         9e:19:10:73:f2:ef:d0:19:16:e0:b7:c1:9a:c8:ce:b1:42:cb:
         9c:80:eb:b0:d9:8e:f4:bd:dc:eb:25:d2:5d:4c:ae:6c:18:0b:
         1a:d7:27:17:75:5d:17:90:15:6c:00:d1:6d:f4:b1:cd:eb:72:
         11:d8:b6:77:e0:64:cd:fa:e1:61:df:20:f7:91:21:c3:8c:0a:
         65:ba:83:b2:e7:4f:d8:71:64:fa:9a:82:d9:c0:3a:c7:86:31:
         79:36:b8:b6:76:b8:de:be:eb:e3:3d:71:b4:59:03:cc:a1:69:
         f0:17:3e:0f:7a:b0:67:3f:62:48:10:a1:4d:a2:fb:f7:d8:ae:
         61:be:d8:13:83:94:1e:70:08:d9:c3:b0:b6:8b:f4:85:f0:5d:
         47:e9:df:93:c5:d3:12:af:1b:82:0d:14:70:fa:a7:30:87:20:
         95:d0:94:36:eb:83:f7:3b:a0:ce:1b:5b:18:1e:c4:c7:09:f2:
         7c:7f:14:40:91:38:94:8e:db:1c:2b:d0:b2:ba:e1:2f:4f:ed:
         33:7e:5a:68
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfWbDPf5qKDk9qef3Mg8MxCllonUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGUwZTgyYjg0ZGYxMzI2ZWMwZWQzM2MxYjgwMTA1YzIyZjI3OGZjZWI5YWM0
OTY2NTI5ZmZhYjE1MjczOWI1ZDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMwPJxCbmbAXP7Do+ZVAtnlpeFv/femVvKIFlZJRmXcXFCe66RmYsxsx0hBZ
6+vf+jhV8WP5V2/CHw/JDIdgang1QlxDt3P9w1ag1zhdS1TUWomWnetc6rI5rAHb
0omVF8EKJbOXZHZJt0RVBHd6EoZSzSFE7NcEbHddO+raEXLfUmb0q3IQ8kB8KW0N
AYPBtIRcy+mrItAhQN/2rPdzxeemub12ECHWzYDK3Q9Xo7EdRMkdFOVq8zT4yc6O
+c3UB9anIN5w76ECkJMPVCpBfXHJsY9Nb/tb/5jjI9N4qVOv4kjbZlRLClwabGzf
hPP+kKC5DyHel+O+f5/bDnATCvsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRajXox
Ke4x/OvL75e+aErBb5TD/DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGFhMjA3NjAtZmIyOC00MzkzLWJlYzgtOWZmYjQ2N2YwM2U0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hpg
MA0GCSqGSIb3DQEBCwUAA4IBAQBwKuJgjOnHjCoyrrKJsLUomlKmdNlOtpOI/fDN
/ztWTs9inwWdRH1bI91ALOtwMWpJ89v9bZWeGRBz8u/QGRbgt8GayM6xQsucgOuw
2Y70vdzrJdJdTK5sGAsa1ycXdV0XkBVsANFt9LHN63IR2LZ34GTN+uFh3yD3kSHD
jApluoOy50/YcWT6moLZwDrHhjF5Nri2drjevuvjPXG0WQPMoWnwFz4PerBnP2JI
EKFNovv32K5hvtgTg5QecAjZw7C2i/SF8F1H6d+TxdMSrxuCDRRw+qcwhyCV0JQ2
64P3O6DOG1sYHsTHCfJ8fxRAkTiUjtscK9CyuuEvT+0zflpo
-----END CERTIFICATE-----