Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5246cdd9-6493-4560-b4c3-8d974de78b57.roa
File:                     5246cdd9-6493-4560-b4c3-8d974de78b57.roa (raw, json)
Hash identifier:          ODLxuW4/z7DdThRN8cPV7tMnlEb7PYP03sv9SifR8pw=
Subject key identifier:   FE:D2:C4:9E:9B:D0:6C:B7:13:C4:2E:62:AD:DC:6C:96:51:79:92:62
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0A77A939F9D4646F2533E47B95770106279AE653
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5246cdd9-6493-4560-b4c3-8d974de78b57.roa
Signing time:             Mon 10 Feb 2025 00:00:00 +0000
ROA not before:           Mon 10 Feb 2025 00:00:00 +0000
ROA not after:            Mon 17 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:77:a9:39:f9:d4:64:6f:25:33:e4:7b:95:77:01:06:27:9a:e6:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb 10 00:00:00 2025 GMT
            Not After : Mar 17 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ed:9d:27:34:10:81:ff:b8:af:7b:d6:73:99:
                    bf:a0:53:03:df:14:80:85:20:99:a3:d4:63:b1:38:
                    a4:e0:e5:e4:93:fb:5d:fa:e2:f2:74:02:49:1d:e3:
                    9d:ed:5d:8b:e8:81:fe:d6:8b:1e:9c:be:0a:54:5d:
                    3b:b1:0a:d9:8c:ba:1a:c6:a6:2d:51:71:da:77:a5:
                    a5:3e:13:0f:b4:57:17:d8:99:e8:4e:17:0d:32:df:
                    8a:61:64:df:64:0d:7c:fe:f1:b6:b6:ea:39:b4:a5:
                    80:0d:93:98:6e:11:46:62:18:94:be:7d:08:b5:f9:
                    0f:d6:10:1c:f6:3f:7b:b2:dd:c7:f8:36:47:88:8f:
                    f3:89:49:dd:ac:3b:a0:8a:06:d4:58:9e:1e:15:30:
                    ee:16:c5:b4:97:7b:fa:68:71:af:b3:2f:e6:10:da:
                    df:17:22:bc:7f:3f:06:8d:a5:09:64:fa:d0:07:20:
                    c4:ff:0f:c2:b8:79:a2:b8:8a:7a:75:cb:d8:0e:38:
                    ab:d9:85:73:79:79:c3:b7:d9:cb:54:7e:e9:16:c8:
                    10:9b:72:0e:5c:37:2b:16:14:7d:8a:d2:16:78:32:
                    8b:60:fe:ad:6f:2e:99:73:98:ee:ad:da:15:5d:14:
                    b1:02:ac:3c:1c:c1:b8:0b:2e:34:e8:d9:f9:33:0e:
                    0a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D2:C4:9E:9B:D0:6C:B7:13:C4:2E:62:AD:DC:6C:96:51:79:92:62
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5246cdd9-6493-4560-b4c3-8d974de78b57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         26:87:04:26:fd:e6:1a:44:06:e3:83:86:4b:1c:2e:51:91:47:
         c6:da:a9:68:3a:30:26:e3:91:eb:6a:eb:3d:0f:37:b3:77:76:
         06:ff:ae:ea:51:d1:4d:83:22:bb:1d:ec:f6:60:df:fa:cb:a6:
         37:f0:fd:82:7d:ce:c4:0e:ea:68:8a:1e:f4:6d:f9:24:ce:5b:
         d1:8b:6a:5b:b5:3a:02:0b:60:a0:cd:98:ce:a1:57:02:78:99:
         25:3c:16:44:c9:a4:cb:37:a6:58:1f:2d:96:be:c3:20:2e:16:
         67:51:d3:f2:d9:19:ab:d6:5b:e3:cd:e8:09:86:9b:53:17:70:
         9f:5e:7a:f1:cd:d0:94:bc:2d:32:0f:f8:f5:2e:d9:3d:36:b7:
         14:83:ae:df:ce:f7:d2:dd:c0:18:cb:c1:e5:76:13:04:ee:d0:
         a9:cc:24:91:5f:47:f6:be:d7:66:ef:c6:5a:b4:dc:3c:df:e0:
         a9:12:23:84:8d:de:c6:0d:8f:ad:39:98:0d:18:a3:f4:87:21:
         ae:0f:5e:97:0d:0b:2b:97:99:82:b7:0b:47:34:8f:7a:3a:a3:
         36:e5:b3:d1:40:15:aa:1d:e2:ce:14:b8:51:13:0f:4a:dd:66:
         d2:93:ed:bc:0f:bb:81:f7:6e:68:e4:bc:88:c5:14:8c:d0:24:
         68:73:78:05
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCnepOfnUZG8lM+R7lXcBBiea5lMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMTAwMDAwMDBaFw0yNTAzMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGNlZmYxYTY3MDBhNWZiYTJhZjY3YTA2YmM4ZTMxMmRkZTg2NzljMWNkZTAz
ODM0NWMyY2QyMmU3Nzg3MjFkZWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAObtnSc0EIH/uK971nOZv6BTA98UgIUgmaPUY7E4pODl5JP7Xfri8nQCSR3j
ne1di+iB/taLHpy+ClRdO7EK2Yy6GsamLVFx2nelpT4TD7RXF9iZ6E4XDTLfimFk
32QNfP7xtrbqObSlgA2TmG4RRmIYlL59CLX5D9YQHPY/e7Ldx/g2R4iP84lJ3aw7
oIoG1FieHhUw7hbFtJd7+mhxr7Mv5hDa3xcivH8/Bo2lCWT60AcgxP8Pwrh5oriK
enXL2A44q9mFc3l5w7fZy1R+6RbIEJtyDlw3KxYUfYrSFngyi2D+rW8umXOY7q3a
FV0UsQKsPBzBuAsuNOjZ+TMOCrkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT+0sSe
m9BstxPELmKt3GyWUXmSYjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTI0NmNkZDktNjQ5My00NTYwLWI0YzMtOGQ5NzRkZTc4YjU3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DjA
MA0GCSqGSIb3DQEBCwUAA4IBAQAmhwQm/eYaRAbjg4ZLHC5RkUfG2qloOjAm45Hr
aus9Dzezd3YG/67qUdFNgyK7Hez2YN/6y6Y38P2Cfc7EDupoih70bfkkzlvRi2pb
tToCC2CgzZjOoVcCeJklPBZEyaTLN6ZYHy2WvsMgLhZnUdPy2Rmr1lvjzegJhptT
F3CfXnrxzdCUvC0yD/j1Ltk9NrcUg67fzvfS3cAYy8HldhME7tCpzCSRX0f2vtdm
78ZatNw83+CpEiOEjd7GDY+tOZgNGKP0hyGuD16XDQsrl5mCtwtHNI96OqM25bPR
QBWqHeLOFLhREw9K3WbSk+28D7uB925o5LyIxRSM0CRoc3gF
-----END CERTIFICATE-----