Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
File:                     595250c3-e9f2-4e23-9779-87c47497f520.roa (raw, json)
Hash identifier:          zSfLQGAaXleF8lKRUZ0YNcKLlHNtaMLoviboYfGqE7w=
Subject key identifier:   DC:A1:CF:F5:D9:5B:B7:B2:71:3E:A5:78:99:87:03:66:CD:D3:EF:C0
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4CC7DCB2FC27039897516DB076D72424ADF9C939
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:c7:dc:b2:fc:27:03:98:97:51:6d:b0:76:d7:24:24:ad:f9:c9:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4a:7b:7f:63:c5:ce:59:4b:12:f8:8a:dd:17:
                    e1:11:f9:7a:d1:e0:c4:9a:bd:37:76:35:7f:67:6f:
                    58:3d:78:30:9f:5e:7d:17:2b:ff:37:ee:8d:7c:f4:
                    2a:ef:79:6a:20:53:2e:47:99:e2:cf:da:a4:dc:e7:
                    72:40:1d:bc:28:c5:6f:88:3f:a6:ad:48:83:70:81:
                    fa:c2:eb:c3:1b:68:a1:d2:40:e9:ad:34:2f:cb:7a:
                    24:b9:82:a2:7a:28:ba:7a:34:4d:f2:af:85:6c:f4:
                    19:f3:ff:7b:7d:9f:11:5d:dc:9a:0d:d7:b6:cf:8b:
                    c0:3e:3e:8f:d4:f4:93:85:b0:23:05:e5:f2:f9:43:
                    ef:d8:6f:08:8f:ae:67:ac:32:cd:4e:80:7b:ba:17:
                    1f:9f:d1:25:10:b2:a6:45:d0:9b:3a:04:cd:24:93:
                    5d:6f:9d:2c:9b:b4:a7:a0:68:56:0b:f3:68:e3:53:
                    12:64:67:bb:ba:9a:1c:6a:52:a8:08:b6:05:3e:71:
                    7c:a2:79:6e:51:9a:68:7f:1b:52:5a:f4:0a:6b:46:
                    a2:2b:13:0d:b3:da:f0:df:4b:e7:c7:8d:b8:07:a4:
                    fa:11:6c:cb:4f:2a:81:58:9a:39:d4:dd:8b:00:d1:
                    be:0f:5f:78:d2:f3:0d:70:0c:d3:ec:bc:f4:9e:82:
                    bb:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A1:CF:F5:D9:5B:B7:B2:71:3E:A5:78:99:87:03:66:CD:D3:EF:C0
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ad:5a:a1:5e:44:29:ce:7c:01:1b:fc:5b:85:e5:bf:b5:fb:ef:
         98:bb:75:ec:36:f1:a6:ba:dc:b6:fd:0b:cb:59:77:68:bb:95:
         43:98:b9:f3:c2:62:4c:9d:3b:17:a7:14:7d:2a:63:a6:39:5a:
         6c:ad:04:f0:0c:0e:17:ad:b2:d5:43:00:c5:a7:18:47:c8:03:
         3c:a4:66:56:1c:6e:26:62:1d:7a:b4:f6:56:bd:8c:b9:d6:fb:
         09:8d:35:dc:aa:7d:a2:53:c0:49:a9:7b:15:53:87:aa:3e:db:
         c6:c6:af:e0:51:e5:dd:5f:19:2d:8e:73:52:13:29:4c:69:ab:
         2c:23:ed:8f:f7:63:a4:d3:78:f8:1f:15:e9:0b:38:01:b2:08:
         99:a2:e1:49:a9:91:1e:42:09:84:18:52:44:75:f5:01:b2:45:
         8b:b3:29:fd:7f:72:32:48:9b:eb:d7:31:b4:1e:f2:a9:43:6a:
         1a:9d:8e:6e:b3:34:25:4e:a8:05:ac:4e:f4:71:b1:11:dc:a6:
         91:98:c4:96:c4:a0:f6:67:0a:34:e6:53:3c:99:92:54:17:f3:
         93:b5:76:1b:14:5f:59:1f:b2:34:a6:33:c6:77:fb:2a:87:a5:
         7b:4e:4e:bb:f7:49:c3:f3:f2:bc:44:f3:ff:d6:b0:f4:1b:33:
         7f:91:f2:19
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTMfcsvwnA5iXUW2wdtckJK35yTkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDZhZDA3Yjg2MDU0MTZlYzliMzRiM2QwMTU1ZGE3ODU3YjQ1MjU0YWQ1NzA5
NjEzNDJiNTNjZjUzMDU2MzE2YmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI1Ke39jxc5ZSxL4it0X4RH5etHgxJq9N3Y1f2dvWD14MJ9efRcr/zfujXz0
Ku95aiBTLkeZ4s/apNznckAdvCjFb4g/pq1Ig3CB+sLrwxtoodJA6a00L8t6JLmC
onoouno0TfKvhWz0GfP/e32fEV3cmg3Xts+LwD4+j9T0k4WwIwXl8vlD79hvCI+u
Z6wyzU6Ae7oXH5/RJRCypkXQmzoEzSSTXW+dLJu0p6BoVgvzaONTEmRnu7qaHGpS
qAi2BT5xfKJ5blGaaH8bUlr0CmtGoisTDbPa8N9L58eNuAek+hFsy08qgViaOdTd
iwDRvg9feNLzDXAM0+y89J6Cu4cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTcoc/1
2Vu3snE+pXiZhwNmzdPvwDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTk1MjUwYzMtZTlmMi00ZTIzLTk3NzktODdjNDc0OTdmNTIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HhQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCtWqFeRCnOfAEb/FuF5b+1+++Yu3XsNvGmuty2
/QvLWXdou5VDmLnzwmJMnTsXpxR9KmOmOVpsrQTwDA4XrbLVQwDFpxhHyAM8pGZW
HG4mYh16tPZWvYy51vsJjTXcqn2iU8BJqXsVU4eqPtvGxq/gUeXdXxktjnNSEylM
aassI+2P92Ok03j4HxXpCzgBsgiZouFJqZEeQgmEGFJEdfUBskWLsyn9f3IySJvr
1zG0HvKpQ2oanY5uszQlTqgFrE70cbER3KaRmMSWxKD2Zwo05lM8mZJUF/OTtXYb
FF9ZH7I0pjPGd/sqh6V7Tk6790nD8/K8RPP/1rD0GzN/kfIZ
-----END CERTIFICATE-----