Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b8f9832-df9b-4fc8-94da-5e883e0d6e47.roa
File:                     5b8f9832-df9b-4fc8-94da-5e883e0d6e47.roa (raw, json)
Hash identifier:          T5BwVnjPlckGrSxpxMC1poRlyhp7PyO+xrB3lfA4b/c=
Subject key identifier:   2F:0E:7C:39:B5:1D:69:70:5F:3B:CA:36:EC:FF:40:2E:07:C7:7F:3C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       38FBC5C9C5DC70B89C3DA7873473A3CAC7B964F0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b8f9832-df9b-4fc8-94da-5e883e0d6e47.roa
Signing time:             Fri 21 Mar 2025 15:00:19 +0000
ROA not before:           Fri 21 Mar 2025 15:00:19 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d030:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:fb:c5:c9:c5:dc:70:b8:9c:3d:a7:87:34:73:a3:ca:c7:b9:64:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:00:19 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f8:75:d4:0b:c3:fa:39:07:99:f4:3f:89:ec:
                    f0:32:71:5d:e7:42:d8:5b:15:76:d1:a1:db:4d:9e:
                    7f:4d:cf:04:b5:53:9a:6f:62:50:3c:08:ab:bf:c9:
                    29:91:82:43:d9:ac:4b:98:36:92:32:f4:42:fd:4d:
                    9e:d8:18:eb:89:3d:c8:d7:24:ea:1b:37:a7:af:ff:
                    94:12:ae:62:c8:89:d7:f5:42:75:70:47:1d:8e:84:
                    e7:31:61:98:99:bd:b6:3d:ff:b9:fa:a4:ad:da:48:
                    cf:68:21:db:ba:7b:e8:4a:b2:b8:bc:00:a4:ff:de:
                    c3:a0:90:7d:23:43:db:1c:4f:9f:cc:a9:c0:9d:c1:
                    c7:22:c8:78:fa:a3:2d:e8:bd:24:67:13:fe:30:7b:
                    6d:43:97:0a:ac:0c:c1:64:d1:15:cc:2d:71:7d:09:
                    eb:ee:14:b3:e8:2d:66:1d:39:f3:00:69:de:2b:77:
                    1e:79:8b:94:57:85:eb:6c:73:ba:f5:da:53:86:33:
                    be:a4:e9:45:c2:b5:61:19:33:41:5e:2b:0e:82:4b:
                    91:88:95:53:e8:45:29:90:5a:fe:3b:d8:24:23:d4:
                    68:8e:6d:9b:d5:a1:49:4b:ef:89:fc:83:4f:4e:59:
                    7f:ac:41:4c:9a:50:b2:18:b2:65:6d:d3:19:cf:ad:
                    fc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:0E:7C:39:B5:1D:69:70:5F:3B:CA:36:EC:FF:40:2E:07:C7:7F:3C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b8f9832-df9b-4fc8-94da-5e883e0d6e47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:4d:48:e0:50:ed:89:29:12:80:6d:47:28:a1:12:98:6b:d7:
         eb:e1:2b:cb:4c:1b:03:09:8e:9d:c8:33:e5:47:c1:f3:8d:5f:
         4e:0b:a4:59:20:80:ca:33:0f:21:19:86:96:de:44:fb:63:d7:
         6b:11:e4:99:06:7b:2a:c7:30:12:73:61:7b:35:c5:93:8e:28:
         d1:ab:e1:50:a5:50:cf:5b:b9:06:54:9f:a1:d2:7f:a6:69:c0:
         59:0d:0e:43:51:c3:d2:ae:00:1c:59:0f:1d:37:2d:5e:d8:e4:
         94:ce:44:d7:ff:f1:ec:63:db:88:f9:9f:73:de:eb:d4:c0:03:
         a0:64:29:dc:95:a3:88:a1:e4:d2:fe:5e:6c:ca:7e:43:41:14:
         b7:08:c4:63:fa:2b:07:8d:72:65:a2:29:c4:cd:8d:0c:fb:1a:
         88:59:f9:51:a2:90:b2:d0:1f:1c:e5:02:96:c9:1b:bd:49:9a:
         8c:52:e4:9e:57:cb:04:5b:ce:17:05:2e:f7:c0:78:9c:ca:2c:
         53:07:2f:ea:9c:41:9f:40:a3:47:ab:3b:3a:60:99:d9:bb:7b:
         56:3d:3e:8c:e7:58:73:c5:55:b0:44:1e:df:58:52:fa:63:71:
         80:31:a1:ec:ac:d4:04:cf:f3:e9:99:2d:8f:55:33:32:42:87:
         08:2f:1d:5e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOPvFycXccLicPaeHNHOjyse5ZPAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAwMTlaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZhOWNhZjNjYjllN2MyOGU2N2VmNTI4MGIyZjZlMDdkZGMyOWVmOWE2NTQ3
NDM4NzZhOTUwMDJlYzRjZmRjZmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALb4ddQLw/o5B5n0P4ns8DJxXedC2FsVdtGh202ef03PBLVTmm9iUDwIq7/J
KZGCQ9msS5g2kjL0Qv1NntgY64k9yNck6hs3p6//lBKuYsiJ1/VCdXBHHY6E5zFh
mJm9tj3/ufqkrdpIz2gh27p76EqyuLwApP/ew6CQfSND2xxPn8ypwJ3BxyLIePqj
Lei9JGcT/jB7bUOXCqwMwWTRFcwtcX0J6+4Us+gtZh058wBp3it3HnmLlFeF62xz
uvXaU4YzvqTpRcK1YRkzQV4rDoJLkYiVU+hFKZBa/jvYJCPUaI5tm9WhSUvvifyD
T05Zf6xBTJpQshiyZW3TGc+t/OUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQvDnw5
tR1pcF87yjbs/0AuB8d/PDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWI4Zjk4MzItZGY5Yi00ZmM4LTk0ZGEtNWU4ODNlMGQ2ZTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DCA
MA0GCSqGSIb3DQEBCwUAA4IBAQAJTUjgUO2JKRKAbUcooRKYa9fr4SvLTBsDCY6d
yDPlR8HzjV9OC6RZIIDKMw8hGYaW3kT7Y9drEeSZBnsqxzASc2F7NcWTjijRq+FQ
pVDPW7kGVJ+h0n+macBZDQ5DUcPSrgAcWQ8dNy1e2OSUzkTX//HsY9uI+Z9z3uvU
wAOgZCnclaOIoeTS/l5syn5DQRS3CMRj+isHjXJloinEzY0M+xqIWflRopCy0B8c
5QKWyRu9SZqMUuSeV8sEW84XBS73wHicyixTBy/qnEGfQKNHqzs6YJnZu3tWPT6M
51hzxVWwRB7fWFL6Y3GAMaHsrNQEz/PpmS2PVTMyQocILx1e
-----END CERTIFICATE-----