Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa
File:                     5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa (raw, json)
Hash identifier:          AQhVuIEuNdJXyuyhlPHw11IaiVrYiHJ2mji47EwR+5E=
Subject key identifier:   53:C3:50:6D:21:5A:2A:20:3C:68:15:3E:88:F5:1E:CE:D8:06:AA:CE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       262BFE9086008A7BBE16F65959CDF8D6C9AA31C1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07a:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:2b:fe:90:86:00:8a:7b:be:16:f6:59:59:cd:f8:d6:c9:aa:31:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:df:57:c0:69:08:c4:aa:68:2a:8b:1f:1c:b3:
                    a9:73:88:41:41:fb:68:5e:5d:cc:ca:db:0d:5a:a8:
                    f7:26:f6:b7:87:7b:31:76:53:ab:a2:ca:7c:df:fd:
                    6f:cb:69:fa:51:8b:8a:64:e5:69:3c:08:8b:20:49:
                    aa:96:e6:2e:3f:a1:80:67:91:ec:a3:4a:59:80:2e:
                    dc:1b:91:30:60:bc:a1:68:94:3f:08:9a:70:0f:6e:
                    20:ec:a1:88:78:4b:24:ce:61:1d:a8:56:b5:e3:f4:
                    8a:ae:31:41:8c:cd:a3:f2:f0:48:ef:80:32:7a:51:
                    f0:d8:c4:92:1d:d3:de:86:d2:6e:90:c6:df:00:13:
                    6f:de:b5:22:01:26:6e:9e:95:85:8d:96:bf:86:19:
                    15:b9:1b:a1:19:f6:34:61:ac:2e:8b:a2:a4:72:6e:
                    aa:de:b9:d3:ae:36:7b:c7:3f:f4:21:2a:e2:3b:51:
                    0e:88:04:53:50:61:00:00:e8:97:b5:82:53:52:a1:
                    f5:88:c1:ce:ba:78:45:37:7b:0b:66:96:2d:6f:9f:
                    0c:eb:10:d8:e9:b6:b3:75:5b:ed:ad:7f:df:5e:e9:
                    b2:16:6c:da:16:59:c8:be:cb:84:bb:6f:aa:da:ce:
                    e6:50:db:38:de:cc:40:ee:e1:15:81:73:9d:48:33:
                    61:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C3:50:6D:21:5A:2A:20:3C:68:15:3E:88:F5:1E:CE:D8:06:AA:CE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07a:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         18:59:2a:30:e7:6f:e0:8e:0f:27:44:60:20:25:f5:94:a8:5f:
         8b:a0:af:2e:02:43:75:09:8e:8c:ab:a6:89:01:12:76:c0:5c:
         b5:4f:bc:63:cc:40:db:85:55:2a:6f:d9:37:60:fa:5c:bc:8c:
         f9:3d:4c:7b:f6:cf:1e:14:6d:91:df:21:1b:48:fd:60:b8:8e:
         4e:c3:24:4c:dc:67:49:39:3b:92:b3:71:79:94:9b:b8:e5:af:
         10:9a:80:a3:80:69:b0:89:75:6a:7e:ad:f8:0b:6f:2e:fe:66:
         ff:ef:4d:7e:82:17:1e:32:f6:ae:82:a7:c8:04:ed:ef:e0:cd:
         5d:78:69:43:ee:59:7f:fc:18:2b:be:14:0c:c2:cd:cf:68:53:
         88:d0:e6:f7:0a:d8:71:18:31:61:af:f0:64:dc:31:38:75:80:
         a8:d5:c5:da:33:27:10:c4:9e:3f:ec:71:08:1a:36:ce:3a:e3:
         50:30:5f:ff:a0:bf:9d:c6:8d:28:b8:58:0b:11:a8:e3:13:51:
         66:41:9b:67:f9:5b:3d:db:d1:3c:4f:3c:7e:5b:47:1c:e9:7d:
         b5:60:23:04:88:1e:a9:16:10:d7:a0:d5:ca:aa:ec:aa:b6:ec:
         f6:0f:1c:75:01:11:7a:8d:cf:98:04:be:21:d4:55:f7:e5:b1:
         3c:6c:29:0f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJiv+kIYAinu+FvZZWc341smqMcEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQzZGU3Y2E2YzlmZDE3MDk4ZWIyYTZjYjM0NmU0YWJkODU0ZjRjMzNlZGZk
OTJiM2M4OTBlN2MwMDE1YzI5ODcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL7fV8BpCMSqaCqLHxyzqXOIQUH7aF5dzMrbDVqo9yb2t4d7MXZTq6LKfN/9
b8tp+lGLimTlaTwIiyBJqpbmLj+hgGeR7KNKWYAu3BuRMGC8oWiUPwiacA9uIOyh
iHhLJM5hHahWteP0iq4xQYzNo/LwSO+AMnpR8NjEkh3T3obSbpDG3wATb961IgEm
bp6VhY2Wv4YZFbkboRn2NGGsLouipHJuqt650642e8c/9CEq4jtRDogEU1BhAADo
l7WCU1Kh9YjBzrp4RTd7C2aWLW+fDOsQ2Om2s3Vb7a1/317pshZs2hZZyL7LhLtv
qtrO5lDbON7MQO7hFYFznUgzYWsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRTw1Bt
IVoqIDxoFT6I9R7O2AaqzjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWQ4ZTgzMWUtNGQ2MS00NDliLWE1MzItYTFkZDlkNzQzYWM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hog
MA0GCSqGSIb3DQEBCwUAA4IBAQAYWSow52/gjg8nRGAgJfWUqF+LoK8uAkN1CY6M
q6aJARJ2wFy1T7xjzEDbhVUqb9k3YPpcvIz5PUx79s8eFG2R3yEbSP1guI5OwyRM
3GdJOTuSs3F5lJu45a8QmoCjgGmwiXVqfq34C28u/mb/701+ghceMvaugqfIBO3v
4M1deGlD7ll//BgrvhQMws3PaFOI0Ob3CthxGDFhr/Bk3DE4dYCo1cXaMycQxJ4/
7HEIGjbOOuNQMF//oL+dxo0ouFgLEajjE1FmQZtn+Vs929E8Tzx+W0cc6X21YCME
iB6pFhDXoNXKquyqtuz2Dxx1ARF6jc+YBL4h1FX35bE8bCkP
-----END CERTIFICATE-----