Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
File:                     5fe931ae-e353-437d-9738-79004c5e9188.roa (raw, json)
Hash identifier:          mNYzOW09xqsanq96YFx+6py+B4r/Ztpnwyl7S7IXMD0=
Subject key identifier:   50:AB:AB:74:6A:8B:92:CE:57:F0:0A:C4:13:CF:60:C3:73:4B:EE:09
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       38D91F5513D4540545AC194FF571DD259D5CD084
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
Signing time:             Wed 05 Mar 2025 17:31:13 +0000
ROA not before:           Wed 05 Mar 2025 17:31:13 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:d9:1f:55:13:d4:54:05:45:ac:19:4f:f5:71:dd:25:9d:5c:d0:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:31:13 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8e:ae:49:f1:61:fe:b7:58:91:d4:c6:aa:79:
                    e5:b2:c5:87:44:77:77:1d:a4:46:5b:57:8b:41:d2:
                    57:b3:77:04:d6:65:c8:12:9c:56:e9:e3:bd:3a:8b:
                    15:a4:7d:e9:02:ac:b2:de:8c:10:fb:ab:09:73:4f:
                    d3:87:8d:ff:48:46:ef:df:25:e8:60:38:dd:09:cc:
                    37:79:cc:1e:c6:2d:a1:43:3c:18:63:d8:fe:20:34:
                    97:21:f5:2d:5c:22:a7:de:5d:ef:6d:66:d2:10:c7:
                    58:f2:1d:50:ae:4d:d5:a1:45:1c:dd:d4:08:cd:f6:
                    a6:e5:41:e8:0c:80:b0:df:0b:65:f9:5b:b0:34:b4:
                    51:88:c2:f4:07:c2:e5:c8:de:9f:4c:fc:f6:97:7e:
                    b6:d8:ea:47:6c:9e:3f:4c:9c:9b:e5:18:29:07:cf:
                    9b:6c:60:1e:a3:89:73:ec:c3:e8:a2:22:b5:56:77:
                    18:0d:55:2e:4d:4b:a7:ea:93:5d:db:97:29:7a:71:
                    07:82:b3:94:bd:1d:f0:a4:52:19:ec:93:da:d2:1e:
                    04:eb:6a:b5:91:df:dc:07:88:7d:64:8a:cf:12:b7:
                    d7:33:c6:d6:0b:90:4b:3e:c8:08:8a:2f:af:20:76:
                    b8:5d:27:05:91:9e:53:4c:89:82:e3:91:fd:02:0c:
                    39:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:AB:AB:74:6A:8B:92:CE:57:F0:0A:C4:13:CF:60:C3:73:4B:EE:09
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1e:22:c4:09:dd:0f:83:1c:01:29:2a:9e:43:1a:d4:ff:10:0a:
         c2:56:51:e2:9b:68:69:f5:97:da:40:c2:e2:e0:0f:62:5e:a6:
         a6:37:04:03:97:d8:1e:93:f4:94:0c:f7:21:f5:fc:d9:50:68:
         c1:36:4c:c4:48:62:ab:8c:b3:c2:6e:52:20:f3:92:99:b6:f8:
         3b:37:93:b1:6c:6e:a6:a3:19:8a:15:f7:30:68:08:b8:40:98:
         b9:e2:a4:7a:ea:d2:1b:80:71:11:f5:4a:87:5e:6f:87:31:40:
         e9:ff:1a:b1:99:4e:ad:4e:63:b9:fa:0e:79:21:08:68:0d:fe:
         ff:80:f2:9f:d7:88:36:8d:1f:8b:8a:c1:2e:2e:9b:5f:9a:56:
         43:5a:b8:42:21:4e:e7:32:f2:fb:67:ca:82:83:d2:a1:01:99:
         eb:eb:3e:31:9e:96:f0:9b:89:df:3a:29:64:a2:37:67:27:3b:
         91:32:57:4a:20:38:ba:08:71:41:43:e7:9c:fc:be:f1:49:45:
         80:83:61:fa:78:fe:9c:70:e6:85:7c:5c:bd:f0:38:df:76:f9:
         a6:26:5b:e8:3c:75:9c:7a:3d:44:b3:1f:83:6c:57:11:a2:52:
         d5:53:28:d5:99:76:6d:f3:a7:58:50:ac:78:16:58:c6:d7:9f:
         19:29:aa:30
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUONkfVRPUVAVFrBlP9XHdJZ1c0IQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzMxMTNaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDk3YmQyMGY3YzFhODliOGMyZGMwYzM3Y2I2MTA2NGRkYTRkMTBiY2U4MDgw
MTBhNWQ4NGUyMzQ5OTUyZTljZTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALGOrknxYf63WJHUxqp55bLFh0R3dx2kRltXi0HSV7N3BNZlyBKcVunjvTqL
FaR96QKsst6MEPurCXNP04eN/0hG798l6GA43QnMN3nMHsYtoUM8GGPY/iA0lyH1
LVwip95d721m0hDHWPIdUK5N1aFFHN3UCM32puVB6AyAsN8LZflbsDS0UYjC9AfC
5cjen0z89pd+ttjqR2yeP0ycm+UYKQfPm2xgHqOJc+zD6KIitVZ3GA1VLk1Lp+qT
XduXKXpxB4KzlL0d8KRSGeyT2tIeBOtqtZHf3AeIfWSKzxK31zPG1guQSz7ICIov
ryB2uF0nBZGeU0yJguOR/QIMOQkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRQq6t0
aouSzlfwCsQTz2DDc0vuCTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWZlOTMxYWUtZTM1My00MzdkLTk3MzgtNzkwMDRjNWU5MTg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTA
MA0GCSqGSIb3DQEBCwUAA4IBAQAeIsQJ3Q+DHAEpKp5DGtT/EArCVlHim2hp9Zfa
QMLi4A9iXqamNwQDl9gek/SUDPch9fzZUGjBNkzESGKrjLPCblIg85KZtvg7N5Ox
bG6moxmKFfcwaAi4QJi54qR66tIbgHER9UqHXm+HMUDp/xqxmU6tTmO5+g55IQho
Df7/gPKf14g2jR+LisEuLptfmlZDWrhCIU7nMvL7Z8qCg9KhAZnr6z4xnpbwm4nf
OilkojdnJzuRMldKIDi6CHFBQ+ec/L7xSUWAg2H6eP6ccOaFfFy98DjfdvmmJlvo
PHWcej1Esx+DbFcRolLVUyjVmXZt86dYUKx4FljG158ZKaow
-----END CERTIFICATE-----