Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
File:                     68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa (raw, json)
Hash identifier:          rXK/C8vh1hsj+CnBk1nB7E/raXwAZ3GdVTILPD0frjU=
Subject key identifier:   5A:D1:EC:82:B1:45:4A:47:13:21:65:37:6F:7E:A2:75:E7:52:E8:01
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1E424DB0FB135982045DCA90A2A7977221FC183A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:42:4d:b0:fb:13:59:82:04:5d:ca:90:a2:a7:97:72:21:fc:18:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:95:2e:e9:53:83:67:82:9d:5f:4c:f0:54:2a:
                    61:76:e9:3c:5c:01:c3:16:1a:e0:4f:4e:31:b4:cd:
                    a3:ce:dd:7d:d5:19:d3:be:e5:72:11:c6:7a:9f:0a:
                    80:88:14:32:47:5c:e0:b3:41:d7:29:03:fe:1d:92:
                    00:c7:2c:8d:72:35:8d:e2:cf:07:34:d5:07:49:13:
                    81:e9:ed:3d:f2:26:df:83:8d:87:73:b9:05:dd:c9:
                    f2:ac:e8:78:fe:9c:3f:ea:6d:b5:96:10:fe:46:fa:
                    be:18:75:98:c8:ef:dc:24:8a:0b:10:d4:fd:b0:ec:
                    40:e0:90:bc:3a:c2:d3:24:27:59:de:ab:91:21:70:
                    b6:13:a5:f9:14:56:1e:64:1e:64:06:1c:a2:b5:20:
                    af:5c:42:94:1c:9c:b6:95:39:62:1d:95:5c:ef:37:
                    17:e5:ea:d6:c1:94:f1:b7:96:c0:bb:fd:f4:e5:36:
                    02:08:7d:da:5c:70:49:72:35:32:90:37:29:cd:3a:
                    d3:42:79:b9:93:5a:56:bc:cc:87:d6:fd:79:7e:6e:
                    26:6a:73:00:57:40:13:c0:c7:51:37:55:a9:1a:61:
                    f6:1a:8e:d3:02:c4:cd:d9:df:41:d9:e2:66:f3:d0:
                    2f:d0:eb:59:fa:83:a9:4b:2a:1a:cd:bd:9b:b9:c0:
                    61:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:D1:EC:82:B1:45:4A:47:13:21:65:37:6F:7E:A2:75:E7:52:E8:01
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         14:c6:fc:12:b3:42:89:ce:12:34:85:86:0e:cb:3d:56:53:34:
         96:cc:d1:ab:44:85:f6:6a:5c:62:71:8f:7f:55:36:34:c2:2d:
         06:15:5b:bd:87:e2:23:34:8e:0c:da:83:81:3f:12:ed:3a:5b:
         15:f7:6f:a1:99:2b:9d:70:4f:66:1e:19:f2:bd:7c:ab:af:c5:
         c9:f3:a1:7f:42:62:40:1d:98:07:bf:81:4a:05:48:07:25:78:
         2b:87:e1:16:4a:5b:95:55:93:06:c6:fc:58:0f:ee:17:b0:1f:
         2f:d4:05:d1:b3:23:92:dd:2b:32:a2:0d:26:bb:94:36:3f:b0:
         e6:12:1e:34:c8:f7:0d:78:ed:06:5c:40:65:8f:06:1e:87:a2:
         c0:0c:ee:58:af:cc:6b:a3:64:d0:08:da:f6:55:8c:c0:23:52:
         d4:cd:39:8d:02:89:03:85:7a:cd:45:06:58:b0:9d:6b:2e:14:
         22:af:52:2f:7a:0d:cc:e5:5f:3c:b4:f2:16:e7:75:2a:74:a7:
         a6:99:c5:3b:da:83:73:8c:7a:eb:6c:0a:17:85:19:26:7d:4d:
         7a:b7:58:d6:83:fb:2d:e3:93:da:e7:9c:ba:f0:51:c7:15:10:
         71:c0:de:c9:02:9a:e2:eb:00:e7:c6:a8:bc:41:cd:e4:97:82:
         cd:b9:5b:df
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHkJNsPsTWYIEXcqQoqeXciH8GDowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDEyOGEwNzZlOGJiZjVkNDVmYzE3NzUwZjAxYmQyNDNkNGFlOWE0MTQ5YzNj
MjcxZGU3YWUyYzkwYzk0YTU5NzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJiVLulTg2eCnV9M8FQqYXbpPFwBwxYa4E9OMbTNo87dfdUZ077lchHGep8K
gIgUMkdc4LNB1ykD/h2SAMcsjXI1jeLPBzTVB0kTgentPfIm34ONh3O5Bd3J8qzo
eP6cP+pttZYQ/kb6vhh1mMjv3CSKCxDU/bDsQOCQvDrC0yQnWd6rkSFwthOl+RRW
HmQeZAYcorUgr1xClByctpU5Yh2VXO83F+Xq1sGU8beWwLv99OU2Agh92lxwSXI1
MpA3Kc0600J5uZNaVrzMh9b9eX5uJmpzAFdAE8DHUTdVqRph9hqO0wLEzdnfQdni
ZvPQL9DrWfqDqUsqGs29m7nAYdsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRa0eyC
sUVKRxMhZTdvfqJ151LoATAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhkNWQ5MzQtZmVkNi00OWE1LWFlMDMtYTI4YTU4NmU5YzJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fig
MA0GCSqGSIb3DQEBCwUAA4IBAQAUxvwSs0KJzhI0hYYOyz1WUzSWzNGrRIX2alxi
cY9/VTY0wi0GFVu9h+IjNI4M2oOBPxLtOlsV92+hmSudcE9mHhnyvXyrr8XJ86F/
QmJAHZgHv4FKBUgHJXgrh+EWSluVVZMGxvxYD+4XsB8v1AXRsyOS3Ssyog0mu5Q2
P7DmEh40yPcNeO0GXEBljwYeh6LADO5Yr8xro2TQCNr2VYzAI1LUzTmNAokDhXrN
RQZYsJ1rLhQir1Iveg3M5V88tPIW53UqdKemmcU72oNzjHrrbAoXhRkmfU16t1jW
g/st45Pa55y68FHHFRBxwN7JApri6wDnxqi8Qc3kl4LNuVvf
-----END CERTIFICATE-----