Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7037317e-bcf9-40f3-b066-0973d33451f2.roa
File:                     7037317e-bcf9-40f3-b066-0973d33451f2.roa (raw, json)
Hash identifier:          br68+7BgAIUxiBLrD+/SlFah4Z15d2hsnA5Y6KuZOyc=
Subject key identifier:   E0:61:A6:B8:6B:46:21:38:EA:C3:C1:64:EC:70:8B:30:81:40:F0:72
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5DC2809DCFF9894AED78CFB003DE7ADC6AEB1EAD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7037317e-bcf9-40f3-b066-0973d33451f2.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:c2:80:9d:cf:f9:89:4a:ed:78:cf:b0:03:de:7a:dc:6a:eb:1e:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:31:b8:c5:43:6e:2e:36:27:1c:65:ab:ef:67:
                    43:ca:87:b4:6a:24:4a:0e:b6:13:1b:be:42:8c:df:
                    52:3b:7d:8f:6e:49:da:d5:bb:33:7b:90:99:4e:2f:
                    ea:bb:7a:bd:98:e5:b1:b8:22:e3:03:79:8f:a2:e9:
                    95:5c:47:f0:8e:54:22:49:4e:e2:22:50:21:56:66:
                    dd:d6:8f:b4:c0:ad:b8:da:b6:13:f4:5f:0d:58:b7:
                    07:0e:1b:ef:cd:8d:dc:2c:4e:90:aa:06:d5:cd:65:
                    0b:9d:07:0a:c5:c8:3b:d8:a5:ac:8a:fd:d8:4b:2b:
                    c6:84:63:f4:3b:76:63:9f:30:92:55:cc:8a:6b:1d:
                    0d:70:16:41:4d:cc:63:9c:bb:fa:df:cc:80:42:5b:
                    32:ab:39:6c:15:b3:2d:2e:9e:ce:14:ba:29:f3:1e:
                    70:25:07:7b:61:23:cd:11:9b:3d:94:c9:07:8a:e4:
                    2b:4d:eb:2f:5b:f6:ed:53:62:bf:40:ac:e8:38:67:
                    f0:19:79:8f:4d:3e:9b:ff:97:19:7e:50:39:e7:8d:
                    80:10:3e:d4:d7:bf:86:4e:ad:3c:9f:58:d7:65:0b:
                    85:22:d4:86:bb:6c:d1:91:cb:7b:c9:de:b0:71:ba:
                    85:5b:57:d6:ce:69:82:18:d4:f9:3b:ec:de:41:93:
                    8b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:61:A6:B8:6B:46:21:38:EA:C3:C1:64:EC:70:8B:30:81:40:F0:72
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7037317e-bcf9-40f3-b066-0973d33451f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1e:29:57:62:df:56:34:19:44:52:a2:f7:0b:b8:0a:53:55:fe:
         66:7d:ca:eb:2a:91:8c:a8:ee:c8:5d:0a:48:5a:c1:29:51:95:
         f0:41:5d:20:cb:99:42:86:f8:26:98:a1:22:26:21:02:3b:56:
         f5:b5:2c:28:8d:87:91:fd:c7:9a:2f:8f:4f:a4:1a:f2:95:25:
         20:2f:0c:b8:60:ce:31:b9:49:73:12:c5:6a:81:0c:f2:48:3e:
         ea:70:4a:f1:ba:f0:74:b1:1b:e5:2b:32:d6:98:55:65:6c:91:
         31:a5:9f:4b:d5:c6:48:78:4f:83:06:a1:52:3e:60:10:58:fb:
         c4:d9:69:6e:e3:56:cf:58:f9:b6:25:67:35:90:5e:63:0b:53:
         54:1f:b0:74:b6:5b:17:9a:c9:00:1c:32:74:ee:96:f6:11:61:
         8f:47:66:ae:bb:51:0a:2f:db:99:1e:82:e1:66:0f:a7:2e:06:
         19:1d:a4:ad:6d:a1:7d:82:cc:2f:43:4b:00:dc:b1:7e:bb:0b:
         d9:df:fc:70:3b:ea:a4:aa:c2:79:ef:48:39:e8:57:90:a4:6d:
         60:5e:eb:44:db:96:88:e6:a8:c7:4e:99:b1:1d:96:2e:73:25:
         33:7c:ca:0c:00:ed:10:72:3a:fb:fa:a4:af:c4:77:1b:19:41:
         43:5e:8e:26
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXcKAnc/5iUrteM+wA9563GrrHq0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiODM1Yjc3MjBiMmY1ODQ0NTEyMDhhMWQyYWViYzQyOWI4NGNkNjc3N2I3
YThkZTYwYzFlZTg3MDUyNzZmYmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALAxuMVDbi42Jxxlq+9nQ8qHtGokSg62Exu+QozfUjt9j25J2tW7M3uQmU4v
6rt6vZjlsbgi4wN5j6LplVxH8I5UIklO4iJQIVZm3daPtMCtuNq2E/RfDVi3Bw4b
782N3CxOkKoG1c1lC50HCsXIO9ilrIr92EsrxoRj9Dt2Y58wklXMimsdDXAWQU3M
Y5y7+t/MgEJbMqs5bBWzLS6ezhS6KfMecCUHe2EjzRGbPZTJB4rkK03rL1v27VNi
v0Cs6Dhn8Bl5j00+m/+XGX5QOeeNgBA+1Ne/hk6tPJ9Y12ULhSLUhrts0ZHLe8ne
sHG6hVtX1s5pghjU+Tvs3kGTi98CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTgYaa4
a0YhOOrDwWTscIswgUDwcjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzAzNzMxN2UtYmNmOS00MGYzLWIwNjYtMDk3M2QzMzQ1MWYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HiQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAeKVdi31Y0GURSovcLuApTVf5mfcrrKpGMqO7I
XQpIWsEpUZXwQV0gy5lChvgmmKEiJiECO1b1tSwojYeR/ceaL49PpBrylSUgLwy4
YM4xuUlzEsVqgQzySD7qcErxuvB0sRvlKzLWmFVlbJExpZ9L1cZIeE+DBqFSPmAQ
WPvE2Wlu41bPWPm2JWc1kF5jC1NUH7B0tlsXmskAHDJ07pb2EWGPR2auu1EKL9uZ
HoLhZg+nLgYZHaStbaF9gswvQ0sA3LF+uwvZ3/xwO+qkqsJ570g56FeQpG1gXutE
25aI5qjHTpmxHZYucyUzfMoMAO0Qcjr7+qSvxHcbGUFDXo4m
-----END CERTIFICATE-----