Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/739d8b08-f82b-4a2a-841c-2faf7a331ffa.roa
File:                     739d8b08-f82b-4a2a-841c-2faf7a331ffa.roa (raw, json)
Hash identifier:          +Lr/zBmHGl811k8K6lVVKa/+JNdhZTyX7FpOLthNr74=
Subject key identifier:   07:A7:10:C1:83:E5:63:CF:65:8B:72:EC:0B:CC:84:21:FB:41:6C:E2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2BD05BE53669279260DF24F5364625A25F8ACACA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/739d8b08-f82b-4a2a-841c-2faf7a331ffa.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:d0:5b:e5:36:69:27:92:60:df:24:f5:36:46:25:a2:5f:8a:ca:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:d7:54:4c:c6:65:56:61:35:81:84:44:93:e8:
                    da:4b:24:32:97:1e:74:28:ac:03:5b:bd:e8:97:4b:
                    b0:11:d5:e4:09:a5:36:a3:3e:98:b3:c4:f3:d1:40:
                    e7:c1:2b:7d:2c:8e:d7:d0:80:01:25:f0:b5:62:85:
                    b4:20:a4:68:a6:ab:af:3c:ce:b1:cb:e4:73:b1:9e:
                    f9:1d:73:fb:5b:f8:28:7f:7d:7c:ca:75:c3:d1:72:
                    41:5b:1e:49:eb:6c:b9:70:04:6a:90:a1:83:6c:3a:
                    4d:c8:8e:62:48:31:e3:fc:38:8c:c6:dd:33:45:f9:
                    8f:48:dd:6c:47:d1:2d:14:cc:15:a9:bc:c5:d7:f2:
                    72:a3:13:02:f0:6e:3b:bb:a6:89:ab:25:60:25:4e:
                    25:83:b3:76:51:4b:06:c0:75:87:cf:47:76:61:3b:
                    31:83:78:3e:7f:3c:60:ab:e4:cc:d7:78:83:8c:db:
                    c3:0e:9a:d5:83:2a:a7:49:33:5e:5f:cf:6b:28:49:
                    e9:a6:9b:53:75:9d:33:0a:5d:3c:2f:1b:c5:d9:d6:
                    57:a6:3d:57:72:7c:ba:64:a1:af:12:e8:e7:c8:4b:
                    b1:96:73:d0:60:52:98:b3:88:25:74:1b:4b:97:8b:
                    ce:57:db:87:de:be:19:c7:e6:90:76:c7:65:b5:2d:
                    0f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A7:10:C1:83:E5:63:CF:65:8B:72:EC:0B:CC:84:21:FB:41:6C:E2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/739d8b08-f82b-4a2a-841c-2faf7a331ffa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         37:43:89:7d:7a:67:bc:47:31:89:26:5a:f7:64:3d:fc:ed:c8:
         86:6c:3a:48:67:57:78:b6:e6:05:c0:ec:c5:70:e5:1f:09:d0:
         6f:63:d1:86:44:e0:14:9d:bf:46:5f:79:d0:18:ea:89:1d:9d:
         b7:a8:7f:54:e3:48:ad:09:14:3f:8d:57:2f:3c:62:c6:8f:cd:
         a9:d6:8f:c9:99:3d:c6:e2:39:53:4e:4e:3a:ff:4c:9c:8f:7c:
         21:5b:43:40:95:22:1f:27:e2:17:8c:c2:5b:34:f9:da:be:d7:
         93:d5:a7:ff:21:71:c8:2c:80:be:76:48:6f:42:a2:25:93:e8:
         5d:4d:c3:52:f4:f9:1d:71:2d:15:8d:0d:f9:f3:65:ba:b2:40:
         9f:2c:c8:53:04:76:32:09:47:76:b8:df:10:ae:65:80:c8:c3:
         95:48:ab:50:f6:c5:f8:c4:cc:76:d4:d0:90:84:38:96:42:a0:
         b2:7f:51:a3:23:d9:a8:54:df:bf:ee:6b:04:c8:52:00:8e:e1:
         ba:c6:71:7e:06:65:f9:be:74:b6:1c:51:02:40:55:64:6d:24:
         13:44:51:56:d0:80:00:ca:63:89:b6:a8:64:ed:d6:97:11:39:
         6a:01:b1:ef:1f:45:86:18:7d:c2:39:0d:3b:cd:ee:6e:d4:46:
         6e:b3:5a:55
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUK9Bb5TZpJ5Jg3yT1NkYlol+KysowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDVhNWJlMTcxYWIwZWI5ZjAyM2NkNDBkMjVmODIzYzJiMTllMThkOTVkZTc4
Yzc3ZDNiNTQ0MDE2ZTA0NDRhN2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOzXVEzGZVZhNYGERJPo2kskMpcedCisA1u96JdLsBHV5AmlNqM+mLPE89FA
58ErfSyO19CAASXwtWKFtCCkaKarrzzOscvkc7Ge+R1z+1v4KH99fMp1w9FyQVse
SetsuXAEapChg2w6TciOYkgx4/w4jMbdM0X5j0jdbEfRLRTMFam8xdfycqMTAvBu
O7umiaslYCVOJYOzdlFLBsB1h89HdmE7MYN4Pn88YKvkzNd4g4zbww6a1YMqp0kz
Xl/PayhJ6aabU3WdMwpdPC8bxdnWV6Y9V3J8umShrxLo58hLsZZz0GBSmLOIJXQb
S5eLzlfbh96+GcfmkHbHZbUtD/MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQHpxDB
g+Vjz2WLcuwLzIQh+0Fs4jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzM5ZDhiMDgtZjgyYi00YTJhLTg0MWMtMmZhZjdhMzMxZmZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H6Q
MA0GCSqGSIb3DQEBCwUAA4IBAQA3Q4l9eme8RzGJJlr3ZD387ciGbDpIZ1d4tuYF
wOzFcOUfCdBvY9GGROAUnb9GX3nQGOqJHZ23qH9U40itCRQ/jVcvPGLGj82p1o/J
mT3G4jlTTk46/0ycj3whW0NAlSIfJ+IXjMJbNPnavteT1af/IXHILIC+dkhvQqIl
k+hdTcNS9PkdcS0VjQ3582W6skCfLMhTBHYyCUd2uN8QrmWAyMOVSKtQ9sX4xMx2
1NCQhDiWQqCyf1GjI9moVN+/7msEyFIAjuG6xnF+BmX5vnS2HFECQFVkbSQTRFFW
0IAAymOJtqhk7daXETlqAbHvH0WGGH3COQ07ze5u1EZus1pV
-----END CERTIFICATE-----