Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7bbd25c8-3460-4cc0-b71f-27d04e964e37.roa
File:                     7bbd25c8-3460-4cc0-b71f-27d04e964e37.roa (raw, json)
Hash identifier:          mIB+Z4Ke8KKLoMInKs7OTAie5+tuGtMMjHsLQ6phVbc=
Subject key identifier:   8F:FF:A7:95:94:58:A3:DB:DB:12:0F:48:81:8F:C3:11:06:F6:18:86
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       70B7EFFB83479F83D58E620004329F01931A2AD3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7bbd25c8-3460-4cc0-b71f-27d04e964e37.roa
Signing time:             Fri 07 Mar 2025 15:00:24 +0000
ROA not before:           Fri 07 Mar 2025 15:00:24 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:b7:ef:fb:83:47:9f:83:d5:8e:62:00:04:32:9f:01:93:1a:2a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  7 15:00:24 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:10:4e:f2:b6:a1:d1:ec:f2:3b:a5:1f:39:c3:
                    f3:81:a9:77:67:91:e2:97:9e:85:3f:fc:7b:8b:ab:
                    8e:d4:9e:a9:a1:5e:6c:df:14:8b:1f:e8:3d:8e:58:
                    db:f6:91:ec:5a:d4:8c:26:74:3f:a9:dd:a9:56:bb:
                    c8:28:16:05:11:3d:5c:03:d1:d8:09:08:b2:51:73:
                    3a:ba:e3:68:a5:a6:6b:1a:dc:cb:a3:3f:09:a6:e2:
                    90:a3:b6:d9:f6:cc:c0:0f:e8:ee:1f:e0:da:36:82:
                    45:b3:80:b8:c7:9b:75:e1:ca:ce:62:66:1f:46:77:
                    b1:14:ea:c9:68:a1:48:61:3a:af:dc:02:0e:4c:5b:
                    e2:2f:66:ca:03:33:01:5c:0c:59:ee:bd:46:63:46:
                    ed:33:1f:91:5c:8f:15:9e:4b:90:6e:5b:49:54:36:
                    e3:c2:dd:5e:48:33:2f:8b:e0:df:de:01:c7:dd:fa:
                    e6:b4:e8:34:84:12:23:c8:3b:cc:ca:42:5a:5f:85:
                    78:83:aa:32:29:8b:56:ce:b0:6e:e3:2c:9f:b6:63:
                    74:c4:d0:16:9b:2b:87:9f:e8:9b:4d:de:f5:7c:37:
                    93:13:83:71:dd:da:05:0f:b1:05:bd:82:24:cc:b2:
                    8f:7c:8e:42:79:22:b6:8a:bb:c0:1d:4f:cf:93:45:
                    61:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:FF:A7:95:94:58:A3:DB:DB:12:0F:48:81:8F:C3:11:06:F6:18:86
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7bbd25c8-3460-4cc0-b71f-27d04e964e37.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9c:a0:59:74:e2:09:41:0d:27:de:e4:af:a5:e5:e8:2e:e0:99:
         cd:2b:94:a5:f5:f9:34:5e:21:32:21:a2:de:80:3b:e4:8c:b1:
         50:a3:68:ac:50:85:21:c2:f3:fc:5d:e3:01:b9:85:ed:7d:4a:
         bd:9f:1e:7a:64:fa:59:f4:0b:35:9e:03:c1:f4:d0:35:b7:71:
         29:5f:36:75:5c:5b:7d:1c:6c:c3:64:14:40:1b:63:5b:d6:f0:
         7c:7a:d6:9d:16:0a:4f:5d:7b:7c:53:23:82:7b:06:8c:97:27:
         5a:99:2b:b6:58:10:8b:16:ae:b4:42:4b:8d:49:d8:c5:af:9e:
         cd:fa:bd:f1:2a:f1:8c:1e:7c:8f:8b:c6:6b:55:6d:1b:38:9f:
         61:71:95:15:a2:53:d3:a7:64:fa:b4:ec:17:06:01:08:d8:f5:
         0d:ae:81:e4:3c:51:2c:e6:14:48:f2:d5:7d:4a:23:d7:53:00:
         a7:03:41:88:4d:86:b4:29:9d:37:b5:95:98:38:98:af:e4:1c:
         dc:5e:70:bf:ca:d8:d7:53:71:ff:75:cf:f3:40:06:d6:6b:a6:
         10:da:b4:70:d4:2f:0d:50:91:6d:b9:59:8f:69:21:18:eb:cf:
         a1:09:b5:52:5c:64:e7:c6:2a:e7:24:08:6b:43:47:b9:9b:20:
         3f:b1:ce:5b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcLfv+4NHn4PVjmIABDKfAZMaKtMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDcxNTAwMjRaFw0yNTA0MTEyMzU5NTlaMHoxSTBHBgNV
BAUTQDVkMzU3OTZkN2FkZjgxNzM4NDcwYTM2ZjJjOWMwNTI3NmU5NjRlMDM5OTQy
NTI2OTI0M2IyYjljYmFhYWUwM2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANUQTvK2odHs8julHznD84Gpd2eR4peehT/8e4urjtSeqaFebN8Uix/oPY5Y
2/aR7FrUjCZ0P6ndqVa7yCgWBRE9XAPR2AkIslFzOrrjaKWmaxrcy6M/CabikKO2
2fbMwA/o7h/g2jaCRbOAuMebdeHKzmJmH0Z3sRTqyWihSGE6r9wCDkxb4i9mygMz
AVwMWe69RmNG7TMfkVyPFZ5LkG5bSVQ248LdXkgzL4vg394Bx9365rToNIQSI8g7
zMpCWl+FeIOqMimLVs6wbuMsn7ZjdMTQFpsrh5/om03e9Xw3kxODcd3aBQ+xBb2C
JMyyj3yOQnkitoq7wB1Pz5NFYRUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSP/6eV
lFij29sSD0iBj8MRBvYYhjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2JiZDI1YzgtMzQ2MC00Y2MwLWI3MWYtMjdkMDRlOTY0ZTM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fng
MA0GCSqGSIb3DQEBCwUAA4IBAQCcoFl04glBDSfe5K+l5egu4JnNK5Sl9fk0XiEy
IaLegDvkjLFQo2isUIUhwvP8XeMBuYXtfUq9nx56ZPpZ9As1ngPB9NA1t3EpXzZ1
XFt9HGzDZBRAG2Nb1vB8etadFgpPXXt8UyOCewaMlydamSu2WBCLFq60QkuNSdjF
r57N+r3xKvGMHnyPi8ZrVW0bOJ9hcZUVolPTp2T6tOwXBgEI2PUNroHkPFEs5hRI
8tV9SiPXUwCnA0GITYa0KZ03tZWYOJiv5BzcXnC/ytjXU3H/dc/zQAbWa6YQ2rRw
1C8NUJFtuVmPaSEY68+hCbVSXGTnxirnJAhrQ0e5myA/sc5b
-----END CERTIFICATE-----