Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7bbd25c8-3460-4cc0-b71f-27d04e964e37.roa
File:                     7bbd25c8-3460-4cc0-b71f-27d04e964e37.roa (raw, json)
Hash identifier:          BqMXBZ04S4gN7BlxSwuhcJCHEay34cU5xHed164ItxQ=
Subject key identifier:   5B:AD:CC:E6:D2:29:D6:26:EB:F9:36:1B:28:AF:3A:27:0B:62:5F:8A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       47DBBED04CB257AF92EFF1E7D957B1AD0601A7DF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7bbd25c8-3460-4cc0-b71f-27d04e964e37.roa
Signing time:             Mon 10 Feb 2025 00:00:00 +0000
ROA not before:           Mon 10 Feb 2025 00:00:00 +0000
ROA not after:            Mon 17 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:db:be:d0:4c:b2:57:af:92:ef:f1:e7:d9:57:b1:ad:06:01:a7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb 10 00:00:00 2025 GMT
            Not After : Mar 17 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0d:1c:ec:31:81:31:0b:de:06:d8:c9:49:5b:
                    64:73:a5:77:0e:5d:a1:41:95:e0:ec:31:dc:12:a5:
                    08:af:a1:22:bd:67:77:ff:50:7e:2f:d1:24:f2:a7:
                    78:bf:d0:3c:55:2d:89:48:02:82:f7:67:34:3a:e3:
                    18:42:49:1e:c5:dc:d8:e6:dd:8c:c9:6b:37:2a:09:
                    38:15:ba:95:a2:d5:91:66:74:04:dd:20:fc:fe:67:
                    f5:a5:28:b6:bc:ba:be:9f:9a:a8:a8:57:42:57:41:
                    c8:9c:c6:e0:ea:99:a2:4d:fe:73:6e:61:d4:c6:d5:
                    a3:59:a5:66:6b:03:c5:a3:78:1c:bf:d1:f6:3d:a8:
                    39:9e:ce:aa:b3:c4:5f:5e:5b:42:4c:b5:e0:5a:5f:
                    1c:67:c0:11:fc:b0:d8:2e:03:db:ee:e7:b5:21:66:
                    09:db:fd:00:23:1b:51:f1:18:53:9f:80:08:55:5a:
                    f7:5c:95:b5:52:66:81:cc:e6:d3:94:8c:20:a3:c8:
                    d4:77:bb:3b:6a:07:c8:41:a3:9b:b4:ac:99:fd:75:
                    10:f4:ce:a3:bb:19:79:d9:5f:e9:63:49:cc:73:22:
                    b9:4e:1e:24:a0:37:55:73:86:d5:1e:01:b4:8d:57:
                    e8:7e:38:6a:5b:92:b3:6f:8e:d6:79:4b:3c:f9:1d:
                    10:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:AD:CC:E6:D2:29:D6:26:EB:F9:36:1B:28:AF:3A:27:0B:62:5F:8A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7bbd25c8-3460-4cc0-b71f-27d04e964e37.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         49:79:dc:f2:9c:84:aa:59:e4:41:40:0a:8d:72:1f:b8:4f:97:
         8b:c1:af:e1:cd:56:83:0f:41:52:62:bf:60:ad:bc:12:7b:f6:
         7a:58:63:f4:b0:f8:4c:5a:ad:61:e2:ea:d8:37:04:9b:08:a9:
         a5:d8:41:23:45:c0:5d:4f:b2:6c:14:63:e3:78:c6:e3:3b:9f:
         dd:9b:87:9b:0e:10:3f:78:12:ab:6a:52:19:56:78:61:59:8a:
         58:af:84:e6:9c:e6:49:10:ad:be:ea:d5:6d:b2:73:76:74:ee:
         67:8d:31:56:d8:5a:2e:0f:f6:48:19:82:0a:d3:9b:9a:af:c9:
         51:0f:26:2a:08:ee:b9:51:e9:05:58:c1:4d:9a:4c:4c:2e:1f:
         97:26:1f:b7:4d:0a:65:a8:1f:0c:8d:f6:b5:f7:40:b4:c8:3a:
         f5:f9:b9:35:ba:9f:3b:d4:e7:89:2a:2e:bb:da:3c:b2:23:d5:
         11:3a:63:4d:d6:78:70:5c:8a:bb:17:4d:10:22:0b:a4:a6:11:
         c1:6b:33:48:0e:c7:06:64:f1:73:d9:a4:88:e4:8e:35:21:72:
         98:82:0e:15:e9:26:ba:26:21:cf:77:f6:4a:e4:a5:14:cf:fe:
         87:26:8e:b7:f3:75:ef:29:62:70:50:b3:0e:8c:01:c0:9e:b3:
         36:4c:bd:88
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUR9u+0EyyV6+S7/Hn2VexrQYBp98wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMTAwMDAwMDBaFw0yNTAzMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ4NTI4NmI4ODRkYzA0MWNhZjU0MjFmZWU5YzY3ZDYyMzk0NThmMDQxMWJj
ZWY4YTI2YTU5NDU4YmMxZjg1ZjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOMNHOwxgTEL3gbYyUlbZHOldw5doUGV4Owx3BKlCK+hIr1nd/9Qfi/RJPKn
eL/QPFUtiUgCgvdnNDrjGEJJHsXc2ObdjMlrNyoJOBW6laLVkWZ0BN0g/P5n9aUo
try6vp+aqKhXQldByJzG4OqZok3+c25h1MbVo1mlZmsDxaN4HL/R9j2oOZ7OqrPE
X15bQky14FpfHGfAEfyw2C4D2+7ntSFmCdv9ACMbUfEYU5+ACFVa91yVtVJmgczm
05SMIKPI1He7O2oHyEGjm7Ssmf11EPTOo7sZedlf6WNJzHMiuU4eJKA3VXOG1R4B
tI1X6H44aluSs2+O1nlLPPkdEJ0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRbrczm
0inWJuv5NhsorzonC2JfijAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2JiZDI1YzgtMzQ2MC00Y2MwLWI3MWYtMjdkMDRlOTY0ZTM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fng
MA0GCSqGSIb3DQEBCwUAA4IBAQBJedzynISqWeRBQAqNch+4T5eLwa/hzVaDD0FS
Yr9grbwSe/Z6WGP0sPhMWq1h4urYNwSbCKml2EEjRcBdT7JsFGPjeMbjO5/dm4eb
DhA/eBKralIZVnhhWYpYr4TmnOZJEK2+6tVtsnN2dO5njTFW2FouD/ZIGYIK05ua
r8lRDyYqCO65UekFWMFNmkxMLh+XJh+3TQplqB8Mjfa190C0yDr1+bk1up871OeJ
Ki672jyyI9UROmNN1nhwXIq7F00QIgukphHBazNIDscGZPFz2aSI5I41IXKYgg4V
6Sa6JiHPd/ZK5KUUz/6HJo6383XvKWJwULMOjAHAnrM2TL2I
-----END CERTIFICATE-----