Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
File:                     8553b3da-6a47-43ee-87d3-5259a23c371b.roa (raw, json)
Hash identifier:          iNRVSbw7reNOufh8Z7sQdKiib064j0NeFY29AvqOCMU=
Subject key identifier:   12:32:3A:70:14:61:FB:6C:22:1E:DF:FD:F2:D2:51:08:4F:79:D8:5E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0F6B22BEF49510C6ECC9D4A57034283AE1CD45C6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d071:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:6b:22:be:f4:95:10:c6:ec:c9:d4:a5:70:34:28:3a:e1:cd:45:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:56:c5:34:0f:ca:16:67:7e:32:49:82:2c:48:
                    b9:79:f8:e0:d9:07:24:3b:c7:2b:13:44:62:3c:1b:
                    c6:8e:4f:28:97:f2:f1:9c:f7:d2:d4:ee:05:43:53:
                    4e:44:2f:b7:9f:bf:58:04:0a:39:b9:65:45:d6:47:
                    76:d5:cd:a4:cd:0e:92:19:ed:5f:3d:d8:48:4e:b7:
                    18:1f:22:9e:25:4d:90:5a:06:21:cc:be:c9:92:50:
                    51:03:7d:c0:d7:bd:68:17:2d:e5:af:eb:9a:68:a9:
                    8e:8a:4c:50:df:da:cf:2f:94:92:17:65:f4:61:48:
                    ce:a6:a1:5f:04:2d:af:cb:3c:71:4e:81:2f:9e:9b:
                    51:ca:7a:77:7f:20:e7:b6:8a:01:7b:1b:62:28:54:
                    1e:e7:34:46:f6:18:66:70:fc:ba:7b:2d:d0:f5:73:
                    32:3e:c3:5c:78:ac:6c:eb:6e:5c:d1:e1:eb:5f:e6:
                    1f:8b:2e:b6:09:f2:33:fa:af:3c:84:26:cf:bc:d0:
                    cd:13:cd:f4:80:78:a3:3b:9f:e0:4f:c9:61:19:64:
                    5e:54:09:57:de:d8:3c:52:a9:59:64:9f:d4:28:2e:
                    10:55:00:73:54:eb:91:a9:8b:58:b8:86:f8:81:a2:
                    7b:9e:a0:81:87:34:c5:d5:24:83:cd:01:9b:27:47:
                    19:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:32:3A:70:14:61:FB:6C:22:1E:DF:FD:F2:D2:51:08:4F:79:D8:5E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d071:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:52:26:ad:0e:60:70:99:a1:65:aa:00:bf:10:2f:3e:98:ed:
         62:68:9e:31:fb:ed:b1:a6:dd:a1:aa:40:c0:5b:66:cf:73:1e:
         5f:85:f7:d2:29:8f:32:9e:a4:a6:51:e2:9f:d1:2b:83:dd:4c:
         92:2c:78:5f:ef:0e:9f:13:32:6f:0e:82:77:8b:04:86:fa:44:
         2f:01:f3:c5:59:7b:3d:b0:40:0a:18:b5:46:69:a4:a8:ca:ad:
         6f:0e:3a:90:a2:94:3b:dd:2d:be:3e:fc:dd:dd:25:49:1c:aa:
         96:8e:9e:a4:cc:dc:21:7e:01:8e:7e:98:36:7c:c8:e0:43:5a:
         47:40:94:e5:e7:de:3a:d7:2c:41:c9:8d:c4:63:b9:43:d7:44:
         62:4e:a2:d9:23:72:a7:47:8d:e7:c4:28:36:96:b0:33:48:37:
         40:5b:c8:d7:c2:87:60:ae:3d:24:d1:d8:e0:79:6a:e1:20:2e:
         28:e8:07:73:ef:be:38:75:da:26:04:25:a4:ff:7c:7c:5e:36:
         53:6e:8d:03:59:53:93:66:56:ad:63:9a:29:df:63:97:d1:47:
         13:8e:54:be:d8:db:96:7a:20:2c:71:15:19:0c:15:27:07:ea:
         8a:71:21:99:7c:a0:c5:87:7c:51:aa:38:ed:46:6d:8e:ee:c0:
         10:f9:8c:a4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUD2sivvSVEMbsydSlcDQoOuHNRcYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDAxMWUwZjgzMTMxNzE2ZDY3MDBiOWMxOTJmM2IyNGYxNjJkNWM0M2MyMDFm
YTdjOGYzZWIyNmEyMmNlZDBmZjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKtWxTQPyhZnfjJJgixIuXn44NkHJDvHKxNEYjwbxo5PKJfy8Zz30tTuBUNT
TkQvt5+/WAQKObllRdZHdtXNpM0OkhntXz3YSE63GB8iniVNkFoGIcy+yZJQUQN9
wNe9aBct5a/rmmipjopMUN/azy+Ukhdl9GFIzqahXwQtr8s8cU6BL56bUcp6d38g
57aKAXsbYihUHuc0RvYYZnD8unst0PVzMj7DXHisbOtuXNHh61/mH4sutgnyM/qv
PIQmz7zQzRPN9IB4ozuf4E/JYRlkXlQJV97YPFKpWWSf1CguEFUAc1TrkamLWLiG
+IGie56ggYc0xdUkg80BmydHGb0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQSMjpw
FGH7bCIe3/3y0lEIT3nYXjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODU1M2IzZGEtNmE0Ny00M2VlLTg3ZDMtNTI1OWEyM2MzNzFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEg
MA0GCSqGSIb3DQEBCwUAA4IBAQA5UiatDmBwmaFlqgC/EC8+mO1iaJ4x++2xpt2h
qkDAW2bPcx5fhffSKY8ynqSmUeKf0SuD3UySLHhf7w6fEzJvDoJ3iwSG+kQvAfPF
WXs9sEAKGLVGaaSoyq1vDjqQopQ73S2+Pvzd3SVJHKqWjp6kzNwhfgGOfpg2fMjg
Q1pHQJTl59461yxByY3EY7lD10RiTqLZI3KnR43nxCg2lrAzSDdAW8jXwodgrj0k
0djgeWrhIC4o6Adz7744ddomBCWk/3x8XjZTbo0DWVOTZlatY5op32OX0UcTjlS+
2NuWeiAscRUZDBUnB+qKcSGZfKDFh3xRqjjtRm2O7sAQ+Yyk
-----END CERTIFICATE-----