Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
File:                     8a06e909-5227-47d9-a58c-be623a2a4cad.roa (raw, json)
Hash identifier:          BV2R+4mpemCbfR0/oURvedsYhNWpO+uvyDAMkam1opk=
Subject key identifier:   FC:A0:7A:97:5F:19:B4:D1:85:A4:10:13:C9:E4:D5:CA:03:5B:ED:4C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4B5BE0057A2D7819203827CE09EAF4AABEDD75CB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:5b:e0:05:7a:2d:78:19:20:38:27:ce:09:ea:f4:aa:be:dd:75:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:85:34:1c:98:fd:3d:24:d1:79:43:af:02:a8:
                    35:a6:94:1d:6c:2d:62:ca:20:4e:9f:e2:1f:d4:10:
                    56:a7:ab:d3:4e:98:5a:63:5d:6f:27:a0:33:3c:e6:
                    29:eb:f7:3a:67:7d:4c:13:31:6f:1c:2a:0f:b0:58:
                    5d:77:57:bc:10:b1:a5:cf:61:5e:2f:c0:13:29:92:
                    47:f8:8a:b9:12:bb:dd:f7:1e:63:22:8b:68:57:60:
                    06:ff:ad:1e:ad:7c:cd:a6:d8:4a:58:dc:ea:ad:16:
                    b5:35:e7:c2:ef:1c:4c:29:44:6b:2b:ca:4b:bb:54:
                    32:43:24:c7:74:f6:d2:71:a8:c2:8e:87:be:0e:c7:
                    fb:94:ee:42:09:03:5f:5f:72:e0:e1:24:1b:60:6f:
                    69:4d:89:b9:6f:8a:df:1d:06:db:10:1c:6f:c0:77:
                    44:83:bb:bd:d3:57:a3:ad:f9:09:6a:7d:c8:b5:30:
                    25:1b:88:41:44:c5:30:30:0d:d5:db:43:43:69:13:
                    ba:c9:0a:1a:37:e2:76:6f:28:0e:6a:48:37:83:e6:
                    be:bf:33:a1:f2:6e:a2:e5:26:81:75:4c:ad:da:83:
                    67:22:52:18:15:62:93:04:0d:64:a8:7e:20:69:f5:
                    c8:5f:be:0a:9a:86:ec:4e:eb:8f:33:83:c0:1f:32:
                    63:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A0:7A:97:5F:19:B4:D1:85:A4:10:13:C9:E4:D5:CA:03:5B:ED:4C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:11:0f:fd:70:2e:f8:9e:68:9c:21:39:30:f2:77:65:31:a6:
         ba:ab:7a:a8:64:31:58:eb:88:15:c7:d3:a7:f6:e0:d9:ab:2b:
         40:cd:97:3a:49:87:75:6a:c2:33:2c:fb:1b:80:d9:6e:e7:ab:
         0f:10:a7:d4:8e:46:e1:d0:dc:d4:88:37:52:93:c9:7a:b4:a6:
         58:69:69:1c:f4:85:ff:8c:d8:81:4e:82:24:76:1f:b9:9e:1f:
         02:68:14:b4:42:c1:f8:67:b4:26:74:de:0b:14:f9:17:b1:0c:
         60:90:4a:6a:cb:e9:3c:99:6e:1e:a5:61:97:fe:32:cc:d1:61:
         c6:cb:71:c4:97:6d:3a:05:be:0e:06:47:e3:df:40:b1:3f:7a:
         65:9c:42:09:94:34:a1:85:ce:e1:91:26:59:7f:dd:ab:ce:e0:
         c2:00:64:05:bd:c5:23:a1:72:4a:de:51:95:0e:9c:ec:14:2f:
         ef:bc:b6:bc:5a:ed:0e:83:60:20:3e:f6:6b:e1:df:fd:08:a5:
         f4:f2:5f:ee:46:6e:10:65:9b:3d:e4:c3:54:3f:b2:44:1f:3c:
         71:64:d8:2e:ff:df:ec:f0:9b:05:0c:0f:bb:df:99:10:cd:79:
         db:8e:87:c2:8b:e8:60:cf:45:ab:d7:a5:e0:40:48:3c:88:a0:
         22:c5:fa:5f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUS1vgBXoteBkgOCfOCer0qr7ddcswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiYzgyZjAyNGFhYzNhMmQ3MThhYTlhOWYyNjY3OTBkZTVlMTU1Zjc5YmY4
OThmNDBkNjE2YmE2OGZhNzIzZTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMyFNByY/T0k0XlDrwKoNaaUHWwtYsogTp/iH9QQVqer006YWmNdbyegMzzm
Kev3Omd9TBMxbxwqD7BYXXdXvBCxpc9hXi/AEymSR/iKuRK73fceYyKLaFdgBv+t
Hq18zabYSljc6q0WtTXnwu8cTClEayvKS7tUMkMkx3T20nGowo6Hvg7H+5TuQgkD
X19y4OEkG2BvaU2JuW+K3x0G2xAcb8B3RIO7vdNXo635CWp9yLUwJRuIQUTFMDAN
1dtDQ2kTuskKGjfidm8oDmpIN4Pmvr8zofJuouUmgXVMrdqDZyJSGBVikwQNZKh+
IGn1yF++CpqG7E7rjzODwB8yYz8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT8oHqX
Xxm00YWkEBPJ5NXKA1vtTDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGEwNmU5MDktNTIyNy00N2Q5LWE1OGMtYmU2MjNhMmE0Y2FkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FhA
MA0GCSqGSIb3DQEBCwUAA4IBAQCLEQ/9cC74nmicITkw8ndlMaa6q3qoZDFY64gV
x9On9uDZqytAzZc6SYd1asIzLPsbgNlu56sPEKfUjkbh0NzUiDdSk8l6tKZYaWkc
9IX/jNiBToIkdh+5nh8CaBS0QsH4Z7QmdN4LFPkXsQxgkEpqy+k8mW4epWGX/jLM
0WHGy3HEl206Bb4OBkfj30CxP3plnEIJlDShhc7hkSZZf92rzuDCAGQFvcUjoXJK
3lGVDpzsFC/vvLa8Wu0Og2AgPvZr4d/9CKX08l/uRm4QZZs95MNUP7JEHzxxZNgu
/9/s8JsFDA+735kQzXnbjofCi+hgz0Wr16XgQEg8iKAixfpf
-----END CERTIFICATE-----