Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e492412-994d-4c48-a29e-9082ebce3349.roa
File:                     8e492412-994d-4c48-a29e-9082ebce3349.roa (raw, json)
Hash identifier:          t6sdsiAcnewxyNpOUOLwHXgtidLbx0se+HxVDHhy8cI=
Subject key identifier:   E7:63:68:BA:85:93:D5:D5:A7:6E:D6:CC:E3:6D:7E:F4:21:22:11:59
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6B2A745D158835D3AD4E3027F151F2BD89536EC6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e492412-994d-4c48-a29e-9082ebce3349.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07a:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:2a:74:5d:15:88:35:d3:ad:4e:30:27:f1:51:f2:bd:89:53:6e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:dd:1d:b5:93:bc:c3:6f:e5:2e:1e:c0:41:60:
                    c4:07:9e:71:82:5c:f0:5b:2c:16:76:c1:64:5d:ce:
                    6f:e8:fd:81:53:ac:d8:bc:78:92:f7:f4:bb:6a:81:
                    15:ba:1a:17:e0:2e:29:04:e3:bd:d9:82:c4:ab:c2:
                    55:ad:01:0c:16:66:ab:8c:76:0d:dd:e0:a2:f8:76:
                    70:80:d8:46:00:57:ba:00:90:98:ec:71:88:33:33:
                    4d:7f:2d:60:59:06:d0:59:61:44:b2:2c:3e:47:55:
                    43:61:60:14:0c:ac:6a:1e:ed:e7:e5:02:ca:96:7d:
                    e0:6a:91:5e:fa:ca:e3:7d:b8:62:cd:14:a1:46:fe:
                    d7:5c:55:69:26:8d:6f:31:2b:0f:bd:fb:71:f5:ae:
                    92:43:07:7b:05:67:a9:f3:98:33:f7:9d:a3:ba:fb:
                    71:1b:fa:ca:11:44:30:0a:28:c7:a9:e1:6e:dc:e8:
                    65:1a:8e:aa:90:ea:73:c0:a2:30:d9:37:61:7a:fe:
                    d4:26:33:37:60:cc:68:4b:4a:c9:3e:d7:20:28:be:
                    d8:10:50:03:d5:98:12:66:06:5b:5f:4d:90:77:66:
                    07:e7:27:84:74:cf:81:9b:3a:c9:fb:f8:de:e7:56:
                    c4:1c:2d:b0:b7:f7:6e:fd:7d:ee:bd:b6:da:f4:62:
                    05:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:63:68:BA:85:93:D5:D5:A7:6E:D6:CC:E3:6D:7E:F4:21:22:11:59
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e492412-994d-4c48-a29e-9082ebce3349.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07a:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         33:a0:fe:d9:5c:5e:3a:28:99:ee:81:aa:59:35:4c:1f:ef:60:
         d7:6c:37:ed:be:f2:18:60:3b:7f:ee:8d:b3:08:9f:84:fe:69:
         5e:07:c9:f6:5e:78:74:32:af:35:15:94:82:56:a2:80:e5:ce:
         84:c7:f2:4c:1e:26:d0:10:8f:38:9b:ef:bd:3e:39:51:68:76:
         a9:09:7e:05:73:bf:1f:94:4a:fb:7c:bf:25:d3:40:ae:14:3f:
         70:c5:cd:ee:db:88:67:93:e6:49:04:45:fc:43:0b:ee:95:28:
         33:d4:ea:70:ec:05:e3:60:e1:96:ef:72:15:ad:1e:30:97:56:
         1b:a4:64:3a:1f:6c:0b:5f:93:e8:6f:77:b7:ad:48:9b:e6:fe:
         40:47:13:9b:c9:69:07:85:6c:98:2b:1e:be:77:e1:d9:65:f0:
         f1:21:3b:6c:d8:a6:7e:e4:d9:b6:22:9c:c1:29:d6:2e:80:35:
         04:b5:97:96:22:e4:60:3e:3d:61:b7:a6:8f:05:fb:e6:41:80:
         62:e4:71:b3:67:c4:70:1a:98:2f:7f:a9:36:5a:53:0a:13:66:
         a4:98:b5:0b:a7:ca:3a:41:6f:43:a8:d4:19:5a:1f:c5:82:41:
         77:4a:89:fc:bb:eb:e8:bb:e7:e4:d3:d3:7f:e9:3b:64:4a:79:
         1d:7f:96:c6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUayp0XRWINdOtTjAn8VHyvYlTbsYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiYTEwNzRiZGJiMWE1ZmVkZjM2NWYyMmUwNmE1NjZmNzE1NWRmMDBhMjIx
ZGEyZWUxNTQ4MzA0ZjgwMDBhZjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMzdHbWTvMNv5S4ewEFgxAeecYJc8FssFnbBZF3Ob+j9gVOs2Lx4kvf0u2qB
FboaF+AuKQTjvdmCxKvCVa0BDBZmq4x2Dd3govh2cIDYRgBXugCQmOxxiDMzTX8t
YFkG0FlhRLIsPkdVQ2FgFAysah7t5+UCypZ94GqRXvrK4324Ys0UoUb+11xVaSaN
bzErD737cfWukkMHewVnqfOYM/edo7r7cRv6yhFEMAoox6nhbtzoZRqOqpDqc8Ci
MNk3YXr+1CYzN2DMaEtKyT7XICi+2BBQA9WYEmYGW19NkHdmB+cnhHTPgZs6yfv4
3udWxBwtsLf3bv197r222vRiBTsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTnY2i6
hZPV1adu1szjbX70ISIRWTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGU0OTI0MTItOTk0ZC00YzQ4LWEyOWUtOTA4MmViY2UzMzQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HqA
MA0GCSqGSIb3DQEBCwUAA4IBAQAzoP7ZXF46KJnugapZNUwf72DXbDftvvIYYDt/
7o2zCJ+E/mleB8n2Xnh0Mq81FZSCVqKA5c6Ex/JMHibQEI84m++9PjlRaHapCX4F
c78flEr7fL8l00CuFD9wxc3u24hnk+ZJBEX8QwvulSgz1Opw7AXjYOGW73IVrR4w
l1YbpGQ6H2wLX5Pob3e3rUib5v5ARxObyWkHhWyYKx6+d+HZZfDxITts2KZ+5Nm2
IpzBKdYugDUEtZeWIuRgPj1ht6aPBfvmQYBi5HGzZ8RwGpgvf6k2WlMKE2akmLUL
p8o6QW9DqNQZWh/FgkF3Son8u+vou+fk09N/6TtkSnkdf5bG
-----END CERTIFICATE-----