Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
File:                     90bd72ba-b30d-4433-a47e-e0543a4ea451.roa (raw, json)
Hash identifier:          JAC5w55Y1mz1EBfPp0A9fEvpzi2noUVnosnXETNpGF8=
Subject key identifier:   BF:CE:4B:05:46:EB:93:CF:2B:84:4E:CB:E6:AD:B0:DC:C1:EE:31:A7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6FD293E7ED4CAF367B08DE1B1C7F3325F53F2E60
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:d2:93:e7:ed:4c:af:36:7b:08:de:1b:1c:7f:33:25:f5:3f:2e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bd:ef:5e:d5:37:8f:03:1a:f5:b3:30:04:17:
                    62:fb:ec:e5:96:4f:70:6b:45:a0:88:6a:4c:1b:0c:
                    90:c5:a6:ca:e0:45:eb:28:b9:5e:a9:40:8a:ce:b6:
                    50:9d:ad:e5:3b:9b:16:22:65:18:4b:27:5e:d3:22:
                    db:ab:45:4f:00:aa:ff:44:e5:c6:dc:16:a8:72:e9:
                    67:f6:a8:1a:06:73:91:28:5c:19:94:79:e3:1e:ec:
                    be:70:23:8a:98:64:a2:37:bc:69:1e:17:90:c9:8b:
                    27:a1:0a:6c:e3:59:44:aa:63:c2:54:2c:9b:9b:0b:
                    f7:a9:8c:d1:b9:28:fe:b2:5b:2f:d5:10:8c:73:1a:
                    5d:f9:d3:e4:f0:04:2a:16:6b:2f:4d:37:3b:8e:1e:
                    d2:eb:0f:4b:35:d3:cf:33:d6:47:11:0e:24:99:d4:
                    c8:24:2d:b1:c9:36:75:45:a7:06:b5:6b:b6:a5:61:
                    67:25:40:cf:20:38:59:8b:df:44:24:49:ca:35:8c:
                    c6:23:d1:2b:5f:6b:20:5f:60:a7:f8:28:9f:03:6b:
                    d9:a3:bb:0e:7e:d3:c3:63:29:5c:3f:c0:cc:a4:70:
                    46:bc:08:c7:2d:05:5c:49:aa:93:bc:4e:d2:de:d9:
                    ac:e8:90:50:5e:a3:a7:71:b8:ba:3a:86:ec:6e:be:
                    8f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:CE:4B:05:46:EB:93:CF:2B:84:4E:CB:E6:AD:B0:DC:C1:EE:31:A7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ab:a6:c1:dd:3c:e6:08:5f:2c:d3:13:9b:41:d2:d2:34:ef:8e:
         4f:3d:bb:ff:dd:12:71:33:25:b0:19:e6:2a:10:91:ed:16:6b:
         10:95:57:88:96:d0:08:4b:a4:f7:20:33:30:79:93:97:71:ef:
         9d:8f:07:b3:48:20:e2:a7:44:4c:4c:bb:2d:43:d3:83:f6:b5:
         80:2f:f1:e8:75:af:a9:a9:38:a3:a1:b3:ae:e8:f4:71:20:cf:
         86:b0:6d:02:6d:db:97:ff:c5:34:c6:e8:fb:65:27:b0:ce:fa:
         a5:05:a3:ea:44:fe:de:11:83:4d:ab:93:8e:d9:3b:7a:80:8a:
         39:77:ff:e7:57:0c:c2:6d:1b:2a:5d:4a:88:e3:26:4c:fc:ff:
         2b:d6:92:e5:e1:28:63:d2:6a:a2:25:38:d2:db:1d:7d:63:ec:
         15:04:49:06:44:66:df:db:9c:5d:65:15:4c:03:2c:c9:a3:29:
         c6:81:de:a0:aa:9d:ce:24:19:0e:f7:76:f6:8d:3f:f5:a5:4f:
         16:44:67:8a:7a:d5:03:8f:6d:89:a5:09:6c:c5:ce:b4:55:ad:
         38:40:dd:f8:15:ae:98:e7:ce:13:87:11:2b:14:db:77:27:4f:
         95:6f:43:1c:9c:8b:31:32:36:5e:0a:85:62:aa:e8:13:48:9e:
         2e:84:3e:c0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUb9KT5+1MrzZ7CN4bHH8zJfU/LmAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDUzYjA4MDgwMTlmOTVjMmQ3MjEyNGUxNTMxYWE1NmQzZjJhZTdmMDAwM2Q0
MzhjNDEzZjdlMjRlNTRhZGFlZWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKS9717VN48DGvWzMAQXYvvs5ZZPcGtFoIhqTBsMkMWmyuBF6yi5XqlAis62
UJ2t5TubFiJlGEsnXtMi26tFTwCq/0TlxtwWqHLpZ/aoGgZzkShcGZR54x7svnAj
iphkoje8aR4XkMmLJ6EKbONZRKpjwlQsm5sL96mM0bko/rJbL9UQjHMaXfnT5PAE
KhZrL003O44e0usPSzXTzzPWRxEOJJnUyCQtsck2dUWnBrVrtqVhZyVAzyA4WYvf
RCRJyjWMxiPRK19rIF9gp/gonwNr2aO7Dn7Tw2MpXD/AzKRwRrwIxy0FXEmqk7xO
0t7ZrOiQUF6jp3G4ujqG7G6+j/MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS/zksF
RuuTzyuETsvmrbDcwe4xpzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTBiZDcyYmEtYjMwZC00NDMzLWE0N2UtZTA1NDNhNGVhNDUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTg
MA0GCSqGSIb3DQEBCwUAA4IBAQCrpsHdPOYIXyzTE5tB0tI0745PPbv/3RJxMyWw
GeYqEJHtFmsQlVeIltAIS6T3IDMweZOXce+djwezSCDip0RMTLstQ9OD9rWAL/Ho
da+pqTijobOu6PRxIM+GsG0CbduX/8U0xuj7ZSewzvqlBaPqRP7eEYNNq5OO2Tt6
gIo5d//nVwzCbRsqXUqI4yZM/P8r1pLl4Shj0mqiJTjS2x19Y+wVBEkGRGbf25xd
ZRVMAyzJoynGgd6gqp3OJBkO93b2jT/1pU8WRGeKetUDj22JpQlsxc60Va04QN34
Fa6Y584ThxErFNt3J0+Vb0McnIsxMjZeCoViqugTSJ4uhD7A
-----END CERTIFICATE-----