Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a039a10b-545b-441d-bef2-b67325de50a1.roa
File:                     a039a10b-545b-441d-bef2-b67325de50a1.roa (raw, json)
Hash identifier:          Yb9uB0wFAfr22qbuRIwqGUrYxlSM0Zlp1FYJbYNEmAk=
Subject key identifier:   1E:19:8C:93:FF:A5:9A:E7:E9:CB:58:B5:49:52:0D:83:38:28:54:87
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3382A54EC006F52377CD43B1993E3614C6A777BC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a039a10b-545b-441d-bef2-b67325de50a1.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:82:a5:4e:c0:06:f5:23:77:cd:43:b1:99:3e:36:14:c6:a7:77:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:62:23:41:a4:eb:78:12:72:43:ef:18:a4:91:
                    b0:4a:2d:9c:ff:ce:18:ad:66:df:c4:2d:2f:ce:69:
                    a6:70:5d:fd:28:6a:23:81:ff:c0:fd:c6:83:22:0f:
                    26:c2:87:81:8f:f3:e8:af:f0:44:37:c7:e3:22:23:
                    a2:96:cf:71:eb:f1:0a:9c:7b:92:b8:b8:dd:3a:f6:
                    23:7d:bb:d1:cc:4d:3f:07:73:7b:7f:eb:60:98:01:
                    a9:65:7a:07:fd:13:06:12:a7:ad:6a:19:3c:6b:03:
                    c7:a2:ca:cf:5c:08:5b:fa:58:23:0d:3a:bf:89:ed:
                    98:3f:76:6e:ae:a3:79:42:b0:9d:51:9a:01:22:f7:
                    20:7f:12:3b:07:eb:e3:87:40:60:c9:d5:95:ee:40:
                    60:e1:ea:7d:cd:2a:5e:f8:29:3d:3d:a4:a9:7a:09:
                    57:7b:62:f5:1e:d8:9a:40:a1:b0:8e:37:ec:2a:63:
                    a5:46:69:cb:d9:f8:e7:a9:ff:c0:74:f2:22:f4:e7:
                    6c:36:d0:b4:1a:f9:42:77:f8:2c:45:f1:b6:5b:c0:
                    9d:45:96:52:b0:33:d0:20:89:27:83:38:54:59:b1:
                    71:e4:f7:14:dc:28:9d:3a:00:49:58:d3:55:10:cf:
                    b1:bc:10:28:55:30:47:6d:36:0a:fd:91:c4:a3:72:
                    62:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:19:8C:93:FF:A5:9A:E7:E9:CB:58:B5:49:52:0D:83:38:28:54:87
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a039a10b-545b-441d-bef2-b67325de50a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9d:d7:49:55:d0:88:55:e1:6f:72:60:5e:68:68:e9:8c:c2:a1:
         3f:b6:e5:9b:7f:76:44:a6:66:f2:53:b3:41:98:cc:ec:e0:41:
         2c:db:5f:35:f3:0e:7b:86:a1:c9:ec:b9:0d:a6:b1:65:73:88:
         23:dd:5e:42:6b:14:75:ac:b4:e0:9f:a0:ac:98:a9:ab:ac:de:
         74:03:2f:95:f4:01:e4:61:3b:51:77:51:4a:e8:34:8f:1e:e3:
         ba:eb:03:90:b4:b4:e1:db:26:91:81:22:e8:ad:a5:ae:85:b0:
         15:b8:83:84:f6:01:7a:94:1c:8a:44:0b:44:78:b1:0b:6f:48:
         ce:b7:ff:5b:4b:3c:b0:0c:b2:e3:b7:93:76:01:54:f7:29:57:
         9c:db:0e:53:7c:21:7c:ef:68:db:8f:f8:8d:57:69:2d:d4:ad:
         d8:74:70:85:65:3b:ca:37:9f:3c:c2:86:3c:f1:d5:1f:6f:9b:
         cb:4d:0d:2e:b9:46:31:71:75:bf:50:d5:79:e7:ba:dd:d1:b6:
         1e:bc:7b:ee:be:1c:50:47:a6:ab:3b:b5:07:17:25:d7:15:18:
         be:03:14:79:c1:46:24:18:7d:ee:fa:a3:02:63:77:f3:8d:25:
         02:e7:71:e2:61:c6:ac:ea:69:b8:78:b7:1f:b6:82:87:22:47:
         3f:81:b0:47
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUM4KlTsAG9SN3zUOxmT42FMand7wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiMjc0MTA0MDFjNDU1NzBhOWFhYjI2YzU5NzljNzYzNmQwNjliZjBmNmZm
MTM5ZGRhYmNmNTlmNmQ4MDk2MjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJdiI0Gk63gSckPvGKSRsEotnP/OGK1m38QtL85ppnBd/ShqI4H/wP3GgyIP
JsKHgY/z6K/wRDfH4yIjopbPcevxCpx7kri43Tr2I3270cxNPwdze3/rYJgBqWV6
B/0TBhKnrWoZPGsDx6LKz1wIW/pYIw06v4ntmD92bq6jeUKwnVGaASL3IH8SOwfr
44dAYMnVle5AYOHqfc0qXvgpPT2kqXoJV3ti9R7YmkChsI437CpjpUZpy9n456n/
wHTyIvTnbDbQtBr5Qnf4LEXxtlvAnUWWUrAz0CCJJ4M4VFmxceT3FNwonToASVjT
VRDPsbwQKFUwR202Cv2RxKNyYvsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQeGYyT
/6Wa5+nLWLVJUg2DOChUhzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTAzOWExMGItNTQ1Yi00NDFkLWJlZjItYjY3MzI1ZGU1MGExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBg
MA0GCSqGSIb3DQEBCwUAA4IBAQCd10lV0IhV4W9yYF5oaOmMwqE/tuWbf3ZEpmby
U7NBmMzs4EEs21818w57hqHJ7LkNprFlc4gj3V5CaxR1rLTgn6CsmKmrrN50Ay+V
9AHkYTtRd1FK6DSPHuO66wOQtLTh2yaRgSLoraWuhbAVuIOE9gF6lByKRAtEeLEL
b0jOt/9bSzywDLLjt5N2AVT3KVec2w5TfCF872jbj/iNV2kt1K3YdHCFZTvKN588
woY88dUfb5vLTQ0uuUYxcXW/UNV557rd0bYevHvuvhxQR6arO7UHFyXXFRi+AxR5
wUYkGH3u+qMCY3fzjSUC53HiYcas6mm4eLcftoKHIkc/gbBH
-----END CERTIFICATE-----