Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a626735f-cb4b-4dff-992e-95390a4e2eea.roa
File:                     a626735f-cb4b-4dff-992e-95390a4e2eea.roa (raw, json)
Hash identifier:          f5iLqUduJ7LxfqcYXzTvxVQoX5/YkxPk5+F7W/gKDho=
Subject key identifier:   8D:B5:7C:F0:60:F9:A7:D1:0B:09:DF:00:B4:CA:E1:F3:E7:A8:6C:BA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       54B5B70B3FD40ED57B1AE5DB1261AF0D4A75778B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a626735f-cb4b-4dff-992e-95390a4e2eea.roa
Signing time:             Mon 10 Feb 2025 00:00:00 +0000
ROA not before:           Mon 10 Feb 2025 00:00:00 +0000
ROA not after:            Mon 17 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:b5:b7:0b:3f:d4:0e:d5:7b:1a:e5:db:12:61:af:0d:4a:75:77:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb 10 00:00:00 2025 GMT
            Not After : Mar 17 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:93:85:6f:46:7f:82:e1:2a:ec:59:80:1f:15:
                    4f:5e:90:87:e4:76:04:21:5f:1a:6d:53:4c:61:aa:
                    8f:4c:7e:cf:82:18:35:45:da:ac:94:bc:7e:3a:22:
                    ca:15:8c:5f:6e:54:1a:ec:34:db:91:5d:98:7e:3f:
                    c2:37:8a:e2:42:62:1b:c0:99:3e:23:25:5a:2f:5d:
                    d7:40:4c:a0:a9:13:66:99:c5:a8:47:ec:29:89:3c:
                    35:e7:c5:73:37:e9:e1:fb:62:0a:9b:20:25:8b:38:
                    bd:92:68:3e:1c:49:91:e5:dc:62:bd:4b:5e:92:1c:
                    93:5a:c6:25:9d:30:0f:dc:dd:31:8f:d3:f7:5a:b1:
                    0d:a2:03:c3:df:9f:eb:0b:ec:c3:ed:9d:8b:f4:4a:
                    f2:43:9c:27:8c:de:f6:ec:76:22:6b:32:d9:af:46:
                    0c:92:ac:aa:ca:94:1b:c5:c4:05:de:fb:c4:03:15:
                    fc:6a:77:a2:75:dc:01:77:99:40:77:26:6b:9c:40:
                    83:60:30:99:b6:68:7f:92:a2:53:41:16:11:a7:ef:
                    3d:a6:b6:2e:37:92:6e:42:3f:34:f8:f1:c1:d8:23:
                    32:9c:78:91:62:6c:92:d4:85:75:b9:87:a3:07:98:
                    95:44:45:3c:92:56:1e:08:c8:80:41:90:d3:39:a8:
                    d4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:B5:7C:F0:60:F9:A7:D1:0B:09:DF:00:B4:CA:E1:F3:E7:A8:6C:BA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a626735f-cb4b-4dff-992e-95390a4e2eea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:62:7f:de:9c:eb:ad:50:8c:e5:e7:2c:6d:30:48:f1:ba:9a:
         57:49:5e:45:73:26:cc:84:31:98:fe:57:02:d2:97:03:b5:b7:
         d9:32:9b:0f:83:55:00:cb:74:24:3b:1f:80:e7:d3:e9:4e:ee:
         22:c5:23:eb:16:dc:c7:24:c1:76:38:c8:35:7e:94:a4:08:83:
         b4:b1:21:0f:6a:85:30:54:e4:0f:b2:db:32:34:46:70:2c:95:
         1b:82:b1:20:2b:0c:68:1f:72:80:e3:04:d5:7c:37:29:e3:89:
         53:14:3b:c3:69:a2:01:ae:6c:e7:e4:6e:01:f5:db:8b:f3:48:
         34:54:a0:6b:7a:67:ce:cb:14:fb:a7:8a:64:26:c6:e7:01:52:
         b7:f8:0e:51:ea:54:09:56:52:bb:c3:15:b7:fe:17:9f:66:7e:
         4e:22:c4:3c:79:17:c4:70:a8:cd:66:a3:2a:c8:f2:8f:94:b1:
         21:e3:21:54:44:3f:ad:95:a0:0c:01:de:26:31:7b:f4:43:a6:
         b8:fc:72:bc:24:22:86:44:b0:e5:52:f2:f0:87:f2:38:f1:98:
         99:5e:23:f5:8b:1b:75:0d:c6:46:2a:51:e3:01:a4:d8:06:63:
         ca:cf:4c:8a:1e:83:c1:31:56:31:69:14:79:65:3c:26:d2:a4:
         ba:c7:76:92
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVLW3Cz/UDtV7GuXbEmGvDUp1d4swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMTAwMDAwMDBaFw0yNTAzMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDZlZTI2MjlmOTcwNzZkNTNlNDY4Zjc5YTAxNTExZjNkZjA2MjdkNDU2MGIy
MGYzZDZmMjgyZTAxZDMzMGUyMDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALCThW9Gf4LhKuxZgB8VT16Qh+R2BCFfGm1TTGGqj0x+z4IYNUXarJS8fjoi
yhWMX25UGuw025FdmH4/wjeK4kJiG8CZPiMlWi9d10BMoKkTZpnFqEfsKYk8NefF
czfp4ftiCpsgJYs4vZJoPhxJkeXcYr1LXpIck1rGJZ0wD9zdMY/T91qxDaIDw9+f
6wvsw+2di/RK8kOcJ4ze9ux2Imsy2a9GDJKsqsqUG8XEBd77xAMV/Gp3onXcAXeZ
QHcma5xAg2AwmbZof5KiU0EWEafvPaa2LjeSbkI/NPjxwdgjMpx4kWJsktSFdbmH
oweYlURFPJJWHgjIgEGQ0zmo1CUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSNtXzw
YPmn0QsJ3wC0yuHz56hsujAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTYyNjczNWYtY2I0Yi00ZGZmLTk5MmUtOTUzOTBhNGUyZWVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fkg
MA0GCSqGSIb3DQEBCwUAA4IBAQB2Yn/enOutUIzl5yxtMEjxuppXSV5FcybMhDGY
/lcC0pcDtbfZMpsPg1UAy3QkOx+A59PpTu4ixSPrFtzHJMF2OMg1fpSkCIO0sSEP
aoUwVOQPstsyNEZwLJUbgrEgKwxoH3KA4wTVfDcp44lTFDvDaaIBrmzn5G4B9duL
80g0VKBremfOyxT7p4pkJsbnAVK3+A5R6lQJVlK7wxW3/hefZn5OIsQ8eRfEcKjN
ZqMqyPKPlLEh4yFURD+tlaAMAd4mMXv0Q6a4/HK8JCKGRLDlUvLwh/I48ZiZXiP1
ixt1DcZGKlHjAaTYBmPKz0yKHoPBMVYxaRR5ZTwm0qS6x3aS
-----END CERTIFICATE-----