Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/abbeedab-21fb-4993-b3ce-b753ba293d00.roa
File:                     abbeedab-21fb-4993-b3ce-b753ba293d00.roa (raw, json)
Hash identifier:          dvAffx3A2Etyusth2V0WZtqMQvTAzFzuCffT/KMqnVY=
Subject key identifier:   21:88:4C:10:2B:46:99:32:6C:CE:AB:D2:02:3E:F3:9C:2F:20:AA:8A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       44E20C0B53E063B8D4B1C9927B56658963D939F3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/abbeedab-21fb-4993-b3ce-b753ba293d00.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:e2:0c:0b:53:e0:63:b8:d4:b1:c9:92:7b:56:65:89:63:d9:39:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c8:41:97:06:31:f5:cf:31:08:0e:d9:94:0e:
                    2c:e9:9f:ba:c4:bf:bf:0e:e2:9f:ae:79:a0:77:a0:
                    f9:ed:9a:2c:bb:08:9d:17:2b:c9:f0:5d:f5:e5:7f:
                    08:1b:0d:79:e6:dc:73:e8:1a:d1:be:77:c0:28:45:
                    2b:82:39:b1:8b:69:bc:89:41:e4:e1:3d:d0:85:ec:
                    02:ef:f3:ff:32:fa:b6:dd:f2:1e:ed:57:c3:fe:6c:
                    2d:be:5e:93:34:0d:23:d8:50:7b:f2:88:bd:f9:71:
                    cb:9f:a0:ff:d4:3d:5e:b2:49:90:16:2d:09:d8:40:
                    77:b9:e2:9f:d9:32:8d:0b:b4:0c:f6:d8:79:a8:cf:
                    44:10:4e:ad:4c:05:a0:ce:85:30:e3:09:f3:b2:7b:
                    29:6e:ae:93:99:f9:e4:f1:7f:2b:71:97:f7:ad:7f:
                    ce:cd:3f:8d:10:df:ff:9a:29:aa:14:54:30:6c:25:
                    3f:a9:00:40:3d:ee:2d:77:03:09:78:60:75:cd:a0:
                    8e:4c:a1:74:04:b6:d6:4a:7b:7c:1b:41:6d:5f:fa:
                    4f:5f:0e:01:cf:36:8b:82:e2:28:58:c3:03:5c:4e:
                    58:39:83:42:da:58:4a:a7:fe:48:ae:d3:e5:d6:21:
                    39:26:c8:af:70:15:ef:3f:5f:24:37:a0:18:38:c0:
                    40:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:88:4C:10:2B:46:99:32:6C:CE:AB:D2:02:3E:F3:9C:2F:20:AA:8A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/abbeedab-21fb-4993-b3ce-b753ba293d00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5f:2a:f5:54:f4:30:c5:06:4a:82:b4:bc:54:77:01:62:1f:1f:
         6a:a2:ec:35:47:f7:92:b3:a3:49:d2:f5:1d:9c:05:b4:ef:51:
         aa:bb:40:d0:ce:c5:14:d4:82:5b:94:2d:54:e0:61:18:5c:53:
         a5:a6:31:92:41:73:80:99:1c:05:41:38:86:5b:47:0d:59:55:
         a8:8e:ba:0a:98:a8:71:c6:6d:ae:e1:b8:41:46:a0:82:b3:8c:
         af:4d:09:33:c7:3a:6b:3a:84:26:15:4e:2a:6f:bc:dd:3e:97:
         15:a6:28:d3:c6:a0:9d:84:ec:06:54:67:76:32:f3:0d:f6:f8:
         ca:67:ae:4e:ff:40:24:c7:4a:4e:7d:a9:9c:c7:2a:a8:31:37:
         ab:6b:ac:d7:23:e6:9d:dd:39:df:50:d4:aa:59:79:3f:4a:fb:
         51:41:05:3b:fd:7b:41:aa:d1:78:97:74:14:a4:4f:9b:cf:d9:
         55:67:2a:74:c3:4b:33:ad:f3:17:e5:58:b4:0b:76:bc:6e:4b:
         f2:15:a6:df:a5:fc:ae:09:81:32:35:8c:c0:b5:7e:31:30:1d:
         39:a0:e3:1f:04:86:00:d8:17:db:89:ce:a5:70:27:77:0d:df:
         b1:a7:1e:e2:a9:93:b2:af:00:46:2e:3e:46:b5:b6:0d:5a:99:
         e4:83:e4:db
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUROIMC1PgY7jUscmSe1ZliWPZOfMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlZTc2NWMwNjhlMjFkYjVkYWQyMWY1ZjFlMzkwYzViZjUxOWRlMTIyOTBj
NjExMmIzNzE2MzFkYTRjYTZjMDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJTIQZcGMfXPMQgO2ZQOLOmfusS/vw7in655oHeg+e2aLLsInRcryfBd9eV/
CBsNeebcc+ga0b53wChFK4I5sYtpvIlB5OE90IXsAu/z/zL6tt3yHu1Xw/5sLb5e
kzQNI9hQe/KIvflxy5+g/9Q9XrJJkBYtCdhAd7nin9kyjQu0DPbYeajPRBBOrUwF
oM6FMOMJ87J7KW6uk5n55PF/K3GX961/zs0/jRDf/5opqhRUMGwlP6kAQD3uLXcD
CXhgdc2gjkyhdAS21kp7fBtBbV/6T18OAc82i4LiKFjDA1xOWDmDQtpYSqf+SK7T
5dYhOSbIr3AV7z9fJDegGDjAQOECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQhiEwQ
K0aZMmzOq9ICPvOcLyCqijAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWJiZWVkYWItMjFmYi00OTkzLWIzY2UtYjc1M2JhMjkzZDAwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FDg
MA0GCSqGSIb3DQEBCwUAA4IBAQBfKvVU9DDFBkqCtLxUdwFiHx9qouw1R/eSs6NJ
0vUdnAW071Gqu0DQzsUU1IJblC1U4GEYXFOlpjGSQXOAmRwFQTiGW0cNWVWojroK
mKhxxm2u4bhBRqCCs4yvTQkzxzprOoQmFU4qb7zdPpcVpijTxqCdhOwGVGd2MvMN
9vjKZ65O/0Akx0pOfamcxyqoMTera6zXI+ad3TnfUNSqWXk/SvtRQQU7/XtBqtF4
l3QUpE+bz9lVZyp0w0szrfMX5Vi0C3a8bkvyFabfpfyuCYEyNYzAtX4xMB05oOMf
BIYA2Bfbic6lcCd3Dd+xpx7iqZOyrwBGLj5GtbYNWpnkg+Tb
-----END CERTIFICATE-----