Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/abbeedab-21fb-4993-b3ce-b753ba293d00.roa
File:                     abbeedab-21fb-4993-b3ce-b753ba293d00.roa (raw, json)
Hash identifier:          UIN5Gbcre57sbyhdvwYh9vzei//bO4T9Uze2gwyTsPQ=
Subject key identifier:   46:FC:C3:51:C6:A0:38:5E:E9:58:5B:43:46:7A:63:43:47:4B:E9:36
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1D6BA16A0D0D2EEDF27A5A440B8C083348B83CC6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/abbeedab-21fb-4993-b3ce-b753ba293d00.roa
Signing time:             Wed 05 Mar 2025 17:21:13 +0000
ROA not before:           Wed 05 Mar 2025 17:21:13 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:6b:a1:6a:0d:0d:2e:ed:f2:7a:5a:44:0b:8c:08:33:48:b8:3c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:21:13 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:de:de:42:68:6a:78:57:74:df:ce:71:1d:93:
                    ea:44:7f:3a:33:da:86:62:e7:c4:c3:41:fb:8b:3d:
                    ec:e8:a7:d1:4f:23:f6:02:6e:c4:15:ed:e7:73:4c:
                    e3:bf:ff:7d:37:53:3c:32:e5:b8:1e:16:f7:4d:e3:
                    3b:72:ca:4e:78:f1:bf:01:dc:b9:cd:3f:af:4c:9d:
                    dd:11:f1:48:44:7b:a1:e6:b8:e7:82:23:c2:91:0d:
                    ea:05:9c:ad:09:2d:73:4f:54:07:53:4a:0e:e3:5e:
                    ef:b6:dc:e7:61:11:d8:99:18:79:4e:5c:93:3a:52:
                    6b:58:65:41:b2:06:6f:d2:dd:a9:c7:20:9a:b9:51:
                    4e:d1:d5:6c:06:1a:72:bc:39:f5:c5:46:26:53:c3:
                    44:42:50:43:97:83:c1:7e:79:06:4a:95:ce:3c:b1:
                    1b:dc:92:8d:9b:ff:66:34:93:4f:af:18:a9:3c:e5:
                    64:3c:de:9b:0c:3b:d5:e9:52:67:af:82:ac:96:8a:
                    c0:30:df:27:74:3d:d0:88:d9:b7:a3:7d:18:0d:d9:
                    ba:02:32:56:cb:76:79:44:5e:ad:2b:23:40:a2:a2:
                    2c:14:44:6a:6b:59:a9:20:f7:cb:17:0a:8c:3c:4a:
                    42:3b:1d:f8:a8:49:9a:d6:c8:9c:e5:98:3c:44:9d:
                    62:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:FC:C3:51:C6:A0:38:5E:E9:58:5B:43:46:7A:63:43:47:4B:E9:36
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/abbeedab-21fb-4993-b3ce-b753ba293d00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         54:a7:96:f0:78:a8:54:e0:ba:bc:3c:f5:06:25:b2:e0:70:d2:
         4a:7a:40:a4:c5:f2:21:bc:75:02:21:e4:46:7e:0f:cc:17:54:
         da:07:d5:60:86:a8:64:47:1f:e6:47:c0:c3:ae:9a:dd:93:7b:
         1f:f4:dc:0e:e4:0e:e6:79:cf:94:36:93:4a:07:fd:f5:77:a1:
         88:f5:ba:ca:7d:72:e6:b7:58:38:03:93:5d:78:d3:0f:f5:30:
         e9:51:92:2f:c1:5c:e1:13:84:00:fd:7b:21:7c:7a:e3:23:34:
         fb:e3:d6:20:c6:8a:09:38:38:12:15:3b:6b:de:58:26:47:7f:
         e2:29:3d:57:25:e5:7c:69:a2:5a:42:9f:c0:16:fd:17:91:7a:
         72:76:d6:b6:c7:88:13:93:e5:dd:58:ef:7b:25:d7:1a:38:89:
         3d:c0:95:5e:f5:e3:c9:46:dc:ef:66:c0:be:b7:b2:a6:7c:59:
         f3:83:99:d0:24:c5:0c:9e:6a:16:e3:97:32:ae:00:c2:87:46:
         a7:ac:e0:c8:de:01:94:8d:6d:8d:62:98:39:b3:a4:aa:d4:d8:
         7c:a1:cf:43:20:d3:7c:2e:48:39:a4:69:a6:ab:75:56:52:99:
         38:9b:5b:40:71:95:07:01:24:60:39:41:87:65:1d:ed:16:6a:
         df:d6:5e:78
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHWuhag0NLu3yelpEC4wIM0i4PMYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzIxMTNaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGZhZmM2MGExNjA4ZmJjMTZkN2I5ZjA1NjkxZWZiZGM3Yjg4MWE1M2EzM2Uy
YTE1NTdkOTliYjQ3MjVlZTBlZmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALXe3kJoanhXdN/OcR2T6kR/OjPahmLnxMNB+4s97Oin0U8j9gJuxBXt53NM
47//fTdTPDLluB4W903jO3LKTnjxvwHcuc0/r0yd3RHxSER7oea454IjwpEN6gWc
rQktc09UB1NKDuNe77bc52ER2JkYeU5ckzpSa1hlQbIGb9LdqccgmrlRTtHVbAYa
crw59cVGJlPDREJQQ5eDwX55BkqVzjyxG9ySjZv/ZjSTT68YqTzlZDzemww71elS
Z6+CrJaKwDDfJ3Q90IjZt6N9GA3ZugIyVst2eURerSsjQKKiLBREamtZqSD3yxcK
jDxKQjsd+KhJmtbInOWYPESdYpkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRG/MNR
xqA4XulYW0NGemNDR0vpNjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWJiZWVkYWItMjFmYi00OTkzLWIzY2UtYjc1M2JhMjkzZDAwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FDg
MA0GCSqGSIb3DQEBCwUAA4IBAQBUp5bweKhU4Lq8PPUGJbLgcNJKekCkxfIhvHUC
IeRGfg/MF1TaB9VghqhkRx/mR8DDrprdk3sf9NwO5A7mec+UNpNKB/31d6GI9brK
fXLmt1g4A5NdeNMP9TDpUZIvwVzhE4QA/XshfHrjIzT749YgxooJODgSFTtr3lgm
R3/iKT1XJeV8aaJaQp/AFv0XkXpydta2x4gTk+XdWO97JdcaOIk9wJVe9ePJRtzv
ZsC+t7KmfFnzg5nQJMUMnmoW45cyrgDCh0anrODI3gGUjW2NYpg5s6Sq1Nh8oc9D
INN8Lkg5pGmmq3VWUpk4m1tAcZUHASRgOUGHZR3tFmrf1l54
-----END CERTIFICATE-----