Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad2460c-8206-4534-9b9b-355c2d524858.roa
File:                     bad2460c-8206-4534-9b9b-355c2d524858.roa (raw, json)
Hash identifier:          jndxQKjPEDmgSv/cOIUjy2axY/6Ema2GvAHKF5s7D/4=
Subject key identifier:   BA:D2:EC:06:F8:AE:E3:08:63:3E:F2:43:E4:EF:0B:DA:40:35:47:EC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2715BDDACCC0D66F4F65739A0DE830B3CA6727FF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad2460c-8206-4534-9b9b-355c2d524858.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:15:bd:da:cc:c0:d6:6f:4f:65:73:9a:0d:e8:30:b3:ca:67:27:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:37:b4:ab:22:be:ae:dc:88:61:c7:fe:da:37:
                    02:45:60:82:f8:4f:27:d7:b3:48:46:5d:f1:a5:54:
                    31:61:e3:43:c8:9c:88:25:f0:49:15:fd:2e:cd:08:
                    f8:c4:a1:1e:b5:c8:c8:46:bb:c4:5c:72:dc:df:a5:
                    88:5d:42:8a:80:98:8c:ec:d7:3c:ba:46:ef:fd:e4:
                    e7:ad:f0:87:a2:ba:09:01:70:0a:72:45:c7:7b:d1:
                    7f:32:74:2f:9c:f5:6e:98:21:4d:4a:fc:6e:f3:80:
                    e9:3d:52:cd:d0:9a:85:d8:96:fb:c8:7e:48:b3:8d:
                    b8:94:69:b0:16:ae:a7:cd:59:c1:cc:f5:45:fb:99:
                    c8:cf:4f:53:3a:30:74:91:03:b3:b9:74:4a:b6:61:
                    7e:b5:e8:e9:a4:34:55:c6:51:a4:d2:93:5f:f6:8f:
                    7f:69:a2:32:56:10:96:c5:e3:da:7e:33:c9:71:08:
                    de:5d:48:5f:71:2a:13:9c:8f:65:94:df:20:7d:54:
                    c3:28:55:3f:85:c8:a4:e5:66:86:c7:20:59:2b:b7:
                    bf:50:b4:2e:15:78:4b:07:e0:28:14:ac:b7:13:62:
                    ac:7d:a8:34:82:6d:b5:98:26:e5:09:bb:4f:e0:a7:
                    d1:d4:6f:95:2a:0f:32:6d:82:8f:b2:5c:36:39:ef:
                    97:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:D2:EC:06:F8:AE:E3:08:63:3E:F2:43:E4:EF:0B:DA:40:35:47:EC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad2460c-8206-4534-9b9b-355c2d524858.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a7:51:80:69:ba:ca:5b:56:aa:86:7c:b3:3d:a6:32:55:65:ee:
         79:85:e9:20:8a:c8:e8:c6:fa:be:b5:10:0f:c2:bb:cf:0f:c7:
         7b:fc:59:20:37:f5:41:07:33:28:05:54:cf:37:32:a0:a7:fa:
         73:ad:34:9e:83:9f:7e:a3:60:0f:0f:5c:d1:48:18:b3:08:06:
         a8:90:f4:bc:c3:12:62:a0:26:52:ff:4f:e9:f6:2a:d4:6c:3e:
         3d:ad:f3:d0:e0:e1:e0:dc:0c:29:4b:b3:35:55:f0:fc:be:3e:
         ad:06:6e:0f:5c:09:28:6c:ce:cb:6e:84:10:01:f9:91:80:8c:
         4a:aa:6a:2c:b2:a8:7a:51:59:b6:ea:67:7b:dc:91:ce:97:93:
         21:dc:b9:9a:f9:b9:26:4a:c9:d6:87:27:fd:3e:03:c6:4f:7f:
         c5:f7:23:4f:10:9d:85:59:e2:c8:47:b5:f5:e0:38:da:03:a6:
         49:2e:f6:65:58:d5:8a:b4:08:7a:d5:2d:17:82:06:8d:5c:8e:
         65:0f:3a:c5:e3:d4:7c:e9:5a:94:02:db:63:40:61:c7:95:3b:
         a0:91:49:9f:68:56:2d:c9:a6:48:fe:87:04:58:b4:23:c4:6e:
         31:b4:22:bb:92:c1:97:3b:34:7a:58:9a:cc:62:83:b8:ca:61:
         ed:76:8c:2e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJxW92szA1m9PZXOaDegws8pnJ/8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyZDMwMjRhNTM3OTY2MGZlZGJlYmFkYWQ4YmYxNzE1NzdhOTczNDc3NWRi
MTc3MWQ3ZGViNTJlYTlmZGEwMDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMs3tKsivq7ciGHH/to3AkVggvhPJ9ezSEZd8aVUMWHjQ8iciCXwSRX9Ls0I
+MShHrXIyEa7xFxy3N+liF1CioCYjOzXPLpG7/3k563wh6K6CQFwCnJFx3vRfzJ0
L5z1bpghTUr8bvOA6T1SzdCahdiW+8h+SLONuJRpsBaup81Zwcz1RfuZyM9PUzow
dJEDs7l0SrZhfrXo6aQ0VcZRpNKTX/aPf2miMlYQlsXj2n4zyXEI3l1IX3EqE5yP
ZZTfIH1UwyhVP4XIpOVmhscgWSu3v1C0LhV4SwfgKBSstxNirH2oNIJttZgm5Qm7
T+Cn0dRvlSoPMm2Cj7JcNjnvlxECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS60uwG
+K7jCGM+8kPk7wvaQDVH7DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmFkMjQ2MGMtODIwNi00NTM0LTliOWItMzU1YzJkNTI0ODU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H5g
MA0GCSqGSIb3DQEBCwUAA4IBAQCnUYBpuspbVqqGfLM9pjJVZe55hekgisjoxvq+
tRAPwrvPD8d7/FkgN/VBBzMoBVTPNzKgp/pzrTSeg59+o2APD1zRSBizCAaokPS8
wxJioCZS/0/p9irUbD49rfPQ4OHg3AwpS7M1VfD8vj6tBm4PXAkobM7LboQQAfmR
gIxKqmossqh6UVm26md73JHOl5Mh3Lma+bkmSsnWhyf9PgPGT3/F9yNPEJ2FWeLI
R7X14DjaA6ZJLvZlWNWKtAh61S0XggaNXI5lDzrF49R86VqUAttjQGHHlTugkUmf
aFYtyaZI/ocEWLQjxG4xtCK7ksGXOzR6WJrMYoO4ymHtdowu
-----END CERTIFICATE-----