Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e69b1519-f345-43aa-8c6b-cd786ee13404.roa
File:                     e69b1519-f345-43aa-8c6b-cd786ee13404.roa (raw, json)
Hash identifier:          oSnCYZlr1XeNBf3etTtYw6FLPYrvTRKj9SkoDGJVwJ4=
Subject key identifier:   EC:1D:4D:69:B9:B2:EB:2F:41:44:A6:F4:ED:FE:98:87:61:83:0C:6C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0C02410BF29EFB0F03562AA7E377CDB6E888DD2B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e69b1519-f345-43aa-8c6b-cd786ee13404.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:02:41:0b:f2:9e:fb:0f:03:56:2a:a7:e3:77:cd:b6:e8:88:dd:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:ac:c5:17:5a:c3:25:4d:57:10:27:93:55:a3:
                    b0:11:89:84:26:5f:e0:e6:b5:70:56:e9:94:68:dd:
                    d8:98:0f:bb:1d:e9:96:be:ca:c6:07:54:09:c3:45:
                    fb:b9:4d:d3:67:c4:17:42:c0:ce:8e:c4:e6:bd:03:
                    f0:4b:c4:ef:0d:97:ea:b2:8a:35:90:8d:7a:d2:ea:
                    0f:ab:84:c6:3d:a1:46:e8:96:e1:4b:d6:c2:80:c8:
                    f9:15:0e:64:b1:15:ae:7e:1d:fe:c4:4d:ea:7b:39:
                    93:94:13:ba:37:dc:c1:42:14:59:ce:05:08:c3:4c:
                    83:b7:e2:2f:66:94:f9:bf:1a:5c:b0:bb:4e:ea:bf:
                    07:90:8f:8b:2e:42:ed:1b:49:69:1b:86:29:72:af:
                    53:2f:f9:11:ef:af:3a:99:9b:a5:27:f6:60:18:fe:
                    18:ec:86:4a:dd:bb:4b:07:5f:89:3c:a6:fc:f8:33:
                    cf:f9:4d:39:01:ef:b2:36:49:57:0d:70:51:34:9a:
                    fa:a2:01:e7:95:2c:b8:27:40:73:4e:2c:96:c4:21:
                    7b:fd:a6:4d:96:e0:7b:ea:8d:3a:06:db:ae:43:7c:
                    eb:df:74:04:30:5c:de:99:58:b2:62:7c:91:51:6f:
                    96:a2:ac:3f:d6:a1:6d:ab:e4:14:72:11:f9:21:c0:
                    46:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:1D:4D:69:B9:B2:EB:2F:41:44:A6:F4:ED:FE:98:87:61:83:0C:6C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e69b1519-f345-43aa-8c6b-cd786ee13404.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         21:35:e8:32:60:d1:e1:85:06:6d:85:03:d4:0a:37:8d:a7:81:
         8d:86:30:39:63:a7:56:3b:37:ba:a2:aa:d1:02:cf:2e:da:57:
         c3:9f:3c:0c:dc:20:47:10:e6:e6:7a:b2:37:91:c9:20:86:73:
         3d:5f:86:b0:ca:b5:a5:5c:af:7b:96:99:0c:3d:4b:a2:bb:64:
         3f:d7:f2:f3:bd:3d:a3:ef:84:b8:4e:20:6f:a4:1e:57:5e:e3:
         f7:8b:0c:7a:74:3a:a3:e9:b8:ec:34:a9:11:6a:63:76:5b:70:
         b6:7d:7b:bc:b9:22:e7:7b:f1:e0:75:e1:b8:29:16:e6:6d:ac:
         67:21:3b:a0:3f:b7:ea:a6:af:9f:18:ac:ee:d0:66:5b:91:b5:
         ec:ed:8e:56:ad:19:ab:41:aa:10:e5:98:53:f8:d0:61:3a:b3:
         95:d4:95:38:c2:60:bd:9a:81:66:34:64:c6:9a:c4:0d:4c:5b:
         73:73:12:d4:04:82:56:82:db:db:d9:7c:83:16:d2:a2:cc:c1:
         04:1f:4c:db:8a:b8:54:2e:7b:c9:07:f6:5d:60:94:e7:e8:46:
         d1:7c:ac:b5:db:d7:0c:7f:de:97:41:f8:13:e4:f9:73:ec:33:
         c4:f3:8c:64:6f:0e:66:76:24:38:62:30:a1:00:2e:ab:19:8c:
         72:b8:05:5d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDAJBC/Ke+w8DViqn43fNtuiI3SswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGE4NjQ0ZjQ0N2UyODU1YTM3ZTNmZmE4NTcxYjg2MzFjZjkwOWM3NGQ4NTk2
Zjc1ZTkyM2Q4YTQ4MTViNWFiOWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOusxRdawyVNVxAnk1WjsBGJhCZf4Oa1cFbplGjd2JgPux3plr7KxgdUCcNF
+7lN02fEF0LAzo7E5r0D8EvE7w2X6rKKNZCNetLqD6uExj2hRuiW4UvWwoDI+RUO
ZLEVrn4d/sRN6ns5k5QTujfcwUIUWc4FCMNMg7fiL2aU+b8aXLC7Tuq/B5CPiy5C
7RtJaRuGKXKvUy/5Ee+vOpmbpSf2YBj+GOyGSt27SwdfiTym/Pgzz/lNOQHvsjZJ
Vw1wUTSa+qIB55UsuCdAc04slsQhe/2mTZbge+qNOgbbrkN86990BDBc3plYsmJ8
kVFvlqKsP9ahbavkFHIR+SHARgcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTsHU1p
ubLrL0FEpvTt/piHYYMMbDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTY5YjE1MTktZjM0NS00M2FhLThjNmItY2Q3ODZlZTEzNDA0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H5Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAhNegyYNHhhQZthQPUCjeNp4GNhjA5Y6dWOze6
oqrRAs8u2lfDnzwM3CBHEObmerI3kckghnM9X4awyrWlXK97lpkMPUuiu2Q/1/Lz
vT2j74S4TiBvpB5XXuP3iwx6dDqj6bjsNKkRamN2W3C2fXu8uSLne/HgdeG4KRbm
baxnITugP7fqpq+fGKzu0GZbkbXs7Y5WrRmrQaoQ5ZhT+NBhOrOV1JU4wmC9moFm
NGTGmsQNTFtzcxLUBIJWgtvb2XyDFtKizMEEH0zbirhULnvJB/ZdYJTn6EbRfKy1
29cMf96XQfgT5Plz7DPE84xkbw5mdiQ4YjChAC6rGYxyuAVd
-----END CERTIFICATE-----