Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/eb69b216-60d5-4f56-b2b8-3401f331f31e.roa
File:                     eb69b216-60d5-4f56-b2b8-3401f331f31e.roa (raw, json)
Hash identifier:          I36kZ4fduEhkkHG5kEhG9cOgIDRb/mjVuMVa/lhhpfs=
Subject key identifier:   D0:8C:F0:0C:3F:EF:0D:27:8B:52:D6:C3:6F:7B:DF:FE:A4:62:DE:8A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3409F9EA41D215875E990F81C95E6A3A052E52D2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/eb69b216-60d5-4f56-b2b8-3401f331f31e.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07a:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:09:f9:ea:41:d2:15:87:5e:99:0f:81:c9:5e:6a:3a:05:2e:52:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f8:36:d4:a4:35:fe:a9:d0:18:b0:57:63:70:
                    ae:0d:f6:84:19:0d:4f:5d:93:24:65:41:48:15:c8:
                    15:8c:eb:d4:39:04:3c:cb:e5:f2:10:ff:ac:ed:03:
                    b1:8a:5c:56:a8:6a:88:c3:49:18:87:74:ee:07:34:
                    15:f6:e0:06:9b:c7:db:29:39:c5:89:b4:3b:41:17:
                    d3:77:55:84:55:fd:ff:72:5e:ed:d2:d3:97:2e:61:
                    8d:5b:e8:a8:34:96:68:79:aa:be:08:02:5b:09:39:
                    ee:0c:43:e4:11:54:43:c8:30:a3:f7:78:e2:8a:89:
                    4b:9c:dc:42:ed:81:53:e1:6c:2d:8b:3f:00:82:79:
                    e9:32:4b:fa:37:c7:31:7f:56:05:50:40:a0:80:62:
                    dc:85:e9:a8:df:01:59:16:b0:2b:bd:78:38:0a:e2:
                    c6:8d:7e:c4:74:af:c4:f1:ed:69:b6:e5:27:36:84:
                    7d:41:ee:34:64:26:a3:28:5c:8d:59:3d:46:3a:ea:
                    72:4c:66:01:90:06:b4:3a:0e:78:8b:53:97:de:78:
                    34:e3:d1:91:0e:49:16:41:38:0a:c6:67:07:62:83:
                    55:14:88:67:c4:66:62:5f:ea:91:18:57:02:31:fb:
                    fe:a9:4a:af:7e:30:8b:f5:9a:26:98:41:50:90:d7:
                    3c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:8C:F0:0C:3F:EF:0D:27:8B:52:D6:C3:6F:7B:DF:FE:A4:62:DE:8A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/eb69b216-60d5-4f56-b2b8-3401f331f31e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07a:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a2:03:19:8c:b9:0d:80:ae:14:75:d8:aa:e5:a9:a7:66:fe:85:
         a4:e1:6d:86:4d:c1:93:92:7f:78:30:a3:f1:4f:f0:6b:8e:cb:
         92:f8:32:6a:5b:a8:97:69:15:ec:a2:9a:2c:f0:6f:7d:3a:24:
         2d:37:c5:17:d1:c0:fe:4c:a1:50:b3:9a:4c:52:6d:27:97:fe:
         09:54:81:77:9d:a6:55:d9:7c:bd:4d:1b:d8:85:6c:d8:cd:d0:
         dd:70:3d:cb:cf:ba:1f:53:16:35:52:83:1e:5b:8a:86:cf:91:
         2b:65:8a:c1:46:38:1a:08:ba:71:80:7a:1e:77:01:fc:6d:97:
         d4:b8:73:0a:e9:ac:98:44:f5:75:ba:e5:e1:cc:48:ad:52:84:
         22:c3:ff:49:38:55:ab:07:b2:1a:82:f5:6e:a8:23:b7:cd:75:
         83:79:f2:9a:c5:c1:67:7f:9e:92:74:6a:91:84:48:4b:e5:0d:
         9d:6e:24:c5:8c:e3:a4:61:55:76:89:e9:49:be:1c:36:f3:45:
         93:54:5f:54:5a:7c:1f:93:e7:c4:a8:bc:55:08:52:f5:5c:e6:
         ac:79:a8:4e:7d:04:f3:01:93:a4:f5:b4:a5:7b:24:c6:7c:1b:
         2f:f7:7f:d0:a3:53:0a:ef:91:dc:fe:a6:5d:81:48:62:e5:3b:
         ab:dc:13:7c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNAn56kHSFYdemQ+ByV5qOgUuUtIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDUzMzg1MDk5MDE1Mjk0ZGQ2OWIyZjNiOTU4NGVjNDU3NmMyNGRmMmJjMWY1
NzY5OGFiOWVmYjQ3NmQxYTBhMDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ34NtSkNf6p0BiwV2Nwrg32hBkNT12TJGVBSBXIFYzr1DkEPMvl8hD/rO0D
sYpcVqhqiMNJGId07gc0FfbgBpvH2yk5xYm0O0EX03dVhFX9/3Je7dLTly5hjVvo
qDSWaHmqvggCWwk57gxD5BFUQ8gwo/d44oqJS5zcQu2BU+FsLYs/AIJ56TJL+jfH
MX9WBVBAoIBi3IXpqN8BWRawK714OArixo1+xHSvxPHtabblJzaEfUHuNGQmoyhc
jVk9RjrqckxmAZAGtDoOeItTl954NOPRkQ5JFkE4CsZnB2KDVRSIZ8RmYl/qkRhX
AjH7/qlKr34wi/WaJphBUJDXPHsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTQjPAM
P+8NJ4tS1sNve9/+pGLeijAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWI2OWIyMTYtNjBkNS00ZjU2LWIyYjgtMzQwMWYzMzFmMzFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HpA
MA0GCSqGSIb3DQEBCwUAA4IBAQCiAxmMuQ2ArhR12Krlqadm/oWk4W2GTcGTkn94
MKPxT/BrjsuS+DJqW6iXaRXsopos8G99OiQtN8UX0cD+TKFQs5pMUm0nl/4JVIF3
naZV2Xy9TRvYhWzYzdDdcD3Lz7ofUxY1UoMeW4qGz5ErZYrBRjgaCLpxgHoedwH8
bZfUuHMK6ayYRPV1uuXhzEitUoQiw/9JOFWrB7IagvVuqCO3zXWDefKaxcFnf56S
dGqRhEhL5Q2dbiTFjOOkYVV2ielJvhw280WTVF9UWnwfk+fEqLxVCFL1XOaseahO
fQTzAZOk9bSleyTGfBsv93/Qo1MK75Hc/qZdgUhi5Tur3BN8
-----END CERTIFICATE-----