Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec4786d-f73f-4e64-99a3-0377bdf5c566.roa
File:                     fec4786d-f73f-4e64-99a3-0377bdf5c566.roa (raw, json)
Hash identifier:          b9z4AOf9VzwOb05rsydWAeZq52xrOjR6ToT1FMm5ce8=
Subject key identifier:   9B:BE:7E:24:37:23:35:68:20:2F:CE:51:4A:73:7B:4B:11:EC:7B:9F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       38DF4500512486A21BAFAB6403EBF398B8BDAFCE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec4786d-f73f-4e64-99a3-0377bdf5c566.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d02e::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:df:45:00:51:24:86:a2:1b:af:ab:64:03:eb:f3:98:b8:bd:af:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ce:28:04:6a:58:9e:0d:d5:8d:da:8d:d8:0c:
                    81:c3:30:d5:0a:dc:56:b2:0d:b3:e9:1b:2c:f2:34:
                    88:8e:dd:e0:f7:04:3b:a0:8b:6d:99:a6:9f:09:38:
                    6f:c7:64:b2:a7:55:44:0a:01:2e:f0:a1:0e:22:18:
                    ae:73:cc:db:c6:c8:fb:47:c1:ba:26:2b:ba:4e:53:
                    4c:ad:9d:2d:01:9c:fc:0b:4b:02:00:a1:91:8a:d3:
                    4f:5e:25:8a:7d:6d:2e:88:42:54:d8:57:2e:d0:6e:
                    4f:93:12:4f:dd:ae:dd:f4:9e:e5:10:fd:1e:4d:a1:
                    f4:9a:5f:cd:02:4d:db:32:2c:c2:43:ce:23:c7:2e:
                    dc:1b:06:75:b5:4a:12:ae:65:a3:2b:c6:76:10:9f:
                    7c:2b:90:d2:dc:26:29:59:dd:04:68:3d:25:a6:7e:
                    53:8c:c3:6f:da:61:42:12:e2:fb:a7:0f:9c:17:bb:
                    6b:13:8e:8f:0c:a7:87:66:0d:2d:70:f8:3b:1e:f3:
                    b0:34:e7:22:a7:3f:34:3e:66:68:e5:90:56:5e:dd:
                    d1:69:a6:12:3f:4b:2b:f0:31:4e:7e:e3:29:8b:d4:
                    6d:97:3c:07:00:50:6d:e2:49:01:61:c7:f3:25:b3:
                    67:45:43:31:24:50:d3:0d:2b:1e:ea:77:9e:0b:26:
                    22:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:BE:7E:24:37:23:35:68:20:2F:CE:51:4A:73:7B:4B:11:EC:7B:9F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec4786d-f73f-4e64-99a3-0377bdf5c566.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d02e::/36

    Signature Algorithm: sha256WithRSAEncryption
         bf:a3:d2:fe:3f:83:76:fe:71:ad:59:8d:6d:1d:39:e2:f9:bc:
         90:76:50:82:ff:0a:99:62:c6:8b:99:5b:a8:bd:84:44:66:04:
         9c:61:46:cc:2b:9a:a6:1a:73:00:45:85:38:05:38:ac:d5:3b:
         6f:29:79:0b:45:e3:e8:4d:f7:08:d9:06:52:79:8c:f9:9e:00:
         39:57:90:ae:b0:8f:6f:38:2a:69:f3:e0:e0:a8:85:46:a3:4c:
         b9:81:7a:0b:4b:96:f4:85:b4:ff:8b:af:e0:da:63:ee:7d:3f:
         ae:b0:40:49:fa:e4:87:9f:25:d3:e3:25:6e:f7:04:3d:c0:71:
         9a:27:89:33:dd:0d:44:4a:36:3e:2c:95:30:e9:8c:de:0c:54:
         74:93:44:54:98:88:3b:95:69:af:98:c9:63:b1:26:37:66:4e:
         2c:c4:30:d7:e1:b3:38:2e:3f:21:d6:10:70:81:01:b2:9e:c5:
         44:7b:d6:b6:17:a6:dd:d0:14:39:99:72:18:f6:be:a0:62:84:
         0d:c5:49:80:a6:5a:e9:40:24:0f:3f:83:1e:e7:1a:c7:fe:18:
         c7:2e:1d:ff:7a:3d:12:2e:92:2e:e5:35:d1:fc:eb:16:ea:e0:
         bd:1a:2e:3f:2a:d5:4d:d4:8f:49:78:d6:48:6c:b8:69:e2:d8:
         fb:94:1f:0b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUON9FAFEkhqIbr6tkA+vzmLi9r84wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0Y2MxNDVhYjY1ZGNjMjc5MGQ5MjQxNTkxYmIwODFjYTRmNTAyOWY4NDAx
YTVhM2U2YThmM2ZkMjBiNDYxMzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANrOKARqWJ4N1Y3ajdgMgcMw1QrcVrINs+kbLPI0iI7d4PcEO6CLbZmmnwk4
b8dksqdVRAoBLvChDiIYrnPM28bI+0fBuiYruk5TTK2dLQGc/AtLAgChkYrTT14l
in1tLohCVNhXLtBuT5MST92u3fSe5RD9Hk2h9JpfzQJN2zIswkPOI8cu3BsGdbVK
Eq5loyvGdhCffCuQ0twmKVndBGg9JaZ+U4zDb9phQhLi+6cPnBe7axOOjwynh2YN
LXD4Ox7zsDTnIqc/ND5maOWQVl7d0WmmEj9LK/AxTn7jKYvUbZc8BwBQbeJJAWHH
8yWzZ0VDMSRQ0w0rHup3ngsmIlUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSbvn4k
NyM1aCAvzlFKc3tLEex7nzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmVjNDc4NmQtZjczZi00ZTY0LTk5YTMtMDM3N2JkZjVjNTY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0C4A
MA0GCSqGSIb3DQEBCwUAA4IBAQC/o9L+P4N2/nGtWY1tHTni+byQdlCC/wqZYsaL
mVuovYREZgScYUbMK5qmGnMARYU4BTis1TtvKXkLRePoTfcI2QZSeYz5ngA5V5Cu
sI9vOCpp8+DgqIVGo0y5gXoLS5b0hbT/i6/g2mPufT+usEBJ+uSHnyXT4yVu9wQ9
wHGaJ4kz3Q1ESjY+LJUw6YzeDFR0k0RUmIg7lWmvmMljsSY3Zk4sxDDX4bM4Lj8h
1hBwgQGynsVEe9a2F6bd0BQ5mXIY9r6gYoQNxUmAplrpQCQPP4Me5xrH/hjHLh3/
ej0SLpIu5TXR/OsW6uC9Gi4/KtVN1I9JeNZIbLhp4tj7lB8L
-----END CERTIFICATE-----