Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8462af63-807c-4934-9e2f-0d749c431bcd.roa
File:                     8462af63-807c-4934-9e2f-0d749c431bcd.roa (raw, json)
Hash identifier:          v7K3hZbtOT3IfUV4e53zxPVZGmF8x11Hje4vK6z3NDs=
Subject key identifier:   2F:F8:C0:F1:E9:F7:B8:FE:8D:F4:D1:53:54:46:4E:BD:CA:0D:CD:13
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       207FBAD977559686F95B7CA58DFAD2A51C1E7DD5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8462af63-807c-4934-9e2f-0d749c431bcd.roa
Signing time:             Mon 31 Mar 2025 21:20:11 +0000
ROA not before:           Mon 31 Mar 2025 21:20:11 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.186.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:7f:ba:d9:77:55:96:86:f9:5b:7c:a5:8d:fa:d2:a5:1c:1e:7d:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:20:11 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:18:7b:54:5b:de:00:3e:b9:c5:58:9e:45:1b:
                    91:88:57:ca:2a:c1:34:58:7d:1b:e5:ba:b7:be:b7:
                    f7:95:9e:61:1a:11:89:d8:5b:ed:ee:16:97:3d:94:
                    13:9f:6a:02:c5:57:18:b9:43:94:0f:fc:c8:c5:fc:
                    bd:d7:00:2e:3e:ed:b8:99:f1:c9:46:9a:2b:1c:a4:
                    5f:2d:4f:1a:c9:15:5d:ed:06:7b:c2:e2:a1:5e:f9:
                    f3:00:12:78:c3:02:00:2a:a5:c6:7e:f5:24:20:2e:
                    4e:c3:ca:55:5e:c8:83:55:51:ec:4d:84:27:ff:03:
                    b1:59:45:c6:d9:cf:6d:5d:c8:a6:46:f8:4f:ba:ea:
                    c5:33:ca:a5:b4:de:5d:92:d1:69:c3:71:38:00:e7:
                    9f:99:e6:c2:a5:32:22:ce:bf:cc:10:62:12:7f:25:
                    8e:65:b3:42:32:e3:fe:66:c5:7b:e5:7f:30:10:6a:
                    49:8c:49:58:46:d8:d9:3a:1d:78:f3:7f:44:64:f1:
                    9c:3c:88:fa:5f:04:48:dd:bf:dd:f8:9c:b6:a9:1a:
                    0c:b9:ef:73:96:cf:12:e5:63:4e:96:5e:0c:af:c9:
                    90:aa:fe:3e:d0:bf:18:33:94:c9:0a:70:64:81:1a:
                    f5:a2:09:6e:4d:6e:b6:0b:a1:f1:ae:a5:50:62:23:
                    48:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:F8:C0:F1:E9:F7:B8:FE:8D:F4:D1:53:54:46:4E:BD:CA:0D:CD:13
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8462af63-807c-4934-9e2f-0d749c431bcd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:b3:f7:98:ea:2d:fb:18:f6:bc:c9:ae:88:d7:b7:ca:bc:d7:
         01:90:0c:e0:37:df:2e:13:89:52:28:98:45:56:1d:41:05:c2:
         dd:40:19:52:4f:2e:f2:da:d0:df:d0:78:bb:8a:42:33:43:48:
         f4:89:6b:d4:2b:22:18:f7:43:4a:ca:0b:cc:8c:d2:4e:0e:77:
         d6:1e:8d:51:be:be:3f:50:97:3f:0c:6b:0b:51:b5:6e:93:bc:
         69:ae:4f:2e:e9:ec:88:41:42:ce:15:58:cd:d4:c2:98:0a:ae:
         3c:7b:bd:90:e4:51:0e:76:f2:d9:c4:ec:9a:1b:61:b0:dd:01:
         c9:9c:d3:a9:26:f7:d8:ab:aa:de:6e:0e:87:a8:7c:4c:74:20:
         f3:b2:12:43:2f:63:04:53:00:bc:b6:1a:ad:ad:48:2b:50:ce:
         74:41:a3:ad:7c:a0:e2:0e:b3:31:63:58:a8:30:42:d1:36:8f:
         f3:57:cc:4a:1f:f3:53:c5:3f:37:1c:3a:13:5d:08:2a:44:95:
         87:18:52:1d:f8:f5:0f:fe:d9:c1:e1:9f:f6:c7:46:b5:bf:01:
         f9:ce:ea:76:6f:4d:30:5c:d1:ab:17:a4:ff:fa:14:85:5f:d5:
         ce:a0:14:c2:4e:f5:95:b4:8a:5c:d1:6b:ab:5c:40:9c:fc:7c:
         c3:ee:69:5b
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIH+62XdVlob5W3yljfrSpRwefdUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTIwMTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhlNmQwZGU0ODM5MmQ3OWMxZDI5NzQ3YWRlMjQzYWVjZWExNmZmNTZmNzZk
MWI5ZjE3YjUxZDkwYTE3Mzg3ZTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4Ye1Rb3gA+ucVYnkUbkYhXyirBNFh9G+W6t76395WeYRoRidhb7e4Wlz2U
E59qAsVXGLlDlA/8yMX8vdcALj7tuJnxyUaaKxykXy1PGskVXe0Ge8LioV758wAS
eMMCACqlxn71JCAuTsPKVV7Ig1VR7E2EJ/8DsVlFxtnPbV3Ipkb4T7rqxTPKpbTe
XZLRacNxOADnn5nmwqUyIs6/zBBiEn8ljmWzQjLj/mbFe+V/MBBqSYxJWEbY2Tod
ePN/RGTxnDyI+l8ESN2/3fictqkaDLnvc5bPEuVjTpZeDK/JkKr+PtC/GDOUyQpw
ZIEa9aIJbk1utguh8a6lUGIjSAsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQv+MDx
6fe4/o300VNURk69yg3NEzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODQ2MmFmNjMtODA3Yy00OTM0LTllMmYtMGQ3NDljNDMxYmNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMG60jAN
BgkqhkiG9w0BAQsFAAOCAQEAJ7P3mOot+xj2vMmuiNe3yrzXAZAM4DffLhOJUiiY
RVYdQQXC3UAZUk8u8trQ39B4u4pCM0NI9Ilr1CsiGPdDSsoLzIzSTg531h6NUb6+
P1CXPwxrC1G1bpO8aa5PLunsiEFCzhVYzdTCmAquPHu9kORRDnby2cTsmhthsN0B
yZzTqSb32Kuq3m4Oh6h8THQg87ISQy9jBFMAvLYara1IK1DOdEGjrXyg4g6zMWNY
qDBC0TaP81fMSh/zU8U/Nxw6E10IKkSVhxhSHfj1D/7ZweGf9sdGtb8B+c7qdm9N
MFzRqxek//oUhV/VzqAUwk71lbSKXNFrq1xAnPx8w+5pWw==
-----END CERTIFICATE-----