Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/049fd671-de95-4496-9712-c56affcb2b27.roa
File:                     049fd671-de95-4496-9712-c56affcb2b27.roa (raw, json)
Hash identifier:          0O5ZCmbcIlHPXAnqJFJ4GwqFvWvr5B//GxHkMMTXM2U=
Subject key identifier:   C2:67:07:B8:18:22:95:FF:47:5D:25:8B:66:BB:4A:A2:34:F4:24:68
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6A931D4FD7B41B22E79F70EA1055C239EA8BB74B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/049fd671-de95-4496-9712-c56affcb2b27.roa
Signing time:             Fri 21 Mar 2025 15:01:02 +0000
ROA not before:           Fri 21 Mar 2025 15:01:02 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.24.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:93:1d:4f:d7:b4:1b:22:e7:9f:70:ea:10:55:c2:39:ea:8b:b7:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:01:02 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f3:f7:3b:94:3f:3e:bd:2a:99:6d:bb:8b:db:
                    e4:6d:50:56:60:e1:06:13:79:de:46:b3:56:b3:ec:
                    b0:c4:fa:4f:e8:75:95:cf:6d:d0:57:bc:b2:49:1c:
                    b3:a3:db:ae:d3:8e:1d:8f:dc:3b:94:d0:02:26:b1:
                    47:c3:68:fe:49:46:60:45:1a:d2:e8:7c:64:8a:17:
                    54:27:90:41:54:08:f8:5f:c6:b4:4d:72:90:20:3d:
                    45:82:39:dd:f5:bc:1d:64:2a:f9:93:a3:5c:77:c0:
                    57:a9:d8:5d:e9:01:94:78:bf:49:86:84:47:68:8e:
                    e3:b8:59:f5:f3:53:cd:7c:36:5a:78:47:b5:4d:73:
                    a2:19:0e:af:e7:2e:b7:ae:58:24:83:d8:20:b5:1b:
                    de:76:e7:cf:66:2a:b6:a3:d7:90:d3:1d:d6:6b:bc:
                    c6:2a:b1:bf:a2:fb:97:ca:f3:c5:ea:53:7a:0e:45:
                    65:ad:c6:d3:de:87:6c:cd:dd:a3:fc:f7:d9:09:7a:
                    e8:6c:cc:57:c4:f0:80:37:6e:9d:6f:4d:20:c9:72:
                    8b:af:a1:f1:18:84:18:9c:cb:17:78:cc:1b:04:b9:
                    3a:f8:36:49:4a:9a:b3:39:eb:a7:43:d5:19:fb:d5:
                    e2:86:b0:52:e2:d4:d2:f1:60:6c:86:63:bd:e5:af:
                    a4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:67:07:B8:18:22:95:FF:47:5D:25:8B:66:BB:4A:A2:34:F4:24:68
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/049fd671-de95-4496-9712-c56affcb2b27.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a6:67:22:81:40:7b:c7:d5:a9:62:66:e4:e7:d4:9b:04:20:6e:
         7c:af:cb:ac:74:f6:1c:c2:35:a8:a2:d6:05:c8:36:c4:2e:d6:
         9d:ed:18:3e:73:b9:1f:2b:e5:8e:d7:9a:2e:2f:93:10:72:f5:
         00:e9:ff:a5:3e:81:f1:76:f3:9b:00:65:bd:3a:ac:43:53:25:
         c2:0f:5b:f1:77:b3:f3:83:7b:70:ac:84:6e:c9:dd:0c:fe:43:
         50:0f:56:63:8e:4b:f5:5e:cb:1e:b3:b6:67:f0:da:12:b2:6c:
         23:9f:74:71:11:ef:4b:ec:46:4d:32:5f:b8:29:1a:2b:88:e7:
         a5:8c:d1:b6:2f:1a:c1:dd:db:45:01:dd:f9:f3:ca:74:18:ad:
         5f:02:a6:7a:44:92:43:1c:6b:b4:31:97:73:28:6b:f4:1d:14:
         4a:2e:e8:52:81:b2:9a:05:51:6b:89:60:61:11:3e:67:02:b1:
         98:a9:77:29:08:d8:df:14:41:17:b9:69:c0:bd:da:1c:76:83:
         2e:d9:11:6d:45:8c:b5:7d:bb:f9:0e:03:43:50:4c:3f:96:67:
         a2:8a:81:c0:ac:69:77:b3:d8:3b:81:d4:6b:15:94:a2:67:13:
         16:57:5d:2c:8e:0b:84:c2:39:f0:27:6a:43:76:b6:ed:2e:77:
         bd:c4:40:a3
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUapMdT9e0GyLnn3DqEFXCOeqLt0swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAxMDJaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc5YzU3NjZjYWQxYzJiZDhiOGJiMzNjNTYzMzNjNTM2NjlmNmIyMTU4MzU2
OGNhNGJlZWEwN2U3NmM4MzEwNzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ7z9zuUPz69Kpltu4vb5G1QVmDhBhN53kazVrPssMT6T+h1lc9t0Fe8skkc
s6PbrtOOHY/cO5TQAiaxR8No/klGYEUa0uh8ZIoXVCeQQVQI+F/GtE1ykCA9RYI5
3fW8HWQq+ZOjXHfAV6nYXekBlHi/SYaER2iO47hZ9fNTzXw2WnhHtU1zohkOr+cu
t65YJIPYILUb3nbnz2YqtqPXkNMd1mu8xiqxv6L7l8rzxepTeg5FZa3G096HbM3d
o/z32Ql66GzMV8TwgDdunW9NIMlyi6+h8RiEGJzLF3jMGwS5Ovg2SUqasznrp0PV
GfvV4oawUuLU0vFgbIZjveWvpNMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTCZwe4
GCKV/0ddJYtmu0qiNPQkaDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDQ5ZmQ2NzEtZGU5NS00NDk2LTk3MTItYzU2YWZmY2IyYjI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7AiGDAN
BgkqhkiG9w0BAQsFAAOCAQEApmcigUB7x9WpYmbk59SbBCBufK/LrHT2HMI1qKLW
Bcg2xC7Wne0YPnO5HyvljteaLi+TEHL1AOn/pT6B8XbzmwBlvTqsQ1Mlwg9b8Xez
84N7cKyEbsndDP5DUA9WY45L9V7LHrO2Z/DaErJsI590cRHvS+xGTTJfuCkaK4jn
pYzRti8awd3bRQHd+fPKdBitXwKmekSSQxxrtDGXcyhr9B0USi7oUoGymgVRa4lg
YRE+ZwKxmKl3KQjY3xRBF7lpwL3aHHaDLtkRbUWMtX27+Q4DQ1BMP5ZnooqBwKxp
d7PYO4HUaxWUomcTFlddLI4LhMI58CdqQ3a27S53vcRAow==
-----END CERTIFICATE-----