Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b022346-638e-4570-8b19-5cf9b4c378c8.roa
File:                     0b022346-638e-4570-8b19-5cf9b4c378c8.roa (raw, json)
Hash identifier:          J4l7j+AOX2YCoOnH1sOZLk11gzAvEb5a90c8pAhLUN4=
Subject key identifier:   74:D9:84:CE:D7:80:A7:75:F2:DC:4B:18:49:11:99:FE:1E:F9:98:A1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       06E2238CEA40C77B12B6533C14A4C1E1FE7C4217
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b022346-638e-4570-8b19-5cf9b4c378c8.roa
Signing time:             Tue 01 Apr 2025 15:00:33 +0000
ROA not before:           Tue 01 Apr 2025 15:00:33 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.96.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:e2:23:8c:ea:40:c7:7b:12:b6:53:3c:14:a4:c1:e1:fe:7c:42:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  1 15:00:33 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:e8:34:3b:5d:63:54:b4:22:60:a4:27:9e:4b:
                    88:93:0a:e3:a4:53:69:99:e9:2c:47:f1:f7:8e:20:
                    5d:aa:f2:a9:bb:67:bf:5b:b8:97:af:41:1d:a4:83:
                    83:0e:2e:10:c5:40:47:4e:ab:7a:bd:55:ee:f7:ee:
                    64:5e:e8:1a:24:98:96:2a:fc:5c:b9:f6:f0:f5:c4:
                    47:ca:8a:01:2d:d5:59:3c:c8:c5:06:97:20:dd:fc:
                    f5:f8:9a:3c:bb:64:52:70:e6:78:39:df:5c:23:64:
                    98:90:a4:5a:22:90:8c:e0:25:fa:45:72:57:89:be:
                    75:4b:fc:db:f6:88:b9:37:2a:d2:d0:01:b2:12:c7:
                    77:4b:ee:32:e0:2b:aa:08:d5:93:8c:e5:4a:c0:5f:
                    c0:03:58:47:62:1a:47:ea:07:6a:60:f6:48:b4:78:
                    ef:02:6b:e8:0b:90:67:3a:51:43:ac:e6:64:60:49:
                    7e:a4:10:15:c3:11:aa:2f:ea:0a:9f:43:89:38:17:
                    82:1e:03:78:7f:c5:a1:e3:5a:39:a8:a5:e2:57:1d:
                    13:5d:2e:2c:51:ea:c3:62:72:0b:15:95:aa:56:17:
                    2c:80:7b:9f:9a:5e:bb:45:8d:f1:4e:35:f1:83:c0:
                    36:bf:8f:c6:41:d6:c9:e7:7a:c6:79:bf:a6:04:6e:
                    b8:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D9:84:CE:D7:80:A7:75:F2:DC:4B:18:49:11:99:FE:1E:F9:98:A1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b022346-638e-4570-8b19-5cf9b4c378c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:c7:60:25:05:c6:7f:63:96:8a:5b:e8:fe:83:ed:32:92:ad:
         e5:ed:20:10:f9:25:b1:e5:59:95:cc:de:10:65:1b:56:0c:62:
         28:6b:45:ef:80:e0:e1:50:42:1a:73:02:0d:02:46:bf:6e:7b:
         a5:1c:23:be:f4:38:c3:1a:1f:94:37:1d:29:19:a6:79:2f:57:
         bc:8c:cd:7c:3e:70:58:fa:80:d9:f0:a1:a3:95:a9:a5:92:cd:
         31:89:dd:63:a3:d5:7b:fa:33:ac:f0:24:55:5b:2b:4c:93:d9:
         c7:22:57:e1:02:96:8b:66:c8:49:09:15:dc:80:52:22:6e:12:
         91:49:e0:77:a5:72:81:c9:de:10:47:a8:18:ca:93:e9:4b:99:
         39:1d:bc:34:d5:83:ba:4c:27:76:48:07:7f:2f:1f:f4:62:90:
         ac:58:45:1e:8a:0e:a1:1a:67:31:d9:c1:de:6e:a2:a6:77:a4:
         bf:87:67:08:98:c9:e9:a8:f8:62:40:f2:6e:53:b7:1d:c0:3a:
         47:ac:21:b6:39:38:d2:e4:30:0f:c9:fc:f9:6c:50:ea:51:cf:
         12:d3:a6:17:c8:ea:23:a5:42:d4:4d:14:02:38:be:70:fe:52:
         20:c8:5c:1b:74:ee:b8:de:3a:40:46:6b:f6:af:5a:91:88:51:
         23:c6:d1:a4
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUBuIjjOpAx3sStlM8FKTB4f58QhcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAwMzNaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGM3MmFmM2RkZTg1ODk1YzBhNzE4M2FjMWU0MmQxYWMzNDdmOTk0NGFhMGY1
YjEyYjU1YWI2YTU4NWQ3MDEzOGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPLoNDtdY1S0ImCkJ55LiJMK46RTaZnpLEfx944gXaryqbtnv1u4l69BHaSD
gw4uEMVAR06rer1V7vfuZF7oGiSYlir8XLn28PXER8qKAS3VWTzIxQaXIN389fia
PLtkUnDmeDnfXCNkmJCkWiKQjOAl+kVyV4m+dUv82/aIuTcq0tABshLHd0vuMuAr
qgjVk4zlSsBfwANYR2IaR+oHamD2SLR47wJr6AuQZzpRQ6zmZGBJfqQQFcMRqi/q
Cp9DiTgXgh4DeH/FoeNaOail4lcdE10uLFHqw2JyCxWVqlYXLIB7n5peu0WN8U41
8YPANr+PxkHWyed6xnm/pgRuuHsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBR02YTO
14CndfLcSxhJEZn+HvmYoTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGIwMjIzNDYtNjM4ZS00NTcwLThiMTktNWNmOWI0YzM3OGM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA099YDAN
BgkqhkiG9w0BAQsFAAOCAQEAYsdgJQXGf2OWilvo/oPtMpKt5e0gEPklseVZlcze
EGUbVgxiKGtF74Dg4VBCGnMCDQJGv257pRwjvvQ4wxoflDcdKRmmeS9XvIzNfD5w
WPqA2fCho5WppZLNMYndY6PVe/ozrPAkVVsrTJPZxyJX4QKWi2bISQkV3IBSIm4S
kUngd6VygcneEEeoGMqT6UuZOR28NNWDukwndkgHfy8f9GKQrFhFHooOoRpnMdnB
3m6ipnekv4dnCJjJ6aj4YkDyblO3HcA6R6whtjk40uQwD8n8+WxQ6lHPEtOmF8jq
I6VC1E0UAji+cP5SIMhcG3TuuN46QEZr9q9akYhRI8bRpA==
-----END CERTIFICATE-----