Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/18d47c03-cff3-4fc4-bd85-07c1063f7047.roa
File:                     18d47c03-cff3-4fc4-bd85-07c1063f7047.roa (raw, json)
Hash identifier:          EWusPdp+Yb8LI4Za5gEpp/kbev56CH+qKWYPR6sDXDI=
Subject key identifier:   69:82:DB:D8:9D:51:23:14:7B:89:2C:00:78:0A:EC:AD:9D:AB:B1:AD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       143EE8FFF60A6D5298460EF6C6CD8F238137B115
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/18d47c03-cff3-4fc4-bd85-07c1063f7047.roa
Signing time:             Tue 18 Mar 2025 17:10:09 +0000
ROA not before:           Tue 18 Mar 2025 17:10:09 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.51.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:3e:e8:ff:f6:0a:6d:52:98:46:0e:f6:c6:cd:8f:23:81:37:b1:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:10:09 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5d:1e:8d:6b:93:35:f8:69:2e:d9:ce:98:b0:
                    48:a7:66:18:6a:64:17:0c:94:a6:3d:41:5d:42:b4:
                    0d:9b:47:5c:20:5e:df:0d:0c:4e:4d:c6:5e:55:48:
                    83:39:d3:90:85:9a:aa:01:ea:30:cb:db:20:61:a7:
                    cd:37:71:4f:3e:a8:e2:1d:5a:af:15:8b:bf:a5:3e:
                    dd:14:b8:45:04:dc:31:01:68:21:0f:71:73:b1:38:
                    5d:5a:80:50:0f:aa:99:b5:ba:0f:21:6c:73:14:9b:
                    9a:fd:bd:94:43:23:61:28:a0:a3:c2:8d:5e:55:71:
                    9a:4f:1c:f8:eb:cf:05:1d:a8:86:23:fb:3f:34:a0:
                    9c:fc:28:0d:58:39:93:49:7a:5b:34:6e:93:5c:b2:
                    c2:cc:c0:ae:cd:a0:d4:03:29:8f:da:7d:e2:79:87:
                    a5:7d:45:8b:68:dd:82:fa:8c:e7:fa:78:4b:69:a9:
                    ab:12:47:85:1e:ac:22:70:0e:1f:77:dc:3a:bb:fc:
                    f1:2a:65:3c:1b:cb:60:4e:8e:ad:67:e3:17:a9:7c:
                    4c:c2:72:63:a8:8c:bc:ed:7f:17:74:ca:38:c4:cd:
                    41:a9:ac:55:7e:1b:e8:f7:09:39:c8:40:42:99:a1:
                    22:60:a8:00:d6:2a:34:75:9d:54:7d:72:b0:da:1d:
                    d9:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:82:DB:D8:9D:51:23:14:7B:89:2C:00:78:0A:EC:AD:9D:AB:B1:AD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/18d47c03-cff3-4fc4-bd85-07c1063f7047.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         27:a1:e3:2f:6d:65:c8:84:24:f1:be:ce:b6:ef:c6:d1:10:e6:
         58:33:75:d3:88:39:e6:68:0f:f3:5d:83:5a:e2:f4:3f:aa:05:
         51:fe:00:18:65:1e:a4:05:1f:68:94:e4:ae:2e:6a:f3:ff:77:
         40:9d:62:4c:bb:f3:0c:2c:11:50:dc:d9:18:f0:b9:39:67:60:
         2f:9f:64:67:dc:bc:1e:cc:1e:c1:6d:2c:77:3f:6f:52:63:f8:
         9d:aa:49:19:d4:11:df:0a:ec:50:05:c5:47:d5:d0:80:e0:d1:
         a4:b7:ba:c2:83:e2:29:b1:9c:d0:1d:72:f3:e0:9b:f3:71:6e:
         f0:96:ee:29:3c:c0:b0:0a:84:32:21:44:46:80:b4:4c:42:e1:
         fb:c5:33:3b:a0:93:e3:ec:ab:23:92:2a:2a:32:05:e3:d0:eb:
         fe:38:35:15:9d:a8:3f:17:d8:ed:e8:d7:b2:6a:65:da:26:44:
         52:c4:0d:35:10:2d:0f:bc:10:19:fb:b0:5f:a6:f4:85:dd:13:
         52:23:77:73:ca:2b:93:19:cf:d0:9e:ef:5e:88:e2:fd:7f:63:
         a1:27:7b:ba:65:2d:51:ca:93:9b:b1:a2:83:cb:f9:98:d4:0e:
         12:26:4a:bd:43:57:a5:8b:9d:ad:13:3b:26:df:22:1b:07:5d:
         92:3e:0e:43
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUFD7o//YKbVKYRg72xs2PI4E3sRUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzEwMDlaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDE2NjZkNjI3ZmIzOTVkZDE3NGFmNjE3YzUzNTU0ZTI3MWNjNmY3YmE0Nzdk
NGQ4OTFkYWI0ZjVkMDNjZWQzYWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMhdHo1rkzX4aS7ZzpiwSKdmGGpkFwyUpj1BXUK0DZtHXCBe3w0MTk3GXlVI
gznTkIWaqgHqMMvbIGGnzTdxTz6o4h1arxWLv6U+3RS4RQTcMQFoIQ9xc7E4XVqA
UA+qmbW6DyFscxSbmv29lEMjYSigo8KNXlVxmk8c+OvPBR2ohiP7PzSgnPwoDVg5
k0l6WzRuk1yywszArs2g1AMpj9p94nmHpX1Fi2jdgvqM5/p4S2mpqxJHhR6sInAO
H3fcOrv88SplPBvLYE6OrWfjF6l8TMJyY6iMvO1/F3TKOMTNQamsVX4b6PcJOchA
QpmhImCoANYqNHWdVH1ysNod2bMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRpgtvY
nVEjFHuJLAB4CuytnauxrTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MThkNDdjMDMtY2ZmMy00ZmM0LWJkODUtMDdjMTA2M2Y3MDQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBS4zgDAN
BgkqhkiG9w0BAQsFAAOCAQEAJ6HjL21lyIQk8b7Otu/G0RDmWDN104g55mgP812D
WuL0P6oFUf4AGGUepAUfaJTkri5q8/93QJ1iTLvzDCwRUNzZGPC5OWdgL59kZ9y8
HswewW0sdz9vUmP4napJGdQR3wrsUAXFR9XQgODRpLe6woPiKbGc0B1y8+Cb83Fu
8JbuKTzAsAqEMiFERoC0TELh+8UzO6CT4+yrI5IqKjIF49Dr/jg1FZ2oPxfY7ejX
smpl2iZEUsQNNRAtD7wQGfuwX6b0hd0TUiN3c8orkxnP0J7vXoji/X9joSd7umUt
UcqTm7Gig8v5mNQOEiZKvUNXpYudrRM7Jt8iGwddkj4OQw==
-----END CERTIFICATE-----