Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c4d2d14-aa0a-456e-90f4-bdfa21e668f8.roa
File:                     1c4d2d14-aa0a-456e-90f4-bdfa21e668f8.roa (raw, json)
Hash identifier:          qD7ZGSam/uK7Qap5RN83SXNTGYH8VVizpSV7Fe3enKE=
Subject key identifier:   CE:33:C7:19:5C:8C:56:D6:2B:91:C0:AF:EC:42:E1:BD:41:D5:AD:83
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2B593F4E8A736C83566C8A3B50C1345FD11CD439
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c4d2d14-aa0a-456e-90f4-bdfa21e668f8.roa
Signing time:             Fri 21 Mar 2025 15:01:22 +0000
ROA not before:           Fri 21 Mar 2025 15:01:22 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:59:3f:4e:8a:73:6c:83:56:6c:8a:3b:50:c1:34:5f:d1:1c:d4:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:01:22 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:20:db:7d:14:0a:48:e9:32:18:ad:7e:7d:2b:
                    63:92:1d:43:1b:ea:ae:12:a7:63:ce:9a:4c:a9:97:
                    5b:0c:0e:3d:ce:33:fb:c3:b4:ea:4b:49:dc:3d:1b:
                    8d:61:45:97:25:f5:73:d0:60:78:ce:68:9d:a2:57:
                    7e:72:ad:22:3a:91:89:a0:7c:59:7d:4c:56:fc:34:
                    e4:88:c1:0d:7b:e3:0d:00:97:30:0b:34:9c:ec:61:
                    48:32:d8:73:a8:c4:9d:ce:b3:61:9b:83:61:f5:f8:
                    42:f7:76:81:ca:22:98:8b:88:64:d6:05:91:b8:51:
                    04:f2:44:d5:e4:2e:80:bd:52:66:a4:3e:86:95:bd:
                    28:14:aa:8a:63:6e:ca:b9:fa:f7:a5:32:06:81:0f:
                    06:d2:22:ce:c3:db:3f:96:43:b2:32:5e:cf:b8:79:
                    f4:8e:16:13:78:6d:a4:05:3e:24:5c:54:87:d3:72:
                    32:f4:19:7e:78:3b:a6:16:54:bb:72:96:83:9f:64:
                    03:07:e7:2e:25:66:0e:bd:fc:44:21:68:d5:59:54:
                    67:06:b1:c6:53:45:be:af:8a:54:5c:f4:f3:4d:1a:
                    3c:c6:9f:b6:f8:da:7d:7b:2e:dc:ca:1b:f4:03:65:
                    eb:1f:3f:d8:5d:60:d5:4e:6c:cc:73:d0:6b:a7:dc:
                    c1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:33:C7:19:5C:8C:56:D6:2B:91:C0:AF:EC:42:E1:BD:41:D5:AD:83
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c4d2d14-aa0a-456e-90f4-bdfa21e668f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         0b:21:3d:09:93:71:e3:99:8b:76:99:eb:63:ee:7a:3a:45:30:
         78:e0:d5:12:3b:21:9e:af:6f:8b:86:c2:d5:af:36:0a:11:46:
         b8:0b:0f:92:5c:bd:c9:57:4d:d0:28:a8:98:d8:b8:11:3d:ec:
         59:5d:e5:0e:43:f3:ad:2e:99:3b:06:6d:36:4d:65:98:93:dd:
         b5:46:da:9e:58:f7:f7:b4:ba:72:09:77:64:9b:24:1e:5b:d6:
         07:eb:12:e2:58:cc:e0:ad:2c:0d:f1:d5:2d:84:9d:b8:d3:a8:
         ec:8d:e0:f3:14:03:e1:0e:3a:a9:81:d0:a3:09:be:00:be:0b:
         ee:7d:fc:30:5d:41:f7:17:4f:94:7d:b3:02:d6:7f:e5:4c:44:
         dd:9f:f5:7d:9c:23:32:c0:5a:d9:81:c6:a8:8c:0f:57:a9:1d:
         40:b0:6a:77:b9:46:cc:cf:1d:ef:bc:8a:fd:20:76:2c:d6:9f:
         b5:0c:90:12:7b:64:da:69:45:2c:44:74:6f:af:5d:ae:08:9c:
         63:e8:4c:d9:77:f3:73:d1:77:a2:c2:dd:40:8c:7c:d4:56:81:
         c4:07:7b:08:c3:96:d4:19:e6:a3:49:b8:38:49:d6:79:91:a7:
         40:53:85:99:9a:78:e9:54:fc:56:f7:a9:7d:19:7e:d8:4c:34:
         b4:2b:cb:dc
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUK1k/TopzbINWbIo7UME0X9Ec1DkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAxMjJaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDViMDU2MjM5NjEyZTdjZWNkMzYyNjFjMjg5YTU1N2YyNzE1MGUxYjk3MmZh
ZDUzMTExYTI4NGZmOTNjYTRmM2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANkg230UCkjpMhitfn0rY5IdQxvqrhKnY86aTKmXWwwOPc4z+8O06ktJ3D0b
jWFFlyX1c9BgeM5onaJXfnKtIjqRiaB8WX1MVvw05IjBDXvjDQCXMAs0nOxhSDLY
c6jEnc6zYZuDYfX4Qvd2gcoimIuIZNYFkbhRBPJE1eQugL1SZqQ+hpW9KBSqimNu
yrn696UyBoEPBtIizsPbP5ZDsjJez7h59I4WE3htpAU+JFxUh9NyMvQZfng7phZU
u3KWg59kAwfnLiVmDr38RCFo1VlUZwaxxlNFvq+KVFz0800aPMaftvjafXsu3Mob
9ANl6x8/2F1g1U5szHPQa6fcwVcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTOM8cZ
XIxW1iuRwK/sQuG9QdWtgzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWM0ZDJkMTQtYWEwYS00NTZlLTkwZjQtYmRmYTIxZTY2OGY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB7AigDAN
BgkqhkiG9w0BAQsFAAOCAQEACyE9CZNx45mLdpnrY+56OkUweODVEjshnq9vi4bC
1a82ChFGuAsPkly9yVdN0CiomNi4ET3sWV3lDkPzrS6ZOwZtNk1lmJPdtUbanlj3
97S6cgl3ZJskHlvWB+sS4ljM4K0sDfHVLYSduNOo7I3g8xQD4Q46qYHQowm+AL4L
7n38MF1B9xdPlH2zAtZ/5UxE3Z/1fZwjMsBa2YHGqIwPV6kdQLBqd7lGzM8d77yK
/SB2LNaftQyQEntk2mlFLER0b69drgicY+hM2Xfzc9F3osLdQIx81FaBxAd7CMOW
1Bnmo0m4OEnWeZGnQFOFmZp46VT8VvepfRl+2Ew0tCvL3A==
-----END CERTIFICATE-----