Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/216f72e9-3c9a-414e-a688-ee99e3f2e840.roa
File:                     216f72e9-3c9a-414e-a688-ee99e3f2e840.roa (raw, json)
Hash identifier:          U5qUFfAAkbmlfc9YO8VgDgLJPrZoBrCkTly4WY6V+2g=
Subject key identifier:   A5:74:F5:F2:02:F1:AA:7A:74:AA:93:88:C9:E3:48:B0:B2:0B:EF:CD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1662CA097930DB3E18B0388E65B3EDF170DD893A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/216f72e9-3c9a-414e-a688-ee99e3f2e840.roa
Signing time:             Tue 18 Mar 2025 17:01:04 +0000
ROA not before:           Tue 18 Mar 2025 17:01:04 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.220.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:62:ca:09:79:30:db:3e:18:b0:38:8e:65:b3:ed:f1:70:dd:89:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:01:04 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f8:72:77:fb:c5:7e:a6:73:08:36:fd:8e:eb:
                    9b:e7:9e:5d:05:d8:2b:5c:11:77:39:57:17:70:cd:
                    e8:ff:d5:d0:7c:c6:9d:66:e1:5f:d4:78:77:23:4f:
                    d3:8c:4f:29:62:db:05:87:0d:cb:60:4f:cf:62:ec:
                    41:36:d8:ac:28:25:46:fb:71:45:43:d2:b5:d9:96:
                    8a:4d:04:4c:ff:5b:5b:81:59:7b:8d:1b:70:9a:55:
                    57:9f:6d:ba:2a:ef:99:74:f6:59:0d:b8:8c:56:1c:
                    af:7d:a5:72:43:ac:55:87:03:a3:99:1f:3a:cd:2a:
                    e1:67:d0:9b:3e:81:51:cb:9f:ed:58:a4:3d:7f:d8:
                    6f:9b:d5:7d:80:b1:46:83:81:54:d0:17:e3:7e:a7:
                    7b:8d:dc:e1:7c:b3:d2:4b:f3:2c:e4:90:0e:04:67:
                    ed:97:bc:5a:c5:1d:32:53:30:b9:48:1f:6f:4a:4a:
                    f1:d0:db:17:56:6c:c8:11:e7:57:27:4f:68:31:37:
                    47:8e:01:15:fe:8f:f5:78:8a:e6:81:6f:8c:82:92:
                    6b:66:34:fc:4d:56:98:3f:56:d1:89:00:71:90:b7:
                    6b:a7:93:f8:59:72:17:1c:99:87:ca:e1:77:9b:d9:
                    cf:06:a0:4f:f4:58:7d:ba:92:0b:32:cc:50:8b:ab:
                    5b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:74:F5:F2:02:F1:AA:7A:74:AA:93:88:C9:E3:48:B0:B2:0B:EF:CD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/216f72e9-3c9a-414e-a688-ee99e3f2e840.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:08:e0:e3:06:f9:b7:73:58:51:82:35:a0:78:10:d3:2b:01:
         d8:cf:6f:a2:20:d9:de:75:16:de:86:4a:88:87:96:de:83:c4:
         d5:3d:9f:f7:16:e2:4f:ab:83:51:06:fe:fa:1d:c4:28:80:c9:
         f1:bd:cf:22:dd:3e:14:d1:9e:e8:a9:43:c4:05:01:93:0a:da:
         b2:90:25:a3:40:3a:1f:4c:88:f1:f3:72:24:e3:44:cd:15:a8:
         04:c0:6e:71:96:9a:39:11:76:41:4e:d0:75:8b:a2:cc:c6:cc:
         46:22:d0:06:1b:44:dd:d0:25:64:d8:07:58:1b:54:cb:4d:49:
         10:5f:c3:6a:83:d1:6e:c4:43:23:82:6b:91:44:20:c7:57:08:
         72:1f:cc:7d:5b:4c:57:02:6d:d3:e0:fc:94:12:8f:06:62:09:
         27:b2:74:61:f9:1f:ea:04:d5:19:78:84:ab:31:81:96:3d:55:
         39:ff:82:e9:b1:4c:87:ee:c3:ca:ae:55:ac:40:50:2c:66:c8:
         d8:f4:65:8d:fa:52:d2:6e:71:12:2e:e5:59:83:fb:72:e5:dd:
         1e:3c:78:69:a7:f1:43:f0:f8:38:a1:dd:dc:96:a9:ce:d8:99:
         6d:15:f5:1c:96:64:9c:39:d4:be:47:81:73:90:fd:2f:77:95:
         76:45:7c:ec
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUFmLKCXkw2z4YsDiOZbPt8XDdiTowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAxMDRaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDE0NWQ5YWY0YjA2OWVkOTU1MjEyZjYwZjUwOGQ2MmNkMGIyMTZkZmRjNTc5
ZDIwY2I2ZDI4NzhiYjI1MmFlYTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALr4cnf7xX6mcwg2/Y7rm+eeXQXYK1wRdzlXF3DN6P/V0HzGnWbhX9R4dyNP
04xPKWLbBYcNy2BPz2LsQTbYrCglRvtxRUPStdmWik0ETP9bW4FZe40bcJpVV59t
uirvmXT2WQ24jFYcr32lckOsVYcDo5kfOs0q4WfQmz6BUcuf7VikPX/Yb5vVfYCx
RoOBVNAX436ne43c4Xyz0kvzLOSQDgRn7Ze8WsUdMlMwuUgfb0pK8dDbF1ZsyBHn
VydPaDE3R44BFf6P9XiK5oFvjIKSa2Y0/E1WmD9W0YkAcZC3a6eT+FlyFxyZh8rh
d5vZzwagT/RYfbqSCzLMUIurW9sCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSldPXy
AvGqenSqk4jJ40iwsgvvzTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjE2ZjcyZTktM2M5YS00MTRlLWE2ODgtZWU5OWUzZjJlODQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS6J3DAN
BgkqhkiG9w0BAQsFAAOCAQEAVAjg4wb5t3NYUYI1oHgQ0ysB2M9voiDZ3nUW3oZK
iIeW3oPE1T2f9xbiT6uDUQb++h3EKIDJ8b3PIt0+FNGe6KlDxAUBkwraspAlo0A6
H0yI8fNyJONEzRWoBMBucZaaORF2QU7QdYuizMbMRiLQBhtE3dAlZNgHWBtUy01J
EF/DaoPRbsRDI4JrkUQgx1cIch/MfVtMVwJt0+D8lBKPBmIJJ7J0Yfkf6gTVGXiE
qzGBlj1VOf+C6bFMh+7Dyq5VrEBQLGbI2PRljfpS0m5xEi7lWYP7cuXdHjx4aafx
Q/D4OKHd3JapztiZbRX1HJZknDnUvkeBc5D9L3eVdkV87A==
-----END CERTIFICATE-----