Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/27d27432-b542-4aad-b3a4-daf2a0a9bb5c.roa
File:                     27d27432-b542-4aad-b3a4-daf2a0a9bb5c.roa (raw, json)
Hash identifier:          rZdWuVJ6ffyE7ZGuhIZMuLvDMhDtSas2owZvpdXgop8=
Subject key identifier:   9A:08:DD:2B:AA:13:90:7C:62:FA:7C:BB:A9:73:66:4B:D5:9F:62:E3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4A95EB709F19E938988EC2EC2C4D12193241CE77
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/27d27432-b542-4aad-b3a4-daf2a0a9bb5c.roa
Signing time:             Tue 18 Mar 2025 17:00:34 +0000
ROA not before:           Tue 18 Mar 2025 17:00:34 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.51.176.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:95:eb:70:9f:19:e9:38:98:8e:c2:ec:2c:4d:12:19:32:41:ce:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:00:34 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:62:0c:70:45:20:c4:b1:22:50:06:f5:7d:35:
                    64:74:6f:9d:8e:43:f5:26:c1:cc:f9:a0:93:c9:21:
                    87:5f:10:8e:03:98:27:e9:eb:c9:2c:78:0a:a1:e8:
                    75:be:a6:8e:a7:e1:75:e3:f2:06:a6:da:ed:7b:07:
                    ac:03:e4:de:3e:82:f5:fc:30:8a:c3:08:66:fb:1a:
                    1b:90:55:f0:b2:95:b8:41:e0:32:73:52:95:91:8c:
                    4a:93:6f:3e:39:f4:cc:54:a7:60:e5:fd:1c:50:e9:
                    38:f1:5f:38:8f:d1:1a:49:1b:02:e1:37:31:86:4e:
                    d7:8d:a9:0e:dd:9c:d6:a0:6a:1f:b0:ab:f7:c2:a9:
                    39:eb:72:ee:bb:25:cd:be:ff:b7:ee:78:78:ba:ce:
                    e7:93:d1:8b:bc:06:e3:66:46:57:0d:e0:db:da:3c:
                    79:06:ac:4d:ca:34:49:53:5c:6e:a3:82:af:a4:4a:
                    df:7c:aa:24:0f:0b:08:61:d5:5c:5d:5d:ea:09:72:
                    c8:b3:be:fe:29:a1:78:eb:a1:4a:a4:09:4e:8a:af:
                    3f:da:36:1f:29:58:81:37:fe:af:1d:c1:cd:8f:38:
                    0c:51:e1:40:f9:12:8e:98:2d:84:ae:a9:80:69:05:
                    08:3f:19:c6:e0:e6:ae:dc:56:54:a2:3c:8d:49:a0:
                    94:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:08:DD:2B:AA:13:90:7C:62:FA:7C:BB:A9:73:66:4B:D5:9F:62:E3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/27d27432-b542-4aad-b3a4-daf2a0a9bb5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         90:7f:ce:d1:37:c7:0c:63:73:e9:bf:ff:67:91:9f:fd:1e:44:
         9b:45:ac:d3:79:88:07:03:76:ac:06:46:fe:43:15:5e:79:47:
         f1:a0:80:76:88:85:55:ff:9c:28:77:4e:9a:54:b2:e8:8a:34:
         7a:af:9f:86:ea:b7:8c:bd:c0:7a:c6:2e:6c:fc:49:9f:72:67:
         29:45:87:f8:16:1a:ce:bf:e9:01:99:de:45:a9:b7:d1:42:f7:
         53:90:e4:17:d7:25:07:9e:ff:3c:6e:ad:3b:0b:35:36:bc:c8:
         42:8d:19:5f:c4:c8:5b:de:e1:9e:ba:62:12:0d:2a:3c:94:ef:
         65:8a:cb:e4:a3:2d:07:c2:a0:b6:c3:1c:a8:62:08:87:f0:6d:
         b7:fd:b1:4c:cf:8d:9a:fe:63:7c:55:82:d0:b9:46:2a:4f:a2:
         d3:23:d1:45:aa:a1:f6:4e:11:c0:89:62:e6:16:6f:11:a3:f4:
         d9:fc:3d:f4:fe:4d:83:82:8a:c8:74:20:5f:c6:4b:c1:e5:1d:
         ba:46:f4:34:9b:2a:77:06:3b:cc:50:a3:3a:69:13:b9:2f:cb:
         44:eb:0a:55:dd:c5:36:b7:2e:8f:92:60:48:b9:c7:33:c4:f7:
         56:01:c1:20:81:03:96:9e:b6:ff:94:4a:68:4b:dc:b8:8a:05:
         c8:80:e9:ae
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUSpXrcJ8Z6TiYjsLsLE0SGTJBzncwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAwMzRaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3ZjA4OTFiNDA4MTAyZjA1Zjc4NmY1NzQ4ZTY3N2UxNzZmYjIyOGVmM2Fl
ZjYyZDUwZmQ5YjIzYTBkODliMzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJRiDHBFIMSxIlAG9X01ZHRvnY5D9SbBzPmgk8khh18QjgOYJ+nrySx4CqHo
db6mjqfhdePyBqba7XsHrAPk3j6C9fwwisMIZvsaG5BV8LKVuEHgMnNSlZGMSpNv
Pjn0zFSnYOX9HFDpOPFfOI/RGkkbAuE3MYZO142pDt2c1qBqH7Cr98KpOety7rsl
zb7/t+54eLrO55PRi7wG42ZGVw3g29o8eQasTco0SVNcbqOCr6RK33yqJA8LCGHV
XF1d6glyyLO+/imheOuhSqQJToqvP9o2HylYgTf+rx3BzY84DFHhQPkSjpgthK6p
gGkFCD8ZxuDmrtxWVKI8jUmglBECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSaCN0r
qhOQfGL6fLupc2ZL1Z9i4zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjdkMjc0MzItYjU0Mi00YWFkLWIzYTQtZGFmMmEwYTliYjVjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBC4zsDAN
BgkqhkiG9w0BAQsFAAOCAQEAkH/O0TfHDGNz6b//Z5Gf/R5Em0Ws03mIBwN2rAZG
/kMVXnlH8aCAdoiFVf+cKHdOmlSy6Io0eq+fhuq3jL3AesYubPxJn3JnKUWH+BYa
zr/pAZneRam30UL3U5DkF9clB57/PG6tOws1NrzIQo0ZX8TIW97hnrpiEg0qPJTv
ZYrL5KMtB8KgtsMcqGIIh/Btt/2xTM+Nmv5jfFWC0LlGKk+i0yPRRaqh9k4RwIli
5hZvEaP02fw99P5Ng4KKyHQgX8ZLweUdukb0NJsqdwY7zFCjOmkTuS/LROsKVd3F
Nrcuj5JgSLnHM8T3VgHBIIEDlp62/5RKaEvcuIoFyIDprg==
-----END CERTIFICATE-----