Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
File:                     296e983c-f59b-4a15-a74d-56b2bff88779.roa (raw, json)
Hash identifier:          wKEic5xeNWHcr2Kx/BgQfcJL/3mB8xvPD8EPWrwgRRE=
Subject key identifier:   BE:DA:52:3F:1D:25:38:61:25:2B:F8:07:46:C9:21:77:F1:F7:7D:57
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       66619F5B08749F3F1B942111F92BA5744CEFD253
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
Signing time:             Fri 21 Mar 2025 15:01:17 +0000
ROA not before:           Fri 21 Mar 2025 15:01:17 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:61:9f:5b:08:74:9f:3f:1b:94:21:11:f9:2b:a5:74:4c:ef:d2:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:01:17 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f9:0a:42:57:5f:3f:96:98:3b:81:83:91:a1:
                    08:d0:6d:5b:13:d6:5c:84:1d:a6:a6:b3:a3:71:f6:
                    ad:5b:22:45:0e:83:81:ae:5e:70:c7:ee:a9:c9:ef:
                    79:14:17:cf:d7:70:44:e5:71:a6:77:4e:d8:ee:cf:
                    78:70:01:8e:22:c7:77:3f:70:35:51:7b:4f:a4:01:
                    a8:be:ab:fb:e4:fb:e5:12:3b:99:27:c1:bd:9a:ca:
                    5c:ee:a6:41:7e:75:5b:c7:14:d9:ec:ef:3a:f6:09:
                    0a:57:17:b9:70:e0:62:2c:79:c4:91:e4:7c:a1:86:
                    29:e0:a9:64:66:7a:cc:3a:31:73:21:b0:ff:b3:27:
                    4e:4a:00:63:df:8e:85:12:94:d7:9f:56:4b:bb:24:
                    e9:cb:dc:62:0c:eb:98:73:32:f8:b2:d4:a1:3c:79:
                    4e:c7:89:73:b9:84:e5:62:cf:a1:5d:fc:6a:9e:5e:
                    4c:cf:88:21:ad:ed:c5:98:8a:d3:89:f6:54:3a:a9:
                    9e:54:2e:b9:af:4b:38:97:b1:9d:09:0f:e4:43:2f:
                    63:b0:d3:40:5c:22:29:35:1c:82:63:01:07:3d:30:
                    0c:64:7a:01:bd:fd:6f:c6:b5:0e:6d:7a:ae:5e:7d:
                    50:66:44:a7:1a:26:e8:45:96:54:8c:c3:f6:08:db:
                    37:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:DA:52:3F:1D:25:38:61:25:2B:F8:07:46:C9:21:77:F1:F7:7D:57
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         86:7d:63:27:33:5a:ea:fc:b1:f5:66:2b:fd:06:76:19:8b:20:
         88:24:41:45:e4:f6:a2:d6:c0:ff:ee:34:67:c2:ef:dc:76:ab:
         51:a5:cd:c3:0a:da:75:72:d9:46:dd:19:7e:4e:6b:50:95:f3:
         d2:d0:07:c3:53:44:83:c1:e4:b2:87:e2:8d:dd:52:c3:97:96:
         4e:5b:15:67:cc:2a:05:a6:3e:07:15:89:ac:51:95:80:61:33:
         9a:ac:c7:17:27:11:f4:31:1d:69:a4:dd:38:ef:ef:0b:e0:78:
         bd:a9:c7:69:5a:4f:49:0b:4f:58:2c:67:b4:7c:c1:d5:16:16:
         ec:59:87:71:e9:b0:5d:30:46:2a:60:37:72:6f:9f:14:76:28:
         04:fd:bb:98:63:ab:ea:60:d7:00:46:a9:fb:b8:a3:02:3c:b2:
         79:9a:24:3a:1d:e2:87:76:69:ed:01:44:bf:d7:1a:17:48:b0:
         15:33:44:f1:5b:58:73:02:24:ad:61:56:fc:83:07:26:dc:ba:
         cf:84:21:49:7d:76:38:e3:f2:bd:b4:c5:ff:e6:3c:66:26:8e:
         62:6f:b1:bd:2c:60:61:24:a8:8b:1e:45:88:f6:8c:a9:d9:8b:
         9b:a6:6a:aa:65:88:fc:33:6d:1c:b3:45:21:1b:0d:42:86:49:
         d1:4b:90:24
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUZmGfWwh0nz8blCER+SuldEzv0lMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAxMTdaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDkyZTNiNGZlZTRhZjZjMGM5YTc0OTUwYjE1ZDEwZmY1ODdiYTg3ZjIwMDAy
OTMzOGU5ZWQ3MGM5OGU0Mzk0OGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM35CkJXXz+WmDuBg5GhCNBtWxPWXIQdpqazo3H2rVsiRQ6Dga5ecMfuqcnv
eRQXz9dwROVxpndO2O7PeHABjiLHdz9wNVF7T6QBqL6r++T75RI7mSfBvZrKXO6m
QX51W8cU2ezvOvYJClcXuXDgYix5xJHkfKGGKeCpZGZ6zDoxcyGw/7MnTkoAY9+O
hRKU159WS7sk6cvcYgzrmHMy+LLUoTx5TseJc7mE5WLPoV38ap5eTM+IIa3txZiK
04n2VDqpnlQuua9LOJexnQkP5EMvY7DTQFwiKTUcgmMBBz0wDGR6Ab39b8a1Dm16
rl59UGZEpxom6EWWVIzD9gjbN3ECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS+2lI/
HSU4YSUr+AdGySF38fd9VzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mjk2ZTk4M2MtZjU5Yi00YTE1LWE3NGQtNTZiMmJmZjg4Nzc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAiMDAN
BgkqhkiG9w0BAQsFAAOCAQEAhn1jJzNa6vyx9WYr/QZ2GYsgiCRBReT2otbA/+40
Z8Lv3HarUaXNwwradXLZRt0Zfk5rUJXz0tAHw1NEg8Hksofijd1Sw5eWTlsVZ8wq
BaY+BxWJrFGVgGEzmqzHFycR9DEdaaTdOO/vC+B4vanHaVpPSQtPWCxntHzB1RYW
7FmHcemwXTBGKmA3cm+fFHYoBP27mGOr6mDXAEap+7ijAjyyeZokOh3ih3Zp7QFE
v9caF0iwFTNE8VtYcwIkrWFW/IMHJty6z4QhSX12OOPyvbTF/+Y8ZiaOYm+xvSxg
YSSoix5FiPaMqdmLm6ZqqmWI/DNtHLNFIRsNQoZJ0UuQJA==
-----END CERTIFICATE-----