Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2c6881bd-10fc-4994-83fe-43244d2b078a.roa
File:                     2c6881bd-10fc-4994-83fe-43244d2b078a.roa (raw, json)
Hash identifier:          AopmnJK+tceuZkYA6fX/fucmlznOAVDu1o7lrtTz6hE=
Subject key identifier:   5C:29:5A:44:A8:35:67:22:4A:3D:88:C9:2D:30:67:D3:F9:11:CC:46
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       13F924FE24D5BC213CF161E3670FCF83A310C3C6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2c6881bd-10fc-4994-83fe-43244d2b078a.roa
Signing time:             Tue 18 Mar 2025 17:00:18 +0000
ROA not before:           Tue 18 Mar 2025 17:00:18 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.80.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:f9:24:fe:24:d5:bc:21:3c:f1:61:e3:67:0f:cf:83:a3:10:c3:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:00:18 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4f:df:e3:a8:b0:92:4b:1d:6a:eb:24:e7:cd:
                    0f:77:8d:31:aa:08:b3:59:39:c1:e8:cb:bc:63:85:
                    ff:8b:af:fb:af:e7:0a:f5:a4:a4:6d:13:8a:53:af:
                    03:90:5d:45:1a:4a:12:cd:89:2d:47:0f:e9:6b:01:
                    57:ff:bd:eb:d9:2c:5d:23:00:0b:a5:16:7e:95:3f:
                    4e:79:18:73:b6:33:11:66:b7:18:71:f3:6d:f7:26:
                    b6:0b:3e:f9:ab:81:f0:18:2f:33:e0:f8:24:0d:93:
                    da:81:17:1c:9b:0e:36:40:a3:1b:9b:b8:37:68:ea:
                    96:d4:43:0b:e0:9b:55:6c:98:df:7a:36:28:fb:b2:
                    f8:f9:4c:a8:36:75:88:aa:cd:b5:2d:43:83:60:07:
                    19:72:74:c3:26:5f:0e:ba:35:a6:4a:04:09:9d:2d:
                    98:82:87:5f:fb:4d:9d:32:5b:62:52:c0:0f:64:da:
                    bd:0c:a2:f2:0d:aa:81:74:36:db:c8:e4:c4:b7:4d:
                    68:97:33:92:3d:d6:44:e3:d9:f2:b1:a4:b9:3e:3e:
                    de:e2:e4:6d:cb:49:07:b3:02:57:2c:fd:76:fb:4c:
                    da:02:65:20:9a:82:ae:9b:ce:f8:d4:5f:ad:a0:0a:
                    e0:85:a4:c0:ec:79:ff:c6:68:f4:5b:7e:8e:07:6b:
                    33:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:29:5A:44:A8:35:67:22:4A:3D:88:C9:2D:30:67:D3:F9:11:CC:46
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2c6881bd-10fc-4994-83fe-43244d2b078a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4e:0d:6a:50:c0:08:eb:64:24:47:52:6f:03:3a:11:98:f9:0b:
         b1:12:95:3e:7f:a6:b6:32:be:37:dd:41:98:54:19:d2:f1:04:
         49:49:59:2e:14:42:e1:0a:a2:a7:8a:12:23:4c:f4:cc:55:f2:
         09:00:49:d2:02:56:20:22:d9:2c:04:76:1f:4b:87:56:e1:af:
         e1:e1:72:3c:67:d2:f8:fa:62:78:0e:1b:d7:f5:c9:f5:b9:01:
         ea:01:1b:bc:e7:ef:ee:39:77:d9:84:ca:7d:4c:1b:30:02:52:
         ab:f6:84:05:8f:3f:d1:c7:f4:ba:56:8b:ca:63:b6:04:8c:ee:
         d3:e5:88:35:9e:fa:ee:af:e4:15:b1:42:bd:53:40:9a:bb:d8:
         0c:ba:e9:98:96:7e:9e:d7:3a:11:69:48:29:28:c2:cc:50:58:
         92:bd:d7:dd:65:52:f2:b6:5d:73:a4:bd:a1:df:64:8a:87:c2:
         e7:21:09:90:42:90:24:ba:2d:ba:7a:43:40:0e:ee:78:95:10:
         0b:cf:2a:6a:5a:c2:93:74:73:97:09:02:3f:53:33:24:22:86:
         c4:13:25:d7:93:4a:5e:68:50:14:53:7f:9b:19:df:90:aa:0e:
         4b:d5:9d:27:d2:4b:9f:e6:81:46:2f:54:61:86:ee:4d:a6:3e:
         8a:f6:08:19
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUE/kk/iTVvCE88WHjZw/Pg6MQw8YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAwMThaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDBmZjRhYjYwMWU0YTI2M2IwMmQ0OTk5MjU2MDgxZWFlZTg0NGNiMjliOWIx
ZmFlNDc5NmQ0YTU0NWNiNzMxYjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ5P3+OosJJLHWrrJOfND3eNMaoIs1k5wejLvGOF/4uv+6/nCvWkpG0TilOv
A5BdRRpKEs2JLUcP6WsBV/+969ksXSMAC6UWfpU/TnkYc7YzEWa3GHHzbfcmtgs+
+auB8BgvM+D4JA2T2oEXHJsONkCjG5u4N2jqltRDC+CbVWyY33o2KPuy+PlMqDZ1
iKrNtS1Dg2AHGXJ0wyZfDro1pkoECZ0tmIKHX/tNnTJbYlLAD2TavQyi8g2qgXQ2
28jkxLdNaJczkj3WROPZ8rGkuT4+3uLkbctJB7MCVyz9dvtM2gJlIJqCrpvO+NRf
raAK4IWkwOx5/8Zo9Ft+jgdrM8MCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRcKVpE
qDVnIko9iMktMGfT+RHMRjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmM2ODgxYmQtMTBmYy00OTk0LTgzZmUtNDMyNDRkMmIwNzhhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBC6JUDAN
BgkqhkiG9w0BAQsFAAOCAQEATg1qUMAI62QkR1JvAzoRmPkLsRKVPn+mtjK+N91B
mFQZ0vEESUlZLhRC4Qqip4oSI0z0zFXyCQBJ0gJWICLZLAR2H0uHVuGv4eFyPGfS
+PpieA4b1/XJ9bkB6gEbvOfv7jl32YTKfUwbMAJSq/aEBY8/0cf0ulaLymO2BIzu
0+WINZ767q/kFbFCvVNAmrvYDLrpmJZ+ntc6EWlIKSjCzFBYkr3X3WVS8rZdc6S9
od9kiofC5yEJkEKQJLotunpDQA7ueJUQC88qalrCk3RzlwkCP1MzJCKGxBMl15NK
XmhQFFN/mxnfkKoOS9WdJ9JLn+aBRi9UYYbuTaY+ivYIGQ==
-----END CERTIFICATE-----