Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/37b584fa-f648-4a07-9cbd-40bfef4a0b2f.roa
File:                     37b584fa-f648-4a07-9cbd-40bfef4a0b2f.roa (raw, json)
Hash identifier:          GJtBddsz01+DdB4xQrbeNYqG4MBVfGw7XYr0R3ZsPcg=
Subject key identifier:   2C:D6:0E:79:6E:D9:C6:58:A6:5A:72:2F:32:67:56:0E:D5:06:AD:F8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       06D0F554C16608313A7330B1F7AC957AD670FDB3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/37b584fa-f648-4a07-9cbd-40bfef4a0b2f.roa
Signing time:             Tue 01 Apr 2025 15:01:02 +0000
ROA not before:           Tue 01 Apr 2025 15:01:02 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        185.48.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:d0:f5:54:c1:66:08:31:3a:73:30:b1:f7:ac:95:7a:d6:70:fd:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  1 15:01:02 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:18:b4:ce:2d:1e:15:ff:03:6d:92:e5:eb:80:
                    98:6f:0b:0a:c8:34:6f:97:03:8f:36:ba:a3:62:19:
                    ee:18:cc:70:4d:03:84:3c:80:77:48:54:43:5d:ef:
                    2d:b2:7e:e3:e7:22:6a:82:f4:af:41:a9:d6:60:a2:
                    aa:f7:bd:09:b8:dc:0a:a9:3b:85:35:ee:07:4c:29:
                    22:9c:df:39:b6:48:14:ba:42:7a:a1:62:e7:ba:b4:
                    f0:ed:5a:61:e1:35:d3:2d:1b:04:a9:8e:25:cf:f9:
                    e7:97:34:3e:ba:ba:a6:98:0d:21:96:98:ca:a4:42:
                    10:ec:d7:8e:44:3f:94:74:a0:6a:86:75:08:20:53:
                    03:d1:ae:ac:b9:d3:51:45:05:cc:44:8f:f2:aa:bd:
                    7c:eb:08:ce:96:71:5e:ab:bb:af:dc:ff:28:b5:00:
                    1f:43:d5:68:5d:88:7c:ff:e8:45:c2:33:75:87:26:
                    db:db:a8:05:38:80:99:59:b1:bb:7e:3e:ed:2e:ef:
                    f2:92:0c:94:2f:5f:18:29:a3:19:0c:1c:76:e5:fc:
                    08:1f:35:e7:eb:d4:0f:09:8e:69:7c:3a:31:3d:db:
                    58:11:57:a5:d2:89:8b:83:eb:94:3b:da:f2:e3:93:
                    80:89:a6:33:04:f7:e5:84:36:c7:c6:d4:a1:f1:d2:
                    98:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:D6:0E:79:6E:D9:C6:58:A6:5A:72:2F:32:67:56:0E:D5:06:AD:F8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/37b584fa-f648-4a07-9cbd-40bfef4a0b2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:3f:cf:9a:8f:16:bf:b5:1b:18:96:65:3c:a3:7f:8a:46:3b:
         fe:88:35:69:a0:b0:3e:f5:dd:15:5f:ef:f0:1a:d3:d6:c9:cc:
         0c:85:a8:ef:03:f2:26:94:57:32:9b:91:66:37:a7:3c:93:46:
         d6:a3:6b:04:a8:ec:24:da:11:df:2b:cc:31:d8:ae:06:c2:4f:
         ad:61:22:12:4f:8d:b4:02:a7:f2:0b:5f:c8:39:a5:62:f5:06:
         4e:7c:07:be:e5:29:c0:37:4b:2f:b4:71:7d:d7:87:e6:a2:35:
         19:13:77:91:e7:0c:37:d4:76:dd:d0:6f:01:f5:39:d5:5c:4b:
         84:9a:5e:34:61:17:c6:74:0b:6e:a0:30:ac:2b:9e:fd:2e:b4:
         41:d8:d9:5a:da:04:a5:0a:dd:81:76:16:21:e7:bf:08:c7:47:
         99:1c:8a:2b:cc:6e:4d:c4:ca:50:d3:1b:bb:47:10:9f:59:dd:
         87:5d:6f:0b:88:50:86:45:7b:43:88:03:28:95:20:bd:70:fe:
         15:c8:e6:8f:2e:f1:7b:40:ee:4d:d4:ed:f9:13:4d:ba:6e:3b:
         0e:dd:4d:50:65:b6:b5:50:ab:eb:f2:aa:52:63:d2:1b:b2:de:
         aa:25:60:fb:2f:f3:24:76:4b:60:02:86:82:26:4d:eb:ca:95:
         2f:1b:99:f4
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUBtD1VMFmCDE6czCx96yVetZw/bMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAxMDJaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGJjNTRiOWVkYzBkNzY1MTIyMmI3Zjg0NDQxYWM2NDYyYWY4Mzk4ZWRjZGY2
YTI0NzgxNWVlODUyMjBlYjY3ZTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOoYtM4tHhX/A22S5euAmG8LCsg0b5cDjza6o2IZ7hjMcE0DhDyAd0hUQ13v
LbJ+4+ciaoL0r0Gp1mCiqve9CbjcCqk7hTXuB0wpIpzfObZIFLpCeqFi57q08O1a
YeE10y0bBKmOJc/555c0Prq6ppgNIZaYyqRCEOzXjkQ/lHSgaoZ1CCBTA9GurLnT
UUUFzESP8qq9fOsIzpZxXqu7r9z/KLUAH0PVaF2IfP/oRcIzdYcm29uoBTiAmVmx
u34+7S7v8pIMlC9fGCmjGQwcduX8CB815+vUDwmOaXw6MT3bWBFXpdKJi4PrlDva
8uOTgImmMwT35YQ2x8bUofHSmCcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQs1g55
btnGWKZaci8yZ1YO1Qat+DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzdiNTg0ZmEtZjY0OC00YTA3LTljYmQtNDBiZmVmNGEwYjJmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArkweDAN
BgkqhkiG9w0BAQsFAAOCAQEAUj/Pmo8Wv7UbGJZlPKN/ikY7/og1aaCwPvXdFV/v
8BrT1snMDIWo7wPyJpRXMpuRZjenPJNG1qNrBKjsJNoR3yvMMdiuBsJPrWEiEk+N
tAKn8gtfyDmlYvUGTnwHvuUpwDdLL7RxfdeH5qI1GRN3kecMN9R23dBvAfU51VxL
hJpeNGEXxnQLbqAwrCue/S60QdjZWtoEpQrdgXYWIee/CMdHmRyKK8xuTcTKUNMb
u0cQn1ndh11vC4hQhkV7Q4gDKJUgvXD+Fcjmjy7xe0DuTdTt+RNNum47Dt1NUGW2
tVCr6/KqUmPSG7LeqiVg+y/zJHZLYAKGgiZN68qVLxuZ9A==
-----END CERTIFICATE-----