Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c89eb14-e34b-4729-9b6f-b536e1e06692.roa
File:                     3c89eb14-e34b-4729-9b6f-b536e1e06692.roa (raw, json)
Hash identifier:          rOB/LVYIg3HPeYZXIGR4XEkDTL7y/cjVpRVcC5qyn7o=
Subject key identifier:   18:D3:1E:C4:9E:0C:81:7B:2A:19:81:16:21:08:2A:F0:EB:EB:0B:9D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       676F81AFFB472C7171077A9DF929BFAA41D66B45
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c89eb14-e34b-4729-9b6f-b536e1e06692.roa
Signing time:             Fri 21 Mar 2025 15:01:03 +0000
ROA not before:           Fri 21 Mar 2025 15:01:03 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.32.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:6f:81:af:fb:47:2c:71:71:07:7a:9d:f9:29:bf:aa:41:d6:6b:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:01:03 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:8a:68:36:82:fd:16:e5:db:33:c3:d3:ad:0c:
                    08:d4:6d:b4:a2:2e:75:cb:7f:49:33:de:a6:94:52:
                    7c:ff:99:16:aa:fc:46:8a:fc:96:48:3b:2c:f0:6b:
                    21:46:13:27:5c:00:25:f3:8b:49:59:8b:61:93:60:
                    41:88:b6:cd:36:48:56:07:f3:11:c6:e7:80:c5:ca:
                    64:bc:a9:02:2d:e9:ad:aa:d5:6a:43:a0:07:ca:c8:
                    65:d6:bf:47:7c:db:d0:10:59:7b:8e:ca:fa:1c:a6:
                    86:b0:25:27:4e:b0:d6:1d:f1:83:85:88:58:30:71:
                    40:4e:31:10:55:26:bb:f8:bb:56:26:6f:28:a7:07:
                    1f:12:39:bd:1b:fd:42:c8:16:4f:fd:9f:97:ff:84:
                    a1:ae:83:ff:4c:14:5e:58:c6:df:3b:bf:2e:4e:93:
                    a8:96:b6:27:21:d7:f8:59:4f:90:0d:62:21:89:a9:
                    41:8c:46:0b:0a:78:04:fe:c2:af:9b:b0:f1:80:5e:
                    c9:40:b9:fc:e7:97:5a:c4:68:de:0f:8d:43:2c:33:
                    3c:2d:f5:e8:54:ee:52:0d:9c:33:eb:c7:c5:5a:5c:
                    41:e0:d6:cb:73:97:e6:75:5a:3a:12:9a:42:93:dc:
                    e2:84:6b:71:0a:a4:50:0d:26:6e:31:95:09:5d:06:
                    79:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D3:1E:C4:9E:0C:81:7B:2A:19:81:16:21:08:2A:F0:EB:EB:0B:9D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c89eb14-e34b-4729-9b6f-b536e1e06692.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4e:99:74:f6:6d:d2:31:ec:8d:e4:99:89:1f:74:82:f1:00:94:
         17:c6:3c:d9:93:76:97:eb:1c:78:1a:01:a1:a3:1c:59:4b:3c:
         95:21:cf:bc:af:69:12:4e:0f:63:1e:fb:08:e8:7a:a3:e0:6b:
         d1:cf:93:a8:65:fb:65:40:b6:66:4f:b7:a2:0d:ac:55:45:02:
         30:2a:92:89:71:14:66:0e:d1:12:c5:f4:4e:5c:1a:93:3f:2e:
         8f:0e:8a:75:ec:23:bd:93:8d:ee:94:aa:25:a0:fc:76:99:70:
         37:09:10:45:e4:56:47:b4:5b:a6:3c:08:d6:61:da:82:83:e6:
         76:01:3f:79:e2:d9:d6:4f:1f:5e:30:af:1f:3c:dd:09:61:bf:
         c8:78:e8:6c:f4:bf:5f:65:ef:f7:9d:aa:ed:4d:b7:2b:a9:8d:
         62:07:77:22:9d:7f:8d:57:f4:89:d8:a1:2d:4f:86:b2:91:51:
         84:1a:1c:d7:78:dd:f6:aa:74:6c:fb:31:5b:29:d1:1d:b9:d1:
         70:3b:66:f4:6a:6a:f0:ef:9c:80:0e:9b:a9:bb:18:20:10:e5:
         b6:92:93:fb:3e:55:c3:dd:ec:f3:f4:68:09:ea:f1:20:9b:02:
         84:a1:ae:1c:34:65:79:86:90:25:43:ed:e7:df:0e:7b:b1:c7:
         bf:cd:6b:91
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUZ2+Br/tHLHFxB3qd+Sm/qkHWa0UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAxMDNaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDI5ZDJiMGQ0MWU5OGIwMmVlNjkyMDcyODY0YzBmYTRlMDI5NzkyZjI5Yzkz
MTA0ZDQ3OWJmODI3NmUzYzA0MTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOOKaDaC/Rbl2zPD060MCNRttKIudct/STPeppRSfP+ZFqr8Ror8lkg7LPBr
IUYTJ1wAJfOLSVmLYZNgQYi2zTZIVgfzEcbngMXKZLypAi3prarVakOgB8rIZda/
R3zb0BBZe47K+hymhrAlJ06w1h3xg4WIWDBxQE4xEFUmu/i7ViZvKKcHHxI5vRv9
QsgWT/2fl/+Eoa6D/0wUXljG3zu/Lk6TqJa2JyHX+FlPkA1iIYmpQYxGCwp4BP7C
r5uw8YBeyUC5/OeXWsRo3g+NQywzPC316FTuUg2cM+vHxVpcQeDWy3OX5nVaOhKa
QpPc4oRrcQqkUA0mbjGVCV0GecsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQY0x7E
ngyBeyoZgRYhCCrw6+sLnTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2M4OWViMTQtZTM0Yi00NzI5LTliNmYtYjUzNmUxZTA2NjkyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7AiIDAN
BgkqhkiG9w0BAQsFAAOCAQEATpl09m3SMeyN5JmJH3SC8QCUF8Y82ZN2l+sceBoB
oaMcWUs8lSHPvK9pEk4PYx77COh6o+Br0c+TqGX7ZUC2Zk+3og2sVUUCMCqSiXEU
Zg7REsX0Tlwakz8ujw6KdewjvZON7pSqJaD8dplwNwkQReRWR7RbpjwI1mHagoPm
dgE/eeLZ1k8fXjCvHzzdCWG/yHjobPS/X2Xv952q7U23K6mNYgd3Ip1/jVf0idih
LU+GspFRhBoc13jd9qp0bPsxWynRHbnRcDtm9Gpq8O+cgA6bqbsYIBDltpKT+z5V
w93s8/RoCerxIJsChKGuHDRleYaQJUPt598Oe7HHv81rkQ==
-----END CERTIFICATE-----