Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dd31163-2ad7-49f5-a24d-2ea4170bb05f.roa
File:                     4dd31163-2ad7-49f5-a24d-2ea4170bb05f.roa (raw, json)
Hash identifier:          8xHDsLpB8JhPnQrPF0j54xmn7uwAq3SWX6S0KRZxj4c=
Subject key identifier:   8B:C4:D1:69:34:CB:D0:E1:95:2F:93:2E:AF:81:04:38:B2:03:C6:49
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7B36BDFACA361C6657E76C8DA96C99B634BA595C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dd31163-2ad7-49f5-a24d-2ea4170bb05f.roa
Signing time:             Tue 18 Mar 2025 17:00:11 +0000
ROA not before:           Tue 18 Mar 2025 17:00:11 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:36:bd:fa:ca:36:1c:66:57:e7:6c:8d:a9:6c:99:b6:34:ba:59:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:00:11 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:93:3b:28:34:c4:58:1f:e9:8f:37:ef:a3:5b:
                    7f:7b:6f:78:ae:b7:e4:41:62:60:d8:5c:a6:cb:90:
                    ca:2b:44:a8:be:48:49:2a:ae:b1:a3:56:b1:0f:46:
                    18:37:5f:a5:17:55:98:a5:5a:35:05:92:b7:ef:f6:
                    04:12:81:f8:29:d5:90:4a:2f:95:d1:d0:e3:89:0a:
                    a7:b1:67:a2:d8:a1:56:18:9f:bb:c8:f9:c2:ba:f2:
                    7c:a2:09:41:e9:e8:45:80:5d:79:b5:a1:26:f6:f7:
                    b2:b5:e2:f2:45:36:e4:ac:29:f9:d9:ac:90:9a:c8:
                    e0:6d:1b:10:81:88:6c:cd:f2:72:de:f7:00:af:a8:
                    1c:ae:c4:92:80:f2:5d:7d:2c:96:ce:25:4d:27:77:
                    e0:1a:af:0b:88:a1:9c:46:46:b6:b1:7e:e4:66:2c:
                    c9:9b:0b:90:23:b6:0f:12:3e:a5:a2:75:e0:bb:19:
                    25:db:36:0f:f8:1a:11:1a:69:3d:74:cc:d5:f3:5d:
                    2d:df:bf:f9:5e:73:34:99:f8:c9:72:b2:b1:0a:32:
                    99:cf:2d:e5:d3:3a:b6:c7:01:fa:ec:db:95:11:50:
                    6b:83:c6:2e:4a:eb:a9:75:80:53:d1:b6:a1:a4:b5:
                    33:6b:7d:61:3f:a4:2a:42:94:cf:e4:eb:76:29:01:
                    c0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C4:D1:69:34:CB:D0:E1:95:2F:93:2E:AF:81:04:38:B2:03:C6:49
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dd31163-2ad7-49f5-a24d-2ea4170bb05f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         45:f8:39:6e:d9:65:17:61:64:fe:36:59:be:68:58:99:2e:d2:
         37:a0:b0:e5:0b:78:b5:4b:11:aa:0d:f6:0f:f2:b1:88:98:53:
         62:c0:f5:dd:61:6a:13:b7:da:e0:00:c0:c8:78:34:4d:78:0c:
         4a:7b:88:9c:c9:df:61:4f:1a:9e:bd:07:53:98:6b:8e:1d:0f:
         dd:c1:e8:e3:10:eb:72:43:23:9e:c0:77:de:0d:1c:a7:98:86:
         0d:49:9e:b3:ae:66:7f:7c:3f:97:eb:a1:7c:fe:bf:28:3d:e0:
         57:a5:8c:b4:31:05:f8:44:b8:75:f4:4c:b8:63:f3:29:18:f8:
         2f:94:bf:d9:d8:87:51:c2:89:cf:ac:e0:09:c7:9d:1b:e7:78:
         a9:6f:d4:db:7f:fb:23:cd:e9:8f:ab:8f:c0:80:20:52:b7:55:
         bd:7b:10:93:86:a6:8f:58:a0:ee:6f:c4:70:e3:72:d2:19:9a:
         2e:22:97:28:54:d8:57:8a:25:a5:8b:51:e0:e6:e4:e0:dc:b1:
         40:07:c1:fc:30:d1:3b:1a:03:03:68:2e:05:7d:73:f8:82:58:
         4b:e5:5e:04:80:ad:5e:b8:c5:c1:ed:6a:a9:46:19:26:60:f8:
         aa:10:52:ce:b1:16:e4:1e:c2:b2:70:af:1b:3e:d9:13:42:43:
         fe:d7:1c:a0
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUeza9+so2HGZX52yNqWyZtjS6WVwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAwMTFaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlZTAzNDRiZDA5MDI3NjY4NWFjZmU2ZDk4YzQ4NDBkNWU4MjgxODNhZmEz
ZDhiNGViNzE2ZDgxZjcwNDg2ZmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKqTOyg0xFgf6Y8376Nbf3tveK635EFiYNhcpsuQyitEqL5ISSqusaNWsQ9G
GDdfpRdVmKVaNQWSt+/2BBKB+CnVkEovldHQ44kKp7FnotihVhifu8j5wrryfKIJ
QenoRYBdebWhJvb3srXi8kU25Kwp+dmskJrI4G0bEIGIbM3yct73AK+oHK7EkoDy
XX0sls4lTSd34BqvC4ihnEZGtrF+5GYsyZsLkCO2DxI+paJ14LsZJds2D/gaERpp
PXTM1fNdLd+/+V5zNJn4yXKysQoymc8t5dM6tscB+uzblRFQa4PGLkrrqXWAU9G2
oaS1M2t9YT+kKkKUz+TrdikBwJ0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSLxNFp
NMvQ4ZUvky6vgQQ4sgPGSTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGRkMzExNjMtMmFkNy00OWY1LWEyNGQtMmVhNDE3MGJiMDVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBC6J8DAN
BgkqhkiG9w0BAQsFAAOCAQEARfg5btllF2Fk/jZZvmhYmS7SN6Cw5Qt4tUsRqg32
D/KxiJhTYsD13WFqE7fa4ADAyHg0TXgMSnuInMnfYU8anr0HU5hrjh0P3cHo4xDr
ckMjnsB33g0cp5iGDUmes65mf3w/l+uhfP6/KD3gV6WMtDEF+ES4dfRMuGPzKRj4
L5S/2diHUcKJz6zgCcedG+d4qW/U23/7I83pj6uPwIAgUrdVvXsQk4amj1ig7m/E
cONy0hmaLiKXKFTYV4olpYtR4Obk4NyxQAfB/DDROxoDA2guBX1z+IJYS+VeBICt
XrjFwe1qqUYZJmD4qhBSzrEW5B7CsnCvGz7ZE0JD/tccoA==
-----END CERTIFICATE-----