Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5326a6e7-9660-4ae8-a80a-996863be862e.roa
File:                     5326a6e7-9660-4ae8-a80a-996863be862e.roa (raw, json)
Hash identifier:          I+SeziQxZnu7pUIqnq4to0GcpjXR/hUQVbezvelGU/4=
Subject key identifier:   51:F9:D2:D5:A6:7F:0D:3E:03:2D:7F:D9:B0:31:3B:6E:DD:E0:C4:28
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       15441B92FD39AB47C644F2D2D00E466105974947
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5326a6e7-9660-4ae8-a80a-996863be862e.roa
Signing time:             Tue 01 Apr 2025 15:00:37 +0000
ROA not before:           Tue 01 Apr 2025 15:00:37 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.64.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:44:1b:92:fd:39:ab:47:c6:44:f2:d2:d0:0e:46:61:05:97:49:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  1 15:00:37 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:51:48:f9:21:83:bf:de:42:e9:43:a2:e9:0c:
                    68:ee:05:3f:4b:44:ff:66:ab:b5:ba:22:9e:73:20:
                    cd:2a:40:c6:b5:b4:00:e0:3e:6b:4b:18:7c:5d:67:
                    86:ad:35:b6:55:26:e5:c8:d9:8e:68:50:c3:33:77:
                    78:85:a5:e5:60:17:70:6b:38:78:20:35:f3:72:94:
                    15:f6:b8:06:cc:7f:5f:c7:9b:dc:8a:53:43:8a:1f:
                    b7:19:d2:d1:4c:4c:26:a2:90:cb:6c:b7:bf:e5:fe:
                    1c:f0:30:cc:ee:c2:f6:68:01:48:dc:bb:53:4c:71:
                    b5:8f:c7:59:fb:ce:3b:52:a8:df:f5:11:2d:86:d7:
                    6e:98:76:68:22:31:03:dc:d3:d9:8b:33:5f:da:f9:
                    86:82:5f:ed:cc:69:2b:7f:81:1d:53:67:76:4f:84:
                    43:99:d7:c4:ff:36:61:a6:97:a6:29:c2:72:f7:11:
                    3d:63:69:e3:e2:8e:f9:0c:c9:7f:98:3a:51:ef:db:
                    0e:a6:98:94:b3:8a:49:b6:b3:81:c3:4d:9b:01:21:
                    ec:e8:ce:e8:b0:10:48:d7:52:3b:be:cf:4f:3c:68:
                    be:6c:e1:43:f2:91:19:29:62:e6:0f:8f:64:c5:2a:
                    fe:ee:f0:dc:90:7a:b4:18:07:35:92:2f:11:34:c6:
                    86:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:F9:D2:D5:A6:7F:0D:3E:03:2D:7F:D9:B0:31:3B:6E:DD:E0:C4:28
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5326a6e7-9660-4ae8-a80a-996863be862e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         46:da:51:0d:82:64:e8:9a:a8:8f:b7:33:44:fd:f8:a6:cc:1d:
         34:ed:81:72:2e:50:eb:ee:43:13:50:e9:2f:ca:4b:9f:58:08:
         9b:31:55:66:22:c2:9f:47:80:92:b3:b6:4f:87:c2:fd:07:37:
         63:05:f2:b5:b9:5f:84:c7:f0:63:ff:2d:fa:ac:8c:a6:5c:27:
         f6:70:3e:f8:09:f8:6b:87:4a:7f:03:c6:5f:2d:bc:32:d5:65:
         55:a4:5d:01:ef:f8:b3:5f:03:4e:97:d4:48:07:d8:48:46:81:
         23:86:70:f5:f6:12:91:2a:3c:ca:d3:ac:6b:08:5d:b0:27:16:
         e6:d5:f2:f1:7f:6c:00:43:09:9a:7e:8d:fe:7f:9b:17:b7:b2:
         a0:35:98:18:5d:bb:2f:c1:4a:d0:3b:3c:d2:f8:40:0d:c8:86:
         bd:82:b2:f8:17:63:e8:94:ea:d5:ca:ea:03:09:29:57:5f:31:
         c5:5c:0a:87:1d:4f:7d:bc:ca:a5:20:5f:a2:22:22:05:06:66:
         79:45:ee:23:b9:0c:a8:6e:e4:78:1d:d8:6f:67:6f:59:c6:cc:
         88:e3:ef:ea:ea:1c:bc:5d:7e:ef:8f:62:a2:fb:7b:4c:a5:9a:
         50:78:81:5c:66:02:d1:8e:9e:2d:1e:9d:cd:a0:96:b0:8b:f2:
         34:51:d7:66
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUFUQbkv05q0fGRPLS0A5GYQWXSUcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAwMzdaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDNhZDE1MWFmZjAyOTY1MjQ1ZTkyZTQxMGE0YTU4ZDJhYmZkZTVhNGQyNGI5
NjNhNmQ4MzU5OTBiODYzMmY1ZDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIpRSPkhg7/eQulDoukMaO4FP0tE/2artboinnMgzSpAxrW0AOA+a0sYfF1n
hq01tlUm5cjZjmhQwzN3eIWl5WAXcGs4eCA183KUFfa4Bsx/X8eb3IpTQ4oftxnS
0UxMJqKQy2y3v+X+HPAwzO7C9mgBSNy7U0xxtY/HWfvOO1Ko3/URLYbXbph2aCIx
A9zT2YszX9r5hoJf7cxpK3+BHVNndk+EQ5nXxP82YaaXpinCcvcRPWNp4+KO+QzJ
f5g6Ue/bDqaYlLOKSbazgcNNmwEh7OjO6LAQSNdSO77PTzxovmzhQ/KRGSli5g+P
ZMUq/u7w3JB6tBgHNZIvETTGhtcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRR+dLV
pn8NPgMtf9mwMTtu3eDEKDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTMyNmE2ZTctOTY2MC00YWU4LWE4MGEtOTk2ODYzYmU4NjJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBU99QDAN
BgkqhkiG9w0BAQsFAAOCAQEARtpRDYJk6Jqoj7czRP34pswdNO2Bci5Q6+5DE1Dp
L8pLn1gImzFVZiLCn0eAkrO2T4fC/Qc3YwXytblfhMfwY/8t+qyMplwn9nA++An4
a4dKfwPGXy28MtVlVaRdAe/4s18DTpfUSAfYSEaBI4Zw9fYSkSo8ytOsawhdsCcW
5tXy8X9sAEMJmn6N/n+bF7eyoDWYGF27L8FK0Ds80vhADciGvYKy+Bdj6JTq1crq
AwkpV18xxVwKhx1PfbzKpSBfoiIiBQZmeUXuI7kMqG7keB3Yb2dvWcbMiOPv6uoc
vF1+749iovt7TKWaUHiBXGYC0Y6eLR6dzaCWsIvyNFHXZg==
-----END CERTIFICATE-----