Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/65fd1736-b3cd-4b5b-abca-9d430a70e064.roa
File:                     65fd1736-b3cd-4b5b-abca-9d430a70e064.roa (raw, json)
Hash identifier:          hTb0FwxU55MaT/U/748ymknGPdldKMK41ZkBSTlGck8=
Subject key identifier:   B1:51:9F:B9:DB:5B:52:9A:19:E8:C7:89:64:DB:95:0F:8A:F9:2A:44
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       41132607F7C80E353FFD4D2DFB70AF51AED2C201
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/65fd1736-b3cd-4b5b-abca-9d430a70e064.roa
Signing time:             Fri 21 Mar 2025 15:01:32 +0000
ROA not before:           Fri 21 Mar 2025 15:01:32 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:13:26:07:f7:c8:0e:35:3f:fd:4d:2d:fb:70:af:51:ae:d2:c2:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:01:32 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ba:0e:35:a3:bc:10:28:b6:c4:82:95:93:89:
                    91:ea:74:8c:a1:67:5f:16:72:0f:34:db:78:38:33:
                    7e:18:ec:7a:cd:11:54:96:c1:73:4a:78:f7:28:16:
                    a1:57:52:9c:f8:b6:f4:50:59:61:45:7d:96:34:9b:
                    51:76:d1:18:5b:47:8c:8b:d2:56:d3:b4:34:af:94:
                    f3:ef:ac:c8:0d:2e:a1:82:06:6d:e9:2f:eb:73:34:
                    4e:cb:5c:99:d6:2a:9a:a2:7f:28:65:54:0c:99:d7:
                    e8:89:9c:de:50:fa:16:39:27:2c:37:22:f3:db:c4:
                    ca:74:81:e4:7b:92:ca:04:50:7b:cc:d2:b1:aa:f5:
                    74:49:0f:ed:a2:d3:49:14:60:51:a3:c7:70:fb:3d:
                    95:6b:b1:3c:7d:ba:a9:9a:fc:4a:11:f8:9d:0e:55:
                    c5:6e:ad:42:03:fb:56:5d:16:d1:61:a5:ee:25:e5:
                    0a:82:34:88:ea:61:ef:0b:41:d8:53:be:91:e1:88:
                    26:bd:4b:21:11:5e:c4:61:d5:90:51:17:03:e2:ac:
                    13:24:fb:e5:4a:6e:aa:d2:aa:a1:4d:4c:d7:bb:3c:
                    62:f8:ab:3e:46:2b:de:7c:5e:67:74:46:2d:62:07:
                    30:71:5a:36:f3:0f:2c:6f:81:c0:bd:32:e1:78:f6:
                    a2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:51:9F:B9:DB:5B:52:9A:19:E8:C7:89:64:DB:95:0F:8A:F9:2A:44
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/65fd1736-b3cd-4b5b-abca-9d430a70e064.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         a8:19:76:35:af:38:d3:44:a3:2e:0a:99:05:4e:e0:85:e6:b9:
         12:d6:7c:97:02:f8:3a:c9:a8:73:3c:ec:2e:eb:82:19:2e:70:
         e4:37:d2:8e:7c:2f:5f:c9:9e:36:78:2c:83:2e:38:87:20:e7:
         28:e8:c3:eb:b5:28:17:c1:81:96:16:19:36:6e:44:9a:8c:bf:
         25:ca:f1:5e:0f:3a:f9:f7:c2:68:cb:89:5d:8e:a7:0f:53:13:
         16:13:18:e2:b4:30:7d:fb:df:38:86:28:b1:1f:f7:78:44:a6:
         32:27:bd:d6:16:33:26:43:8b:20:12:9d:65:98:a6:af:03:c9:
         b0:a8:47:12:fe:df:aa:c2:e0:4e:22:c3:57:9d:08:73:ce:d0:
         4a:11:ee:2c:0e:0b:67:2f:a6:7a:0f:5d:4e:17:04:32:aa:24:
         42:36:a9:1f:4e:2f:68:22:e5:33:bf:72:d8:80:fc:0d:f9:2e:
         50:03:35:00:8a:6c:ff:1a:2e:21:84:06:fd:1b:99:c9:3d:3a:
         01:8e:5d:1b:cd:15:81:24:8b:96:17:b0:ba:a7:30:58:1c:20:
         fc:03:35:88:17:84:5a:62:ff:46:3d:38:7e:80:8e:88:c9:9d:
         d5:5b:83:cf:ba:a7:1d:39:61:94:52:b8:3c:e9:0d:fc:3e:78:
         78:de:1e:76
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQRMmB/fIDjU//U0t+3CvUa7SwgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAxMzJaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5MDhkMWM1MmM2OTcwMDViYjFmZjQwMmIyNzdjNDllOWUyYTJiZjEyYjRk
MWRjZDA2ZWE1ZjMxYWVmZDgzZDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKm6DjWjvBAotsSClZOJkep0jKFnXxZyDzTbeDgzfhjses0RVJbBc0p49ygW
oVdSnPi29FBZYUV9ljSbUXbRGFtHjIvSVtO0NK+U8++syA0uoYIGbekv63M0Tstc
mdYqmqJ/KGVUDJnX6Imc3lD6FjknLDci89vEynSB5HuSygRQe8zSsar1dEkP7aLT
SRRgUaPHcPs9lWuxPH26qZr8ShH4nQ5VxW6tQgP7Vl0W0WGl7iXlCoI0iOph7wtB
2FO+keGIJr1LIRFexGHVkFEXA+KsEyT75UpuqtKqoU1M17s8YvirPkYr3nxeZ3RG
LWIHMHFaNvMPLG+BwL0y4Xj2ot8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSxUZ+5
21tSmhnox4lk25UPivkqRDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjVmZDE3MzYtYjNjZC00YjViLWFiY2EtOWQ0MzBhNzBlMDY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBrAiwDAN
BgkqhkiG9w0BAQsFAAOCAQEAqBl2Na8400SjLgqZBU7ghea5EtZ8lwL4Osmoczzs
LuuCGS5w5DfSjnwvX8meNngsgy44hyDnKOjD67UoF8GBlhYZNm5Emoy/JcrxXg86
+ffCaMuJXY6nD1MTFhMY4rQwffvfOIYosR/3eESmMie91hYzJkOLIBKdZZimrwPJ
sKhHEv7fqsLgTiLDV50Ic87QShHuLA4LZy+meg9dThcEMqokQjapH04vaCLlM79y
2ID8DfkuUAM1AIps/xouIYQG/RuZyT06AY5dG80VgSSLlhewuqcwWBwg/AM1iBeE
WmL/Rj04foCOiMmd1VuDz7qnHTlhlFK4POkN/D54eN4edg==
-----END CERTIFICATE-----