Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68677111-f27d-417a-8b43-a65f84482997.roa
File:                     68677111-f27d-417a-8b43-a65f84482997.roa (raw, json)
Hash identifier:          dwfyatohlMyqJkl8quXaLz4+4C1VQdur+0krb9FYfqY=
Subject key identifier:   85:D3:BF:DC:1A:62:92:3D:7D:31:AB:42:92:EB:8B:7B:57:34:67:4D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2F63A578379A9850F2C95F14E4F53C9073742B16
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68677111-f27d-417a-8b43-a65f84482997.roa
Signing time:             Tue 18 Mar 2025 17:01:02 +0000
ROA not before:           Tue 18 Mar 2025 17:01:02 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.192.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:63:a5:78:37:9a:98:50:f2:c9:5f:14:e4:f5:3c:90:73:74:2b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:01:02 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8c:79:2a:f4:fa:5b:a6:9a:d2:16:08:0d:0e:
                    ad:24:5d:fd:df:5a:0a:aa:71:a0:99:f1:4b:bf:42:
                    46:4c:0d:41:45:57:ae:f1:ee:56:7d:c6:9d:2a:5e:
                    af:03:5f:e1:68:02:dc:8e:49:b4:b3:07:db:c0:af:
                    ab:16:14:5b:e8:9a:a9:34:65:53:2d:8b:53:4f:86:
                    d6:58:6b:78:02:91:8a:c3:0f:41:54:d4:c2:fb:8b:
                    c8:ae:63:34:ac:62:6e:87:77:6b:ae:9e:c1:d3:9b:
                    de:c1:ff:4e:b8:1f:3d:f1:40:1c:50:5f:5b:f0:d8:
                    a4:48:c0:95:34:df:c5:77:f0:27:8f:af:58:1b:11:
                    33:47:d3:c8:6a:29:c4:a7:a2:ba:ad:d5:2f:f3:a4:
                    9a:8f:a9:53:1e:8b:9f:56:9f:33:f3:60:49:ea:cd:
                    fe:b4:92:e4:7c:46:1e:5a:ab:11:c2:e8:ab:f0:9e:
                    7c:cc:3d:22:5b:4c:7b:b9:cd:43:23:f1:92:89:bd:
                    51:9d:0a:37:50:ea:57:63:05:f1:b3:e9:aa:1d:2f:
                    bb:88:1c:20:22:57:3c:0b:1c:4b:4a:7f:47:cb:27:
                    0f:26:d7:0b:64:17:c5:90:d1:88:0b:05:6d:20:05:
                    2d:20:24:0e:a0:86:36:b3:8c:28:29:99:b8:89:36:
                    3f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D3:BF:DC:1A:62:92:3D:7D:31:AB:42:92:EB:8B:7B:57:34:67:4D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68677111-f27d-417a-8b43-a65f84482997.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         91:87:69:68:60:45:a4:83:3d:8e:78:60:e7:16:c0:9f:a4:69:
         c7:92:43:9e:80:d7:33:07:cf:e1:2f:41:11:74:e4:0b:88:23:
         ee:a1:40:6b:47:51:30:6c:57:94:6f:91:2f:85:d1:71:eb:0c:
         bd:6b:25:9c:69:97:a1:f2:e2:db:61:ea:15:df:cd:b4:ea:0b:
         7e:01:f4:fd:d5:69:9b:62:d3:ae:79:c8:27:0a:ad:44:8f:41:
         b6:1e:80:8f:b7:9c:72:2b:47:9f:0b:3b:ac:1c:f5:a6:bb:63:
         38:3d:5a:c5:22:5b:5f:bb:42:86:16:88:b0:fd:c2:e1:28:d8:
         54:62:03:d3:ff:54:46:66:ee:1d:9b:81:1a:3a:01:a1:a9:64:
         2f:fd:8c:bb:e0:03:8b:52:43:08:11:8a:42:1c:95:86:15:b3:
         23:29:87:a4:ab:89:68:67:48:fa:5d:d4:7a:bc:95:d3:02:b5:
         0a:09:10:da:1b:7a:c1:90:8f:d3:19:87:0e:33:f2:03:42:d9:
         18:26:f2:8e:2d:a2:13:28:26:c6:f8:04:81:01:8c:5c:91:c7:
         5a:56:b4:f5:a7:b7:1a:18:53:63:32:ae:bb:5a:86:20:48:3e:
         db:d4:58:48:c1:88:2a:2a:53:b0:48:fe:34:74:60:43:a6:35:
         62:9d:7e:71
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUL2OleDeamFDyyV8U5PU8kHN0KxYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAxMDJaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwYjZjZTA3MzZhOTE3Y2QxMGJhZWNlNzgwMmRhZmMwZjA0ZDBiMjliZDM2
NzAyNWFkMzZlYzJkNTExODI4Y2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALKMeSr0+lummtIWCA0OrSRd/d9aCqpxoJnxS79CRkwNQUVXrvHuVn3GnSpe
rwNf4WgC3I5JtLMH28CvqxYUW+iaqTRlUy2LU0+G1lhreAKRisMPQVTUwvuLyK5j
NKxibod3a66ewdOb3sH/TrgfPfFAHFBfW/DYpEjAlTTfxXfwJ4+vWBsRM0fTyGop
xKeiuq3VL/Okmo+pUx6Ln1afM/NgSerN/rSS5HxGHlqrEcLoq/CefMw9IltMe7nN
QyPxkom9UZ0KN1DqV2MF8bPpqh0vu4gcICJXPAscS0p/R8snDybXC2QXxZDRiAsF
bSAFLSAkDqCGNrOMKCmZuIk2PzMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSF07/c
GmKSPX0xq0KS64t7VzRnTTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Njg2NzcxMTEtZjI3ZC00MTdhLThiNDMtYTY1Zjg0NDgyOTk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBS6JwDAN
BgkqhkiG9w0BAQsFAAOCAQEAkYdpaGBFpIM9jnhg5xbAn6Rpx5JDnoDXMwfP4S9B
EXTkC4gj7qFAa0dRMGxXlG+RL4XRcesMvWslnGmXofLi22HqFd/NtOoLfgH0/dVp
m2LTrnnIJwqtRI9Bth6Aj7eccitHnws7rBz1prtjOD1axSJbX7tChhaIsP3C4SjY
VGID0/9URmbuHZuBGjoBoalkL/2Mu+ADi1JDCBGKQhyVhhWzIymHpKuJaGdI+l3U
eryV0wK1CgkQ2ht6wZCP0xmHDjPyA0LZGCbyji2iEygmxvgEgQGMXJHHWla09ae3
GhhTYzKuu1qGIEg+29RYSMGIKipTsEj+NHRgQ6Y1Yp1+cQ==
-----END CERTIFICATE-----