Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d3290b1-5123-4651-a2b9-bde2c7d0d334.roa
File:                     7d3290b1-5123-4651-a2b9-bde2c7d0d334.roa (raw, json)
Hash identifier:          Oii8GpQfQ0yljfJ3b4dgE44l8wMEsYKHk4ZOz75OqGk=
Subject key identifier:   CA:2B:0F:1A:EC:8E:87:1F:CD:64:9C:52:29:A1:A0:83:D8:1D:FE:41
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4EE5ACDFEF909215E6CDC3F820EF737FD724DCFC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d3290b1-5123-4651-a2b9-bde2c7d0d334.roa
Signing time:             Tue 18 Mar 2025 17:10:10 +0000
ROA not before:           Tue 18 Mar 2025 17:10:10 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.51.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:e5:ac:df:ef:90:92:15:e6:cd:c3:f8:20:ef:73:7f:d7:24:dc:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:10:10 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0a:2a:fd:a3:08:9d:41:1d:28:b1:33:d3:83:
                    e5:ba:59:a2:f6:70:59:87:68:79:71:24:08:30:51:
                    fc:5a:46:d1:cb:99:d6:e5:d8:2d:7a:64:75:06:d9:
                    df:f5:4e:48:07:c0:cf:45:d2:65:90:03:de:40:0d:
                    01:31:ad:f6:30:f6:4d:bb:a1:9f:52:81:a8:9a:21:
                    e5:97:c9:fc:88:fc:c1:9d:a3:35:6a:13:81:a7:e3:
                    d9:b2:e9:9d:63:21:42:09:10:9f:91:16:33:81:cd:
                    dd:3e:b0:a4:1e:d2:8f:f6:55:0b:61:9b:ab:c3:c0:
                    4e:11:19:18:a2:9d:f1:83:96:af:82:50:b7:48:30:
                    65:c5:2b:64:fb:11:fd:e6:c7:4c:f1:ef:df:4b:bb:
                    2f:f5:06:0b:64:91:48:15:13:0f:a5:24:40:bd:1f:
                    de:4f:87:09:03:df:c0:ae:b6:0c:ba:b0:09:33:b2:
                    04:ef:c2:49:f6:36:00:e2:e9:72:21:c6:20:41:65:
                    b4:7a:79:a8:d1:05:7c:1c:14:18:33:9d:61:82:ce:
                    e1:9f:af:fb:60:53:56:c2:e9:ac:30:28:f4:1b:d4:
                    23:96:09:b0:bc:a7:77:4d:96:0a:95:96:b2:d7:11:
                    54:9e:e7:11:80:ce:05:7c:11:e7:fd:44:51:1c:6b:
                    83:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2B:0F:1A:EC:8E:87:1F:CD:64:9C:52:29:A1:A0:83:D8:1D:FE:41
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d3290b1-5123-4651-a2b9-bde2c7d0d334.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9a:ec:7d:88:5b:11:a1:5b:04:d5:43:2a:c8:fc:97:16:ef:5a:
         94:44:83:50:e7:7b:18:f9:17:be:ec:2b:f2:0b:c5:2d:4e:45:
         bf:8b:45:ea:d5:53:67:5b:db:e5:fa:2d:07:36:b1:55:14:10:
         2f:53:9c:24:77:09:62:31:90:a0:73:1f:fa:6a:bb:9e:2e:75:
         e0:19:57:ea:e4:c3:a9:8c:ca:bf:4a:fe:64:3a:c2:c2:1e:e4:
         90:55:af:02:60:ab:4b:6f:9e:46:af:5c:00:35:c8:b7:7b:02:
         23:b1:6b:c5:3f:e4:f1:1f:e0:f1:3b:70:fc:e5:0a:dd:54:48:
         8a:2e:0c:b5:08:d5:ef:db:8d:33:92:24:24:42:f5:8e:82:86:
         41:ae:2e:73:dc:ef:c4:b5:e7:90:a7:a8:43:52:1d:e3:07:3c:
         6c:84:bb:64:e5:93:fc:b8:2a:97:e3:8f:89:81:63:e9:42:a7:
         5d:93:39:0d:9e:ac:71:39:b6:cb:c5:dd:93:75:e9:31:6a:d4:
         e9:2a:0d:70:86:e3:21:bb:12:2d:e0:df:0a:0d:fd:22:33:f2:
         80:e7:d3:b4:a1:0f:e2:29:9a:d8:0f:f0:03:65:a0:99:dc:26:
         dd:bf:41:32:3d:91:b9:4a:20:7d:ad:dc:fe:17:46:e9:ef:47:
         e4:75:62:86
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUTuWs3++QkhXmzcP4IO9zf9ck3PwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzEwMTBaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ5NzQ2NzljN2QzMDJkNDEzYWEzNGM0YjIwZjU2ZDIzYzQ0NDc5ZjU0Yjcx
NzM5N2Y1MmM3MmU0OTA2ZGNmMWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ0KKv2jCJ1BHSixM9OD5bpZovZwWYdoeXEkCDBR/FpG0cuZ1uXYLXpkdQbZ
3/VOSAfAz0XSZZAD3kANATGt9jD2Tbuhn1KBqJoh5ZfJ/Ij8wZ2jNWoTgafj2bLp
nWMhQgkQn5EWM4HN3T6wpB7Sj/ZVC2Gbq8PAThEZGKKd8YOWr4JQt0gwZcUrZPsR
/ebHTPHv30u7L/UGC2SRSBUTD6UkQL0f3k+HCQPfwK62DLqwCTOyBO/CSfY2AOLp
ciHGIEFltHp5qNEFfBwUGDOdYYLO4Z+v+2BTVsLprDAo9BvUI5YJsLynd02WCpWW
stcRVJ7nEYDOBXwR5/1EURxrg0cCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTKKw8a
7I6HH81knFIpoaCD2B3+QTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2QzMjkwYjEtNTEyMy00NjUxLWEyYjktYmRlMmM3ZDBkMzM0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBi4zgDAN
BgkqhkiG9w0BAQsFAAOCAQEAmux9iFsRoVsE1UMqyPyXFu9alESDUOd7GPkXvuwr
8gvFLU5Fv4tF6tVTZ1vb5fotBzaxVRQQL1OcJHcJYjGQoHMf+mq7ni514BlX6uTD
qYzKv0r+ZDrCwh7kkFWvAmCrS2+eRq9cADXIt3sCI7FrxT/k8R/g8Ttw/OUK3VRI
ii4MtQjV79uNM5IkJEL1joKGQa4uc9zvxLXnkKeoQ1Id4wc8bIS7ZOWT/Lgql+OP
iYFj6UKnXZM5DZ6scTm2y8Xdk3XpMWrU6SoNcIbjIbsSLeDfCg39IjPygOfTtKEP
4ima2A/wA2Wgmdwm3b9BMj2RuUogfa3c/hdG6e9H5HVihg==
-----END CERTIFICATE-----