Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/842bd74b-e507-47ea-bb4e-32057136b2bd.roa
File:                     842bd74b-e507-47ea-bb4e-32057136b2bd.roa (raw, json)
Hash identifier:          oeWW4FflaBQ6HFcgPAOCeQjNZ6y7yR3Bs0M47+cwbrc=
Subject key identifier:   1D:16:F9:69:A0:E5:11:76:E4:9B:C4:13:3B:71:ED:31:B4:4B:8A:AB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       103E1C5927E1ABCF3C8C7B4B31025161BC0C374A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/842bd74b-e507-47ea-bb4e-32057136b2bd.roa
Signing time:             Tue 18 Mar 2025 17:00:25 +0000
ROA not before:           Tue 18 Mar 2025 17:00:25 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.0.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:3e:1c:59:27:e1:ab:cf:3c:8c:7b:4b:31:02:51:61:bc:0c:37:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:00:25 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4a:99:72:84:e4:ee:26:69:c0:7f:a5:df:fb:
                    ad:47:20:aa:dc:ba:f5:71:b5:8a:71:0d:ec:dd:16:
                    eb:e6:ae:82:24:26:d1:18:e3:5a:64:4e:2c:b0:e0:
                    f5:00:19:ad:55:b2:ee:b3:56:ec:50:9a:e1:fe:b5:
                    86:d6:00:da:d7:79:31:52:5d:e3:2c:26:a9:95:1a:
                    e6:c4:d9:ad:ae:a7:8a:d2:87:e7:66:dd:07:9a:4c:
                    c6:19:57:85:db:fc:3e:8a:bc:9b:59:d6:1e:85:89:
                    24:c5:58:02:0f:86:cd:d7:33:e8:2d:ea:9b:4f:da:
                    d3:6d:e2:eb:a4:97:ae:72:94:de:6b:3b:22:aa:ce:
                    19:ee:99:2f:ea:d8:05:aa:98:0f:fc:a6:0e:82:ff:
                    1c:60:e3:a4:3e:6c:83:e4:dd:e4:c6:92:9a:e1:8c:
                    e9:66:00:ee:8c:80:4f:af:75:98:ad:d8:a3:84:2e:
                    f6:26:97:b2:3f:7e:59:5c:49:eb:07:65:d4:6f:75:
                    68:7b:a2:75:72:0b:de:60:00:87:60:96:66:44:ed:
                    25:34:1d:cc:38:7c:8b:82:c5:cd:c0:fb:de:4e:83:
                    07:50:bc:ad:29:2c:09:ed:c6:02:d3:43:fe:04:91:
                    ec:fe:b1:a0:d1:7f:f8:7b:7b:d3:4c:b0:e7:ba:5e:
                    2f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:16:F9:69:A0:E5:11:76:E4:9B:C4:13:3B:71:ED:31:B4:4B:8A:AB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/842bd74b-e507-47ea-bb4e-32057136b2bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6f:97:c1:b8:b8:ca:e7:38:24:f8:9d:6c:1e:92:ab:89:89:27:
         c9:4a:fc:67:93:9a:20:ca:0f:6f:d1:eb:43:9b:6e:77:61:19:
         04:db:77:0c:06:28:5e:24:85:c4:c6:c9:0d:e6:c6:fc:8a:fb:
         e9:da:45:4c:ac:1a:47:ba:b0:69:ee:6e:97:2e:6b:13:28:6c:
         1c:d5:f0:5d:da:a8:f2:b3:72:55:89:b4:24:60:39:1d:47:b5:
         aa:0b:5f:90:cb:cd:82:39:00:35:61:bc:3c:35:63:56:68:89:
         44:5c:49:7e:17:2e:6a:4e:7d:06:7d:47:66:95:fd:40:33:64:
         96:ee:66:31:04:98:d2:d9:17:36:9d:62:dc:76:a8:58:8e:e4:
         eb:0d:54:27:7d:7d:38:51:c9:55:ff:f7:08:28:35:1c:dd:45:
         fb:65:27:f0:63:e6:85:d6:71:1c:32:42:01:f0:3f:22:0b:94:
         d1:2d:58:ae:80:39:2e:80:4c:53:54:a3:88:03:07:a0:ad:7e:
         72:f8:78:5c:21:5a:52:ab:89:f2:a0:33:f2:77:9c:c7:47:c5:
         3f:f0:36:2f:79:51:89:30:ab:1a:0a:03:cc:b0:40:a4:0d:00:
         ce:5f:b3:7d:04:e8:cc:3b:1a:20:0c:4a:c5:bb:99:18:41:1f:
         c1:33:97:44
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUED4cWSfhq888jHtLMQJRYbwMN0owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAwMjVaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGVjZWUwYTU2YTRiNTk3NzQ4MjA3YzM5MzI2MzY0M2NlNGI5M2M5MjU0OTAz
MjAxZTQxMGY1YTEwOTkwZWZkZWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN1KmXKE5O4macB/pd/7rUcgqty69XG1inEN7N0W6+augiQm0RjjWmROLLDg
9QAZrVWy7rNW7FCa4f61htYA2td5MVJd4ywmqZUa5sTZra6nitKH52bdB5pMxhlX
hdv8Poq8m1nWHoWJJMVYAg+Gzdcz6C3qm0/a023i66SXrnKU3ms7IqrOGe6ZL+rY
BaqYD/ymDoL/HGDjpD5sg+Td5MaSmuGM6WYA7oyAT691mK3Yo4Qu9iaXsj9+WVxJ
6wdl1G91aHuidXIL3mAAh2CWZkTtJTQdzDh8i4LFzcD73k6DB1C8rSksCe3GAtND
/gSR7P6xoNF/+Ht700yw57peL+ECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQdFvlp
oOURduSbxBM7ce0xtEuKqzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODQyYmQ3NGItZTUwNy00N2VhLWJiNGUtMzIwNTcxMzZiMmJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBi6JADAN
BgkqhkiG9w0BAQsFAAOCAQEAb5fBuLjK5zgk+J1sHpKriYknyUr8Z5OaIMoPb9Hr
Q5tud2EZBNt3DAYoXiSFxMbJDebG/Ir76dpFTKwaR7qwae5uly5rEyhsHNXwXdqo
8rNyVYm0JGA5HUe1qgtfkMvNgjkANWG8PDVjVmiJRFxJfhcuak59Bn1HZpX9QDNk
lu5mMQSY0tkXNp1i3HaoWI7k6w1UJ319OFHJVf/3CCg1HN1F+2Un8GPmhdZxHDJC
AfA/IguU0S1YroA5LoBMU1SjiAMHoK1+cvh4XCFaUquJ8qAz8necx0fFP/A2L3lR
iTCrGgoDzLBApA0Azl+zfQTozDsaIAxKxbuZGEEfwTOXRA==
-----END CERTIFICATE-----