Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9b6ea2c3-c25b-492c-9547-7c5ddb75d15f.roa
File:                     9b6ea2c3-c25b-492c-9547-7c5ddb75d15f.roa (raw, json)
Hash identifier:          ZzwsTeB/d2KZ9nhcV58uW0+NHTjr5/dphKC3zhP/g3A=
Subject key identifier:   9F:3B:C7:E8:BF:12:7A:D8:3C:F4:E5:4F:CB:CD:A1:24:C9:A4:36:A1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       022253D28F05F6D34047EE049E6A4C7FC94A515B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9b6ea2c3-c25b-492c-9547-7c5ddb75d15f.roa
Signing time:             Tue 18 Mar 2025 17:01:06 +0000
ROA not before:           Tue 18 Mar 2025 17:01:06 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:22:53:d2:8f:05:f6:d3:40:47:ee:04:9e:6a:4c:7f:c9:4a:51:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:01:06 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9b:7e:0c:ee:12:00:e4:a8:77:d0:64:e8:d6:
                    94:7c:7b:8c:aa:a3:75:32:bd:2d:7f:75:a5:ad:24:
                    11:ac:3f:89:ca:c3:df:f6:1d:64:af:9a:05:9a:df:
                    d4:19:3b:93:6f:a2:7a:ef:3c:dd:0e:e9:97:b0:e4:
                    8d:ec:20:79:4e:7f:05:85:98:95:7d:68:dc:19:2a:
                    34:bb:c5:31:97:6f:18:90:2c:16:63:a8:ea:43:b9:
                    74:33:6e:08:d9:2d:f0:2c:32:d6:7e:a0:50:f2:dc:
                    f3:0d:63:58:08:ef:b6:0c:54:45:c0:c6:58:86:e4:
                    30:83:6e:0e:e2:12:57:ee:2f:68:6a:fc:e5:95:c6:
                    70:e4:cb:22:80:06:12:d9:82:17:8b:5e:09:63:e9:
                    56:1f:45:00:17:da:61:d4:3a:1d:ad:77:8c:6a:16:
                    b0:f9:f2:50:13:c8:9a:b2:50:3d:1d:28:e5:f3:aa:
                    d6:17:d8:a9:6c:56:b6:cc:87:15:40:96:9a:15:dc:
                    d8:f6:7d:62:1f:fe:e6:49:64:7e:91:1f:59:22:dd:
                    03:29:74:fd:ff:dc:78:d9:8e:dc:c9:88:b6:f8:57:
                    53:8c:68:c9:78:03:11:65:a4:10:f4:45:82:78:20:
                    2e:f5:35:a7:db:bc:a7:5d:3e:2a:1d:c9:b2:e8:5f:
                    bc:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:3B:C7:E8:BF:12:7A:D8:3C:F4:E5:4F:CB:CD:A1:24:C9:A4:36:A1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9b6ea2c3-c25b-492c-9547-7c5ddb75d15f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:36:92:21:eb:39:a0:7b:12:51:35:c8:5b:63:89:0d:98:89:
         fa:87:23:b6:cd:26:1e:66:21:3b:be:d0:ff:4f:7b:ba:8d:58:
         56:37:f2:17:28:36:96:03:74:76:f7:18:2d:9a:ab:91:3c:2b:
         53:5a:0e:61:38:a1:09:b9:aa:54:41:0a:2b:fb:b3:ef:66:ca:
         3d:02:63:d0:2c:58:a7:8f:fc:69:ad:91:ae:fb:f7:1c:ff:68:
         46:7c:9b:3b:2d:28:2b:64:6d:e6:29:7f:f5:7f:b0:36:e9:09:
         4a:fc:1b:aa:2d:93:d9:16:82:53:e4:fb:0c:29:98:73:1e:15:
         62:33:75:30:cd:e4:1c:76:19:1b:9f:6e:d1:ea:ab:26:00:11:
         c7:e7:56:ee:de:fd:94:27:c3:94:f4:b4:8a:7b:62:53:3d:ca:
         17:11:2a:52:e8:b8:26:0d:e6:31:e6:75:3d:d4:50:1e:e6:e7:
         fe:b9:15:7a:be:8c:72:2f:8a:e9:b2:2e:52:ac:7a:80:ea:fa:
         d7:3c:33:a9:0b:25:02:74:c1:a9:78:33:39:33:ef:de:3b:fa:
         2a:4d:1d:d1:5b:27:ae:27:79:13:bc:e7:d6:2d:15:c3:6d:97:
         f5:9c:ff:b2:16:f1:63:9d:4e:2a:f1:41:f9:4d:2a:fc:14:8d:
         ba:76:76:31
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUAiJT0o8F9tNAR+4EnmpMf8lKUVswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAxMDZaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGIwZDlmZGQ5NjIzMTc2NzNiOWRkNTEzZmRlOGQ3YzNhOTY1NDlhZTAwZTM4
OGI3YTExOGUyYjM2YjJiNzg3ZTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALebfgzuEgDkqHfQZOjWlHx7jKqjdTK9LX91pa0kEaw/icrD3/YdZK+aBZrf
1Bk7k2+ieu883Q7pl7DkjewgeU5/BYWYlX1o3BkqNLvFMZdvGJAsFmOo6kO5dDNu
CNkt8Cwy1n6gUPLc8w1jWAjvtgxURcDGWIbkMINuDuISV+4vaGr85ZXGcOTLIoAG
EtmCF4teCWPpVh9FABfaYdQ6Ha13jGoWsPnyUBPImrJQPR0o5fOq1hfYqWxWtsyH
FUCWmhXc2PZ9Yh/+5klkfpEfWSLdAyl0/f/ceNmO3MmItvhXU4xoyXgDEWWkEPRF
gnggLvU1p9u8p10+Kh3JsuhfvI8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSfO8fo
vxJ62Dz05U/LzaEkyaQ2oTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWI2ZWEyYzMtYzI1Yi00OTJjLTk1NDctN2M1ZGRiNzVkMTVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi6J2DAN
BgkqhkiG9w0BAQsFAAOCAQEApzaSIes5oHsSUTXIW2OJDZiJ+ocjts0mHmYhO77Q
/097uo1YVjfyFyg2lgN0dvcYLZqrkTwrU1oOYTihCbmqVEEKK/uz72bKPQJj0CxY
p4/8aa2Rrvv3HP9oRnybOy0oK2Rt5il/9X+wNukJSvwbqi2T2RaCU+T7DCmYcx4V
YjN1MM3kHHYZG59u0eqrJgARx+dW7t79lCfDlPS0intiUz3KFxEqUui4Jg3mMeZ1
PdRQHubn/rkVer6Mci+K6bIuUqx6gOr61zwzqQslAnTBqXgzOTPv3jv6Kk0d0Vsn
rid5E7zn1i0Vw22X9Zz/shbxY51OKvFB+U0q/BSNunZ2MQ==
-----END CERTIFICATE-----