Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aa79bb18-b74d-4cc3-ba05-20af0f9435b1.roa
File:                     aa79bb18-b74d-4cc3-ba05-20af0f9435b1.roa (raw, json)
Hash identifier:          c9nerF47NRgOpFgTKSRyKXjYCuqcGkN1pJGiDzTb7Gw=
Subject key identifier:   70:96:5A:7C:B5:DB:AA:18:BE:F1:AF:5C:1F:69:50:A4:D7:20:26:74
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       79865A83F1C926ED26532F4C023C3A868490ACA3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aa79bb18-b74d-4cc3-ba05-20af0f9435b1.roa
Signing time:             Fri 21 Mar 2025 15:01:25 +0000
ROA not before:           Fri 21 Mar 2025 15:01:25 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.144.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:86:5a:83:f1:c9:26:ed:26:53:2f:4c:02:3c:3a:86:84:90:ac:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:01:25 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f2:c5:75:a6:04:a8:e3:d0:7e:1d:f3:58:42:
                    64:66:47:79:7f:30:04:3f:f1:3d:a3:eb:7c:65:73:
                    f6:3e:18:6f:a4:fd:42:4e:dd:28:38:55:53:d3:2e:
                    06:4e:ac:44:e4:eb:bc:ec:79:fe:3b:89:b4:e8:ca:
                    c3:ba:c4:c0:31:6a:d2:b8:44:f5:86:de:13:e4:1c:
                    eb:9f:cc:b3:fa:41:df:ac:1e:aa:9e:07:c3:2d:1f:
                    ea:62:c8:06:1c:7b:33:13:32:17:5e:cd:fa:a4:f5:
                    74:7d:3c:44:f0:56:ca:bb:04:ce:c5:fd:d7:ce:d7:
                    c7:6d:36:62:97:e9:e1:59:ba:8c:ee:cb:e3:71:63:
                    82:1b:fd:87:94:96:4d:5a:a7:e2:03:9e:42:eb:ab:
                    88:57:61:ad:65:2f:7d:f7:bb:9b:a2:7d:e2:38:97:
                    a7:93:d9:a0:78:d1:f9:95:d5:94:f5:74:57:fe:03:
                    b6:7e:56:e9:fd:6d:ee:e1:43:d3:51:1f:a5:41:c8:
                    ad:1d:58:37:96:8a:91:44:e1:d6:f2:c5:47:16:0d:
                    19:3e:10:f0:80:e4:4e:ec:dd:42:1c:fc:00:ff:23:
                    a8:bc:13:91:83:38:fa:4c:18:0b:b2:9e:93:d2:ea:
                    73:82:65:63:0c:20:89:54:48:06:3b:55:20:57:08:
                    35:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:96:5A:7C:B5:DB:AA:18:BE:F1:AF:5C:1F:69:50:A4:D7:20:26:74
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aa79bb18-b74d-4cc3-ba05-20af0f9435b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         13:8f:84:93:00:3b:c4:d5:3a:66:8a:bb:97:e0:a8:89:35:24:
         1a:e8:aa:7c:96:6b:13:62:4e:9e:61:32:1f:0f:2b:c5:09:5d:
         f0:eb:ca:e3:58:3b:93:fb:5a:7e:c0:45:86:9b:20:4f:cd:18:
         c8:df:d9:47:44:78:b7:84:3a:1a:95:27:c9:3d:fb:ee:5d:2c:
         52:d1:59:20:52:b5:ca:0c:25:9d:93:cd:06:a5:30:c1:8b:9c:
         89:72:c9:b8:c4:97:ab:3d:c5:dd:6f:0b:d0:1b:f8:66:fd:05:
         f2:65:df:b7:8e:79:dd:41:4a:3c:e5:11:f4:f1:8a:ad:d0:6b:
         c0:5d:3f:b2:c9:57:ca:57:f0:c0:d6:04:49:4f:ae:27:f9:1c:
         2d:97:fb:e9:70:dd:66:d3:ee:15:23:46:75:62:85:e4:da:e2:
         88:cf:ee:af:1b:c9:66:54:ac:bd:76:2b:a9:84:5d:60:6a:c2:
         77:71:c4:0a:bb:b4:f3:ab:3d:4b:80:3e:97:5c:36:5a:3b:03:
         de:48:01:03:16:ff:1f:de:45:44:33:86:3b:8b:15:1e:85:59:
         82:7c:2f:7a:dd:9e:b7:b2:9a:0b:61:cf:dd:4c:6d:ac:6e:ff:
         db:51:84:bd:d2:68:b6:ba:ca:f9:38:94:d9:20:cb:fe:02:45:
         75:49:5a:3c
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUeYZag/HJJu0mUy9MAjw6hoSQrKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAxMjVaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDExNTY3YjhhOWI4NzEzZTk2ZTgzN2RhY2YyM2NjZDRhZTBkYThmNGQ5MjMy
N2Q0NzU2Mjk1Zjc0YjRmODQwYzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKDyxXWmBKjj0H4d81hCZGZHeX8wBD/xPaPrfGVz9j4Yb6T9Qk7dKDhVU9Mu
Bk6sROTrvOx5/juJtOjKw7rEwDFq0rhE9YbeE+Qc65/Ms/pB36weqp4Hwy0f6mLI
Bhx7MxMyF17N+qT1dH08RPBWyrsEzsX9187Xx202Ypfp4Vm6jO7L43Fjghv9h5SW
TVqn4gOeQuuriFdhrWUvffe7m6J94jiXp5PZoHjR+ZXVlPV0V/4Dtn5W6f1t7uFD
01EfpUHIrR1YN5aKkUTh1vLFRxYNGT4Q8IDkTuzdQhz8AP8jqLwTkYM4+kwYC7Ke
k9Lqc4JlYwwgiVRIBjtVIFcINbsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRwllp8
tduqGL7xr1wfaVCk1yAmdDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWE3OWJiMTgtYjc0ZC00Y2MzLWJhMDUtMjBhZjBmOTQzNWIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAikDAN
BgkqhkiG9w0BAQsFAAOCAQEAE4+EkwA7xNU6Zoq7l+CoiTUkGuiqfJZrE2JOnmEy
Hw8rxQld8OvK41g7k/tafsBFhpsgT80YyN/ZR0R4t4Q6GpUnyT377l0sUtFZIFK1
ygwlnZPNBqUwwYuciXLJuMSXqz3F3W8L0Bv4Zv0F8mXft4553UFKPOUR9PGKrdBr
wF0/sslXylfwwNYESU+uJ/kcLZf76XDdZtPuFSNGdWKF5NriiM/urxvJZlSsvXYr
qYRdYGrCd3HECru086s9S4A+l1w2WjsD3kgBAxb/H95FRDOGO4sVHoVZgnwvet2e
t7KaC2HP3UxtrG7/21GEvdJotrrK+TiU2SDL/gJFdUlaPA==
-----END CERTIFICATE-----