Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b8d55e9d-2730-4ec2-91d5-af98a5a51340.roa
File:                     b8d55e9d-2730-4ec2-91d5-af98a5a51340.roa (raw, json)
Hash identifier:          INcQOl7iZgGkgDnogIO0/klcWgLWb9aZj5FRK/PvSfQ=
Subject key identifier:   45:0B:C9:C6:07:80:A5:6C:26:C4:47:48:AC:95:C3:5F:9F:71:92:6E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0A6829FFD8BB2509C70BCDF33EE708A49F72A8B9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b8d55e9d-2730-4ec2-91d5-af98a5a51340.roa
Signing time:             Fri 21 Mar 2025 15:00:56 +0000
ROA not before:           Fri 21 Mar 2025 15:00:56 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:68:29:ff:d8:bb:25:09:c7:0b:cd:f3:3e:e7:08:a4:9f:72:a8:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:00:56 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0d:6d:78:55:af:dd:88:d8:da:1c:c8:04:61:
                    69:6e:91:9a:c8:50:cc:69:ce:3e:94:17:a5:e4:fa:
                    5e:b3:34:4e:14:91:14:88:b4:43:ee:35:9a:5e:11:
                    96:49:f4:52:07:63:01:30:ef:23:d0:04:9c:b5:0e:
                    41:81:d8:76:3f:4a:e6:0c:46:96:89:04:85:f0:41:
                    6e:6d:ed:0a:f4:d7:69:28:a3:44:f0:88:b7:06:9a:
                    1a:02:e4:c4:46:4b:a9:8f:18:03:4e:d0:e1:4f:c6:
                    c0:9a:55:b1:ba:97:40:a0:fe:f2:54:85:bf:33:4a:
                    7b:59:8a:fa:f6:1b:b6:6d:b7:de:08:21:d1:6f:5d:
                    77:ae:04:11:0d:de:df:2d:4c:94:51:f7:63:e2:9c:
                    bd:57:db:57:9c:43:2e:db:8e:25:83:81:4a:32:46:
                    0b:14:ad:b1:fc:c3:cd:0b:14:24:7f:e9:af:cb:25:
                    87:1e:24:d0:81:52:5c:11:79:f0:16:b4:77:8c:77:
                    5d:1e:73:9f:8f:7a:3b:e9:da:d4:13:ad:ac:be:b9:
                    94:9d:08:fa:20:df:83:6e:18:39:63:39:3c:f0:02:
                    74:7b:62:38:ca:98:e1:d9:5d:7d:a7:7d:33:92:d6:
                    ee:80:6d:68:ec:4e:f7:61:5b:d9:e7:19:83:f6:c4:
                    18:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:0B:C9:C6:07:80:A5:6C:26:C4:47:48:AC:95:C3:5F:9F:71:92:6E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b8d55e9d-2730-4ec2-91d5-af98a5a51340.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:1f:5b:2d:54:e8:57:a4:46:5b:97:f5:11:31:62:47:f5:87:
         03:e1:09:2a:4f:64:c5:2a:0b:2b:18:11:f8:e2:35:6c:04:e9:
         cd:c8:e9:44:d9:6d:2e:45:44:3d:c9:75:8d:91:47:fe:f9:5f:
         f2:ca:be:00:5a:ec:61:44:20:f1:31:48:f4:fc:65:0d:53:7a:
         a0:4e:31:15:3e:18:2b:6f:ff:3f:60:d1:c8:87:03:05:d9:f7:
         2e:8e:81:7e:5b:f0:2b:ef:e0:2a:40:35:10:a0:f9:69:15:fb:
         ba:21:5b:69:ae:6e:3d:cd:dc:cc:ad:c3:af:70:e3:c8:c5:d8:
         0a:47:b5:6e:50:7e:24:21:04:21:f1:cc:c3:e3:4c:a4:69:87:
         ca:86:56:58:19:4f:57:78:81:c7:f3:4d:2d:b4:c5:41:f5:a7:
         f6:2a:d9:fe:08:6d:d4:31:bb:d2:06:7b:fa:46:67:42:77:85:
         0e:09:51:c2:6a:54:0b:c4:85:a5:0b:88:7b:13:9d:86:34:a9:
         ca:b1:00:d5:f4:83:25:d3:9d:15:d3:ae:7b:47:05:cf:ea:b0:
         e9:6d:74:d6:89:d9:9f:a7:1f:0d:65:fa:9e:13:21:c6:e8:9e:
         87:b1:e2:aa:5c:ee:5c:0d:fa:69:1a:4a:6e:3e:82:02:a3:dd:
         50:06:8c:28
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCmgp/9i7JQnHC83zPucIpJ9yqLkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAwNTZaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDljN2E3MzkxYzcxNjkxZmVmODlkYzk3YmNkMjVhODFlYzgyOTYzNWFlNjAy
MDY4NzYwNmZlZjMzYzVlYzUyMGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK8NbXhVr92I2NocyARhaW6RmshQzGnOPpQXpeT6XrM0ThSRFIi0Q+41ml4R
lkn0UgdjATDvI9AEnLUOQYHYdj9K5gxGlokEhfBBbm3tCvTXaSijRPCItwaaGgLk
xEZLqY8YA07Q4U/GwJpVsbqXQKD+8lSFvzNKe1mK+vYbtm233ggh0W9dd64EEQ3e
3y1MlFH3Y+KcvVfbV5xDLtuOJYOBSjJGCxStsfzDzQsUJH/pr8slhx4k0IFSXBF5
8Ba0d4x3XR5zn496O+na1BOtrL65lJ0I+iDfg24YOWM5PPACdHtiOMqY4dldfad9
M5LW7oBtaOxO92Fb2ecZg/bEGG8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRFC8nG
B4ClbCbER0islcNfn3GSbjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjhkNTVlOWQtMjczMC00ZWMyLTkxZDUtYWY5OGE1YTUxMzQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArAiLDAN
BgkqhkiG9w0BAQsFAAOCAQEATR9bLVToV6RGW5f1ETFiR/WHA+EJKk9kxSoLKxgR
+OI1bATpzcjpRNltLkVEPcl1jZFH/vlf8sq+AFrsYUQg8TFI9PxlDVN6oE4xFT4Y
K2//P2DRyIcDBdn3Lo6BflvwK+/gKkA1EKD5aRX7uiFbaa5uPc3czK3Dr3DjyMXY
Cke1blB+JCEEIfHMw+NMpGmHyoZWWBlPV3iBx/NNLbTFQfWn9irZ/ght1DG70gZ7
+kZnQneFDglRwmpUC8SFpQuIexOdhjSpyrEA1fSDJdOdFdOue0cFz+qw6W101onZ
n6cfDWX6nhMhxuieh7HiqlzuXA36aRpKbj6CAqPdUAaMKA==
-----END CERTIFICATE-----