Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9ff392e-09c0-4b7c-bdd5-5fb1316e398e.roa
File:                     b9ff392e-09c0-4b7c-bdd5-5fb1316e398e.roa (raw, json)
Hash identifier:          GhaKrfleXBP4xG/ti/Ao2CJUQjMR4IaN1cyhqD+2l1Y=
Subject key identifier:   A3:AB:FE:C6:79:C4:BF:74:DF:3F:3B:D9:1D:9F:73:E1:9C:52:82:0B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       437E8A312CE5CE3FA2A612A7EAE7261AE9DC6F73
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9ff392e-09c0-4b7c-bdd5-5fb1316e398e.roa
Signing time:             Fri 21 Mar 2025 15:00:53 +0000
ROA not before:           Fri 21 Mar 2025 15:00:53 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.64.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:7e:8a:31:2c:e5:ce:3f:a2:a6:12:a7:ea:e7:26:1a:e9:dc:6f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:00:53 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:24:44:ee:41:11:38:b1:f3:b8:e6:9b:cd:e0:
                    c0:d4:ce:89:52:ef:f7:8e:f0:5c:83:e8:13:18:1e:
                    25:32:ef:5a:d5:7b:79:4f:6d:49:ed:2f:7e:1d:42:
                    3f:7d:c2:94:d6:0f:08:63:5f:14:25:89:e1:d9:de:
                    64:54:0d:62:6d:38:71:dc:fe:5a:7e:af:b3:12:08:
                    29:76:21:44:20:03:4a:ed:91:f1:3f:56:87:d9:98:
                    c9:85:fa:bb:ae:a3:53:d8:15:7e:f7:29:f7:9f:4e:
                    8a:3c:a9:ff:fd:c9:95:d1:30:c8:3a:13:13:d0:79:
                    99:10:e0:75:ed:94:24:7d:9e:3e:00:56:a0:c7:4f:
                    ea:2d:b0:7b:36:f9:80:98:93:ae:4f:f7:d4:53:5c:
                    84:d7:8b:24:c3:1e:87:69:90:7f:51:6d:b3:6b:f7:
                    b9:2f:e3:44:e6:67:53:58:b2:e3:3a:cb:e7:27:98:
                    ba:62:1a:b7:3d:93:e9:ab:e4:c8:85:8f:bd:a5:6d:
                    a9:25:2b:f3:6d:ad:f6:01:cd:85:c7:3e:b0:46:67:
                    0c:2d:ee:f8:1b:57:46:08:de:25:6e:7a:62:23:73:
                    96:31:81:dc:0c:fc:07:48:2c:0f:76:da:b9:2d:7d:
                    20:72:65:70:22:a5:b4:a5:1a:a3:7e:7f:82:b5:7a:
                    6f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:AB:FE:C6:79:C4:BF:74:DF:3F:3B:D9:1D:9F:73:E1:9C:52:82:0B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9ff392e-09c0-4b7c-bdd5-5fb1316e398e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a8:c0:e4:9b:2b:cd:39:03:98:1b:9c:28:d6:95:83:7b:45:1c:
         36:4a:c0:35:53:2c:38:52:2a:cc:94:94:09:48:b5:0d:bb:2b:
         c0:f3:e6:34:43:ea:83:0d:53:a2:d8:5f:61:88:7b:0b:29:2a:
         48:17:ab:ad:02:f5:cc:8e:53:3d:13:01:8c:72:9b:b9:75:0e:
         4d:0e:99:dd:6d:ae:f4:91:cb:7e:96:f8:41:45:e6:b6:41:dd:
         94:90:bf:25:cb:23:42:f3:f8:de:32:15:83:04:4c:13:69:17:
         a9:02:ed:55:d9:1e:f8:88:a4:f7:ac:4f:d8:13:68:39:22:30:
         5d:93:94:a7:32:60:45:e3:77:48:b5:58:c0:8b:d0:73:b9:9e:
         f0:eb:3b:db:b6:35:4a:a6:35:17:6c:2f:5c:c7:da:35:a5:80:
         4e:4b:be:bb:24:0d:95:02:2c:d6:23:d0:68:1a:af:4a:76:69:
         2c:d0:af:4a:e3:dc:26:6c:22:20:73:38:3d:3a:89:c1:57:bd:
         9d:7f:0b:88:34:d4:8e:b4:9a:9e:0b:74:52:72:22:7d:5a:7a:
         17:e7:2e:72:3a:35:30:b4:b0:73:1f:55:55:63:ad:70:8b:90:
         12:13:79:cf:2b:67:86:49:79:34:db:a4:54:1f:46:53:8c:ba:
         a6:1d:22:c8
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQ36KMSzlzj+iphKn6ucmGuncb3MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAwNTNaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVkN2MzNDVjNDQ4ZDBkOGMxMjY1YWFmMzgxZjg4ZDQ4YzFjMmQ1ZTQxNGUz
NDgzODE4Nzc1NWQzNjgxNzI0MjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANckRO5BETix87jmm83gwNTOiVLv947wXIPoExgeJTLvWtV7eU9tSe0vfh1C
P33ClNYPCGNfFCWJ4dneZFQNYm04cdz+Wn6vsxIIKXYhRCADSu2R8T9Wh9mYyYX6
u66jU9gVfvcp959Oijyp//3JldEwyDoTE9B5mRDgde2UJH2ePgBWoMdP6i2wezb5
gJiTrk/31FNchNeLJMMeh2mQf1Fts2v3uS/jROZnU1iy4zrL5yeYumIatz2T6avk
yIWPvaVtqSUr822t9gHNhcc+sEZnDC3u+BtXRgjeJW56YiNzljGB3Az8B0gsD3ba
uS19IHJlcCKltKUao35/grV6b9sCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSjq/7G
ecS/dN8/O9kdn3PhnFKCCzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjlmZjM5MmUtMDljMC00YjdjLWJkZDUtNWZiMTMxNmUzOThlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBbAgQDAN
BgkqhkiG9w0BAQsFAAOCAQEAqMDkmyvNOQOYG5wo1pWDe0UcNkrANVMsOFIqzJSU
CUi1DbsrwPPmNEPqgw1TothfYYh7CykqSBerrQL1zI5TPRMBjHKbuXUOTQ6Z3W2u
9JHLfpb4QUXmtkHdlJC/JcsjQvP43jIVgwRME2kXqQLtVdke+Iik96xP2BNoOSIw
XZOUpzJgReN3SLVYwIvQc7me8Os727Y1SqY1F2wvXMfaNaWATku+uyQNlQIs1iPQ
aBqvSnZpLNCvSuPcJmwiIHM4PTqJwVe9nX8LiDTUjrSangt0UnIifVp6F+cucjo1
MLSwcx9VVWOtcIuQEhN5zytnhkl5NNukVB9GU4y6ph0iyA==
-----END CERTIFICATE-----