Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be6b7cb0-3c55-4a65-b00a-45bc1310868b.roa
File:                     be6b7cb0-3c55-4a65-b00a-45bc1310868b.roa (raw, json)
Hash identifier:          83KhpS04O8kL2Qm214eC4uGpk0IfcSf9H2tLPHm5Uhk=
Subject key identifier:   86:C8:B9:E8:37:8E:95:5B:9E:79:D5:BB:10:C1:10:65:22:84:E2:6D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1E018ABA5094EDB53497178A53B04893EFB82333
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be6b7cb0-3c55-4a65-b00a-45bc1310868b.roa
Signing time:             Tue 18 Mar 2025 17:00:23 +0000
ROA not before:           Tue 18 Mar 2025 17:00:23 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:01:8a:ba:50:94:ed:b5:34:97:17:8a:53:b0:48:93:ef:b8:23:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:00:23 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:07:97:3d:86:25:22:c9:e1:4f:37:4d:1f:9b:
                    94:5d:38:21:21:db:9d:25:bb:bf:d3:d5:3c:17:fa:
                    6b:4e:0f:f5:06:5c:26:23:9b:69:5b:4a:42:d9:8b:
                    0d:88:42:7a:8e:01:c6:75:5e:ba:10:1b:32:ff:61:
                    09:03:ce:ec:0f:85:3f:bf:6f:00:7d:fc:7f:dc:c7:
                    5b:dc:a6:ff:53:ca:14:26:29:a4:16:d9:a3:8e:b0:
                    1c:2a:26:84:84:fe:98:ac:a2:54:ef:f8:eb:1e:3a:
                    7c:15:ad:68:d0:14:3d:87:04:dd:33:6a:10:f6:f2:
                    b1:73:4e:fb:6b:c5:43:df:85:db:ef:90:5c:fe:4c:
                    20:ab:7c:73:4e:54:cd:ba:5a:a0:9f:d1:93:62:bc:
                    33:bd:46:a4:10:c4:a4:04:4f:3c:32:d7:8f:7c:52:
                    79:9b:92:b7:43:86:b8:1b:0c:2d:87:f2:19:b5:ad:
                    15:39:a6:07:13:1b:79:8d:dc:e7:18:7f:ac:05:b2:
                    77:28:78:43:48:e2:61:47:09:4a:6b:0a:89:5d:6e:
                    4e:2f:3d:15:52:fe:4f:a6:78:6c:d5:84:e5:c2:f5:
                    e1:52:ed:57:ce:22:88:e4:f1:5a:26:3f:05:c2:5b:
                    36:7e:bc:0b:88:bb:12:ba:a5:3d:36:1f:0f:1e:dc:
                    ca:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C8:B9:E8:37:8E:95:5B:9E:79:D5:BB:10:C1:10:65:22:84:E2:6D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be6b7cb0-3c55-4a65-b00a-45bc1310868b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a0:1f:b4:25:58:a3:e7:e1:03:00:72:7e:99:99:c1:c8:c3:85:
         a7:02:7b:a0:49:9f:92:6f:a3:b8:ea:73:5b:00:d7:08:77:42:
         5b:d5:80:7d:fa:2f:33:c5:1f:41:90:cf:ec:4e:99:34:35:33:
         17:8d:0c:ce:ac:11:34:b6:ee:5a:df:80:80:aa:17:8a:35:ae:
         75:03:80:1e:65:c2:a9:39:54:b0:42:4e:50:70:15:4c:af:87:
         2d:fb:6d:b5:a4:5a:85:a3:27:82:fe:13:49:6b:48:c9:2f:53:
         67:21:0d:cb:85:b5:bf:a1:01:7e:c0:25:62:82:92:62:0a:56:
         7b:51:bf:9d:9b:37:d9:64:9c:20:ca:cd:af:41:60:5f:22:8a:
         29:b0:60:37:28:1f:12:33:c7:60:95:b4:9b:63:f7:4e:75:f6:
         04:a2:4a:9b:7b:7b:34:55:8c:de:29:91:7d:3c:5f:d3:df:e4:
         48:83:31:cf:b1:26:14:f2:47:88:8f:59:e3:cd:79:43:71:9a:
         19:38:47:7e:24:ef:21:47:e1:45:a9:ae:e6:65:62:1d:1c:62:
         a2:88:43:94:d2:c5:ae:0c:d9:0d:f9:b6:c5:d2:9e:28:1f:13:
         4f:8e:b8:71:50:68:5a:df:68:41:81:d1:e0:ba:00:dd:43:05:
         89:ef:0e:f1
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUHgGKulCU7bU0lxeKU7BIk++4IzMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAwMjNaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDJkNTM4Y2NlNDY1YzdmMzZmNmVjOGI3YjFmZWQ5YTc0MzcwNTdjMDQ4NDRj
YTFhNWFlMGMyZjAxYWRjZDJhNDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0Hlz2GJSLJ4U83TR+blF04ISHbnSW7v9PVPBf6a04P9QZcJiObaVtKQtmL
DYhCeo4BxnVeuhAbMv9hCQPO7A+FP79vAH38f9zHW9ym/1PKFCYppBbZo46wHCom
hIT+mKyiVO/46x46fBWtaNAUPYcE3TNqEPbysXNO+2vFQ9+F2++QXP5MIKt8c05U
zbpaoJ/Rk2K8M71GpBDEpARPPDLXj3xSeZuSt0OGuBsMLYfyGbWtFTmmBxMbeY3c
5xh/rAWydyh4Q0jiYUcJSmsKiV1uTi89FVL+T6Z4bNWE5cL14VLtV84iiOTxWiY/
BcJbNn68C4i7ErqlPTYfDx7cylUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSGyLno
N46VW5551bsQwRBlIoTibTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmU2YjdjYjAtM2M1NS00YTY1LWIwMGEtNDViYzEzMTA4NjhiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBS6JYDAN
BgkqhkiG9w0BAQsFAAOCAQEAoB+0JVij5+EDAHJ+mZnByMOFpwJ7oEmfkm+juOpz
WwDXCHdCW9WAffovM8UfQZDP7E6ZNDUzF40MzqwRNLbuWt+AgKoXijWudQOAHmXC
qTlUsEJOUHAVTK+HLftttaRahaMngv4TSWtIyS9TZyENy4W1v6EBfsAlYoKSYgpW
e1G/nZs32WScIMrNr0FgXyKKKbBgNygfEjPHYJW0m2P3TnX2BKJKm3t7NFWM3imR
fTxf09/kSIMxz7EmFPJHiI9Z4815Q3GaGThHfiTvIUfhRamu5mViHRxioohDlNLF
rgzZDfm2xdKeKB8TT464cVBoWt9oQYHR4LoA3UMFie8O8Q==
-----END CERTIFICATE-----