Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
File:                     bfae711e-b0c4-404f-be1f-a99990818ac6.roa (raw, json)
Hash identifier:          LyewPJxZQ2zlR8NkelV34vSujZgamh4dkehegaSnBF4=
Subject key identifier:   D4:E9:D1:D7:DF:E9:9A:79:29:14:71:BD:8D:94:04:9B:1C:52:89:04
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7815D23D0CE323437F4426173DBF71D160E279C1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
Signing time:             Tue 01 Apr 2025 15:00:23 +0000
ROA not before:           Tue 01 Apr 2025 15:00:23 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.0.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:15:d2:3d:0c:e3:23:43:7f:44:26:17:3d:bf:71:d1:60:e2:79:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  1 15:00:23 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ba:62:69:9a:89:ca:80:12:ab:2b:60:6b:0e:
                    43:96:72:bd:ec:28:39:44:b4:5e:6b:c9:df:38:22:
                    be:68:c4:ca:d4:08:e7:1c:7d:84:87:cf:25:12:3f:
                    e0:3a:d1:d4:3e:62:c5:e0:c1:bd:96:90:b6:17:cc:
                    01:7e:55:6a:cb:0c:6c:d3:5b:f9:eb:ee:0e:4f:6a:
                    4f:7c:0c:ec:d4:fa:4a:cf:e2:6c:d4:b0:3e:d5:bf:
                    80:24:22:26:3d:a2:03:c0:17:26:e9:d9:85:9c:d8:
                    e8:0d:f0:ee:2e:3d:e5:71:43:15:33:e8:00:50:47:
                    4e:45:84:7c:77:d7:da:e1:19:68:ec:21:84:ef:ee:
                    ee:d1:52:49:58:05:88:4a:5f:80:fb:3e:c7:fd:3e:
                    81:57:8d:86:89:79:31:63:5c:15:e6:50:aa:b8:51:
                    1d:fa:8b:34:19:99:76:e6:0b:82:80:a1:7f:dc:68:
                    ba:d5:c1:5c:3a:ff:37:cc:e6:c7:fd:11:ae:16:18:
                    da:a3:6e:68:05:46:37:a1:e0:dc:9f:de:3e:e0:e7:
                    bc:ec:03:70:0c:33:76:2c:18:7a:a8:1c:2f:4b:ea:
                    f9:e0:1d:2a:c8:ba:cf:cf:d1:48:a8:d1:b0:33:22:
                    ee:e3:d2:ed:5e:40:dc:0b:39:8a:eb:8b:6f:12:09:
                    f2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:E9:D1:D7:DF:E9:9A:79:29:14:71:BD:8D:94:04:9B:1C:52:89:04
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:e3:81:21:70:92:b4:95:0a:f4:a0:17:6f:52:0e:68:5a:00:
         3f:d3:00:ea:63:14:97:4a:b8:72:28:63:83:36:bb:71:22:14:
         cd:aa:57:e5:ac:bb:1a:87:aa:a7:48:03:2d:86:d5:ac:79:66:
         dd:39:ab:b7:1e:86:3f:57:bb:ff:44:28:6a:a9:ed:42:9b:b0:
         e9:f1:6e:17:af:df:cc:50:c3:0b:2c:c9:9d:5d:30:1c:76:e0:
         34:8c:5b:db:01:5d:e8:2f:6c:6f:66:70:ab:29:24:c1:d9:cf:
         5a:8d:c3:81:e1:86:ef:2c:47:be:32:11:55:03:ff:6f:cd:a0:
         01:23:7d:82:a2:9b:b4:db:ee:ce:39:4a:80:76:08:b2:06:60:
         59:75:a9:77:15:bf:4a:bc:9c:43:c0:a0:34:60:03:17:2f:b8:
         da:e5:fa:25:46:ef:1b:ea:3e:d0:11:c0:42:59:38:34:8c:68:
         67:86:5c:9b:2d:2b:b2:27:f7:a0:9f:f2:11:89:b2:e3:18:eb:
         d8:f8:c2:5c:07:ed:a5:20:fa:df:c4:6b:86:3a:6f:69:f0:e6:
         c8:e6:d8:bd:c5:27:54:d6:21:18:b2:11:04:ab:e4:e1:d6:1b:
         28:71:64:3b:7f:46:e6:9c:6a:8b:d1:4d:a1:f5:25:d9:1e:08:
         83:e4:5d:8f
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUeBXSPQzjI0N/RCYXPb9x0WDiecEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAwMjNaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGEwODdhYTBkNmMxMmE1OTA4YjJkM2I4MjM2MzJlZTc2OTc2ZDI5NTY4NGUy
MzhhMjBkMjAzMTczMGMxNTQ1MzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANW6YmmaicqAEqsrYGsOQ5ZyvewoOUS0XmvJ3zgivmjEytQI5xx9hIfPJRI/
4DrR1D5ixeDBvZaQthfMAX5VassMbNNb+evuDk9qT3wM7NT6Ss/ibNSwPtW/gCQi
Jj2iA8AXJunZhZzY6A3w7i495XFDFTPoAFBHTkWEfHfX2uEZaOwhhO/u7tFSSVgF
iEpfgPs+x/0+gVeNhol5MWNcFeZQqrhRHfqLNBmZduYLgoChf9xoutXBXDr/N8zm
x/0RrhYY2qNuaAVGN6Hg3J/ePuDnvOwDcAwzdiwYeqgcL0vq+eAdKsi6z8/RSKjR
sDMi7uPS7V5A3As5iuuLbxIJ8msCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTU6dHX
3+maeSkUcb2NlASbHFKJBDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmZhZTcxMWUtYjBjNC00MDRmLWJlMWYtYTk5OTkwODE4YWM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAU99ADAN
BgkqhkiG9w0BAQsFAAOCAQEAGeOBIXCStJUK9KAXb1IOaFoAP9MA6mMUl0q4cihj
gza7cSIUzapX5ay7Goeqp0gDLYbVrHlm3Tmrtx6GP1e7/0QoaqntQpuw6fFuF6/f
zFDDCyzJnV0wHHbgNIxb2wFd6C9sb2ZwqykkwdnPWo3DgeGG7yxHvjIRVQP/b82g
ASN9gqKbtNvuzjlKgHYIsgZgWXWpdxW/SrycQ8CgNGADFy+42uX6JUbvG+o+0BHA
Qlk4NIxoZ4Zcmy0rsif3oJ/yEYmy4xjr2PjCXAftpSD638RrhjpvafDmyObYvcUn
VNYhGLIRBKvk4dYbKHFkO39G5pxqi9FNofUl2R4Ig+Rdjw==
-----END CERTIFICATE-----