Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d8364c06-b75e-4d85-8c8c-afad4df7cd1f.roa
File:                     d8364c06-b75e-4d85-8c8c-afad4df7cd1f.roa (raw, json)
Hash identifier:          oiKaGpRzyaEbvPjdvTSH/o/7ddTP328cLpTXgbsxC0o=
Subject key identifier:   1A:E4:CE:18:5C:B6:84:81:A7:C7:90:F2:9E:12:BF:A9:6E:4B:C3:39
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5301667D617F4D2BA6E1B1543C549153BADDCBEE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d8364c06-b75e-4d85-8c8c-afad4df7cd1f.roa
Signing time:             Tue 18 Mar 2025 17:00:17 +0000
ROA not before:           Tue 18 Mar 2025 17:00:17 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.224.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:01:66:7d:61:7f:4d:2b:a6:e1:b1:54:3c:54:91:53:ba:dd:cb:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:00:17 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:36:d5:f0:98:e9:65:e4:52:75:b5:9b:2b:f3:
                    9b:c3:da:55:9a:a9:56:1b:04:98:16:ad:f0:9d:9c:
                    4a:3b:a8:92:f1:fe:03:e4:75:d6:23:9e:9d:df:dc:
                    b9:f6:1f:6d:17:db:7a:b3:32:5b:78:31:b4:0d:76:
                    7e:1f:ae:1f:e5:fb:ac:ba:7a:49:d2:67:eb:77:8b:
                    b8:33:4c:2d:54:ea:43:39:21:e3:10:66:25:c2:fe:
                    19:49:3c:0b:13:71:34:34:2c:7e:fb:aa:bd:f9:96:
                    4f:47:b7:ea:44:fe:a0:d3:18:d2:6f:54:e0:3c:ec:
                    aa:38:94:19:58:79:8f:ac:c5:dd:ba:4f:96:c1:9a:
                    30:0a:46:7d:bc:9f:ef:3d:72:6f:64:19:0d:ee:49:
                    34:58:e8:c2:3c:51:c4:a9:4e:47:0a:2f:48:a2:15:
                    61:a0:27:ec:6b:08:75:a9:25:06:cb:76:1d:50:74:
                    39:1b:ae:28:49:dc:bc:41:be:05:32:73:33:51:dd:
                    f7:65:46:75:3b:3d:5c:26:1f:ab:73:1c:02:32:48:
                    07:2d:58:1e:7e:10:7d:cf:76:63:b4:14:5a:a8:06:
                    7e:e5:92:e9:80:73:ff:ea:c8:9f:e9:fb:df:1e:82:
                    8b:aa:60:13:5d:a1:36:15:79:1b:15:41:1f:3f:a0:
                    83:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:E4:CE:18:5C:B6:84:81:A7:C7:90:F2:9E:12:BF:A9:6E:4B:C3:39
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d8364c06-b75e-4d85-8c8c-afad4df7cd1f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8b:d6:54:b3:18:50:26:e7:45:52:33:b0:d4:b6:e4:05:21:33:
         d1:41:0d:6b:77:d9:b9:83:48:d4:8b:96:71:f3:7d:f4:e8:bc:
         6d:1a:bd:1a:2e:fa:b0:23:82:5f:74:12:6f:84:ab:a7:7e:04:
         3a:7a:84:4d:9a:55:dd:ec:93:78:ea:67:7e:0f:8d:20:02:4c:
         42:53:fb:8b:4c:a8:12:af:3e:4e:a1:01:b8:b3:c4:ba:8a:3b:
         8a:3d:90:77:e5:90:3b:c0:38:b5:ee:6d:ae:c8:d2:31:54:7b:
         33:90:02:76:f6:2e:45:b2:de:3e:4e:fc:bd:e3:6c:b1:89:d3:
         76:60:97:98:1b:79:11:0d:8b:aa:5d:0b:6d:d2:99:30:61:5b:
         7b:58:3c:b3:1b:80:71:d7:04:24:b1:95:8c:68:00:9e:8d:39:
         c9:64:33:7a:dc:d5:fa:27:61:d0:56:5c:f0:a7:e5:b7:a4:fe:
         0f:e4:c0:86:b6:02:e7:2b:01:55:9d:73:ba:76:40:fb:ba:43:
         c5:8e:bf:fd:ea:ac:bf:01:cc:37:7a:0b:e7:9c:9d:10:74:81:
         31:43:f8:16:af:c6:0c:5b:72:a3:0b:37:77:16:b4:82:b8:b4:
         3c:04:27:06:1d:c7:fa:99:ba:b8:9d:0e:1b:bb:b4:c8:8c:f5:
         53:61:55:bf
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUUwFmfWF/TSum4bFUPFSRU7rdy+4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAwMTdaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDg0MjlhZjlmMWIzMjc4OWVhYjQ3N2Y2YzcxYjUxZmIxMmI5NzhjMzM2YjFl
ZGI1Y2IwNjBjZTk1NTY1MWQ3NTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ021fCY6WXkUnW1myvzm8PaVZqpVhsEmBat8J2cSjuokvH+A+R11iOend/c
ufYfbRfberMyW3gxtA12fh+uH+X7rLp6SdJn63eLuDNMLVTqQzkh4xBmJcL+GUk8
CxNxNDQsfvuqvfmWT0e36kT+oNMY0m9U4DzsqjiUGVh5j6zF3bpPlsGaMApGfbyf
7z1yb2QZDe5JNFjowjxRxKlORwovSKIVYaAn7GsIdaklBst2HVB0ORuuKEncvEG+
BTJzM1Hd92VGdTs9XCYfq3McAjJIBy1YHn4Qfc92Y7QUWqgGfuWS6YBz/+rIn+n7
3x6Ci6pgE12hNhV5GxVBHz+ggysCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQa5M4Y
XLaEgafHkPKeEr+pbkvDOTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDgzNjRjMDYtYjc1ZS00ZDg1LThjOGMtYWZhZDRkZjdjZDFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBC6J4DAN
BgkqhkiG9w0BAQsFAAOCAQEAi9ZUsxhQJudFUjOw1LbkBSEz0UENa3fZuYNI1IuW
cfN99Oi8bRq9Gi76sCOCX3QSb4Srp34EOnqETZpV3eyTeOpnfg+NIAJMQlP7i0yo
Eq8+TqEBuLPEuoo7ij2Qd+WQO8A4te5trsjSMVR7M5ACdvYuRbLePk78veNssYnT
dmCXmBt5EQ2Lql0LbdKZMGFbe1g8sxuAcdcEJLGVjGgAno05yWQzetzV+idh0FZc
8Kflt6T+D+TAhrYC5ysBVZ1zunZA+7pDxY6//eqsvwHMN3oL55ydEHSBMUP4Fq/G
DFtyows3dxa0gri0PAQnBh3H+pm6uJ0OG7u0yIz1U2FVvw==
-----END CERTIFICATE-----