Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df740e2f-8ce5-4b1b-a95e-60487d9388a6.roa
File:                     df740e2f-8ce5-4b1b-a95e-60487d9388a6.roa (raw, json)
Hash identifier:          I/om3WQrLlbGQPGPhzUhg33a+AOp9NEqdsAyVjuW54U=
Subject key identifier:   2D:BD:F8:9A:BC:74:90:4A:34:FD:31:16:84:AC:70:53:F4:28:24:B5
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       565227B4CF8D3F24A7C2F9F24BB710F50354FA55
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df740e2f-8ce5-4b1b-a95e-60487d9388a6.roa
Signing time:             Tue 18 Mar 2025 17:01:06 +0000
ROA not before:           Tue 18 Mar 2025 17:01:06 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:52:27:b4:cf:8d:3f:24:a7:c2:f9:f2:4b:b7:10:f5:03:54:fa:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 17:01:06 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:24:3f:f6:a2:e8:d0:08:15:a8:64:9a:21:f1:
                    7f:6d:93:b8:5c:90:58:0c:e4:cb:44:73:84:f3:8c:
                    64:12:ed:28:9e:ed:00:0d:e4:1e:c2:a6:21:be:42:
                    34:cf:84:5f:4c:1a:db:9b:ed:e7:3b:8d:3a:c1:79:
                    b4:7c:66:96:2a:9e:a2:81:62:60:82:b3:27:97:ae:
                    d7:57:83:ef:a7:6c:47:06:dc:7f:14:c4:dd:b6:45:
                    a8:3c:84:ad:76:93:6b:41:3b:3d:0a:27:4f:e8:2b:
                    05:64:80:be:cf:17:ff:cf:de:a7:8c:d1:8c:21:7c:
                    69:38:e7:b1:20:eb:a7:34:83:46:87:cf:d0:ee:83:
                    ef:a0:43:1b:ce:55:ca:a0:47:b2:81:16:25:d5:d2:
                    08:d8:a1:dc:72:a3:a5:04:73:ae:e8:54:bc:55:9f:
                    77:1b:6c:fd:48:42:30:f3:13:5d:8e:ef:5b:d7:b3:
                    18:a7:ca:fa:5a:4f:e0:02:8c:ac:4f:3d:7e:75:74:
                    2a:1b:bf:1b:0f:89:89:49:cb:e3:07:20:35:46:ab:
                    e3:20:34:32:c8:a6:61:7a:9c:9d:bd:33:f7:58:e2:
                    7b:0e:fa:87:6b:42:27:c6:b9:e8:cd:4b:5f:95:cc:
                    de:b5:7e:99:74:88:2c:2c:ea:d3:d6:28:b2:2b:ba:
                    df:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:BD:F8:9A:BC:74:90:4A:34:FD:31:16:84:AC:70:53:F4:28:24:B5
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df740e2f-8ce5-4b1b-a95e-60487d9388a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:26:65:f8:86:e0:dd:a2:e7:d9:96:01:eb:69:aa:a4:76:0f:
         2f:93:ae:bc:43:cb:7d:cd:4e:f8:88:54:a6:b3:67:4b:f7:68:
         3e:3b:bc:37:a7:23:dd:fa:a9:60:55:e4:02:41:e7:31:2a:8d:
         bc:1f:4a:45:8d:d0:c4:a6:1b:d1:6a:1f:40:0d:4b:28:9b:e4:
         e0:f9:f2:fc:28:a2:8d:c0:ca:d3:4e:55:2d:ef:fc:d5:17:22:
         5b:c1:36:4a:73:9c:15:8e:5f:29:03:26:77:d1:ba:9a:81:50:
         94:f3:76:90:4d:7c:90:ad:0b:0e:d3:b7:0e:f4:3c:18:c4:e7:
         0a:ed:b8:c9:05:33:6c:bb:d9:4d:22:44:ae:db:ac:c6:22:87:
         81:3b:12:2f:da:3f:97:b4:72:5a:e2:8f:78:c2:de:1a:4b:71:
         81:68:1b:d4:4d:81:1a:c1:c4:b7:74:d8:03:b9:f3:02:2e:89:
         bd:ac:71:11:ee:cb:c4:25:d2:e0:3f:34:a0:2c:1d:13:80:d0:
         28:bd:35:6d:29:9b:df:5d:23:d9:50:cd:83:82:40:d4:58:dd:
         da:46:3b:4e:8b:70:6b:b2:1d:1b:9d:a8:9a:ec:9f:cc:30:4a:
         4b:14:29:56:93:4c:9b:fc:73:e7:94:c3:8d:2e:77:1a:28:18:
         09:b3:41:63
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUVlIntM+NPySnwvnyS7cQ9QNU+lUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMTgxNzAxMDZaFw0yNTA0MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQyOTg1MzFiZmJmNjkxMmQwMmUyZDE4NzNmMjE2OTdjYzIxOGNlYmE2NWEx
MjQ1ZjQ5YWZjYjU0NWIyOGJiY2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM8kP/ai6NAIFahkmiHxf22TuFyQWAzky0RzhPOMZBLtKJ7tAA3kHsKmIb5C
NM+EX0wa25vt5zuNOsF5tHxmliqeooFiYIKzJ5eu11eD76dsRwbcfxTE3bZFqDyE
rXaTa0E7PQonT+grBWSAvs8X/8/ep4zRjCF8aTjnsSDrpzSDRofP0O6D76BDG85V
yqBHsoEWJdXSCNih3HKjpQRzruhUvFWfdxts/UhCMPMTXY7vW9ezGKfK+lpP4AKM
rE89fnV0Khu/Gw+JiUnL4wcgNUar4yA0MsimYXqcnb0z91jiew76h2tCJ8a56M1L
X5XM3rV+mXSILCzq09Yosiu63/0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQtvfia
vHSQSjT9MRaErHBT9CgktTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGY3NDBlMmYtOGNlNS00YjFiLWE5NWUtNjA0ODdkOTM4OGE2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi6JyDAN
BgkqhkiG9w0BAQsFAAOCAQEAPyZl+Ibg3aLn2ZYB62mqpHYPL5OuvEPLfc1O+IhU
prNnS/doPju8N6cj3fqpYFXkAkHnMSqNvB9KRY3QxKYb0WofQA1LKJvk4Pny/Cii
jcDK005VLe/81RciW8E2SnOcFY5fKQMmd9G6moFQlPN2kE18kK0LDtO3DvQ8GMTn
Cu24yQUzbLvZTSJErtusxiKHgTsSL9o/l7RyWuKPeMLeGktxgWgb1E2BGsHEt3TY
A7nzAi6JvaxxEe7LxCXS4D80oCwdE4DQKL01bSmb310j2VDNg4JA1Fjd2kY7Totw
a7IdG52omuyfzDBKSxQpVpNMm/xz55TDjS53GigYCbNBYw==
-----END CERTIFICATE-----