Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e00516db-a674-4a02-8de9-e0ad569ecc6f.roa
File:                     e00516db-a674-4a02-8de9-e0ad569ecc6f.roa (raw, json)
Hash identifier:          uUfXKw3RdMrVOiHIy6lCHYmZmu25knoloAv5yzd9LiA=
Subject key identifier:   12:81:D9:7D:80:ED:DC:E6:70:AC:1A:52:EE:12:01:4E:D8:A6:CD:1A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       32C9BE64FB94DAF52949C355FAB030AB54180642
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e00516db-a674-4a02-8de9-e0ad569ecc6f.roa
Signing time:             Fri 21 Mar 2025 15:01:24 +0000
ROA not before:           Fri 21 Mar 2025 15:01:24 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.176.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:c9:be:64:fb:94:da:f5:29:49:c3:55:fa:b0:30:ab:54:18:06:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:01:24 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:b0:2d:40:88:06:2a:6e:72:71:b6:b1:6b:c4:
                    43:9a:94:df:62:8e:6e:61:37:76:27:9f:aa:b3:89:
                    93:46:e2:18:5e:70:82:6b:42:81:55:87:cf:15:55:
                    3b:9d:53:9d:da:46:70:93:67:90:59:c0:c9:d1:a3:
                    c3:f0:2c:0b:82:2f:1f:ad:d1:5d:a6:2d:15:8e:0a:
                    99:db:bd:0b:95:55:49:75:06:3d:24:00:9b:2a:5f:
                    1d:bc:9f:3f:50:08:11:63:dd:84:1c:e8:26:f6:51:
                    aa:35:9c:a4:78:0e:09:66:8b:dd:04:e8:c9:d3:f5:
                    7f:ff:8d:4e:16:c4:77:67:4c:b1:da:e3:ac:b7:59:
                    7e:29:32:09:c4:cc:f8:e0:d4:b8:a6:23:d2:86:f1:
                    d3:cd:46:a4:81:f7:c7:ec:ab:1d:a6:28:c0:71:a2:
                    72:69:3a:77:eb:b8:68:02:8d:21:3d:68:ee:6f:1a:
                    a3:74:7f:1b:e1:e4:a7:c9:f8:52:94:aa:47:d0:c3:
                    03:d5:92:0a:b5:bc:c0:40:80:46:c2:64:dd:09:d2:
                    1c:83:e8:7c:28:51:6c:16:b4:d0:14:b3:b6:92:23:
                    96:d2:ae:a4:77:a4:0f:f1:6c:4c:97:fc:77:f6:6c:
                    18:20:d7:e4:cd:b6:95:f5:0b:9c:7f:a0:d9:e9:47:
                    ca:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:81:D9:7D:80:ED:DC:E6:70:AC:1A:52:EE:12:01:4E:D8:A6:CD:1A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e00516db-a674-4a02-8de9-e0ad569ecc6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3a:04:3c:be:34:81:25:13:f1:1f:3c:c8:c0:10:e5:7d:a1:db:
         13:b4:ad:e8:8f:ad:82:6c:1c:00:09:46:d9:0b:c2:84:7e:1d:
         9d:34:c3:75:2d:cb:bd:f9:28:99:a4:ef:2f:23:ca:55:3c:1e:
         25:40:f5:6d:62:27:d0:09:bf:f6:3e:a3:8b:2a:02:bc:8a:ee:
         21:04:54:73:36:c8:4d:91:ee:09:c0:c5:16:ba:27:e7:60:5e:
         a8:6f:01:27:50:65:a9:d6:01:66:bd:c7:e4:a7:df:d2:31:48:
         c1:49:28:1c:f8:2f:63:a5:f4:f9:d1:99:4a:11:03:80:6c:d6:
         53:2d:8e:81:c1:e3:7e:77:ec:2d:c0:2a:2c:aa:e7:67:ac:f0:
         24:dd:5a:5c:4d:f1:db:f1:32:55:2b:1e:2c:36:ed:46:3e:9c:
         4a:2c:49:a7:c4:f7:14:b1:eb:4f:ee:36:ec:a3:ca:ea:1f:7e:
         e7:3b:d3:59:d4:fb:9c:72:31:33:35:66:37:8d:69:f5:19:cb:
         2e:ed:e2:dc:9d:69:1a:a3:25:36:32:46:88:21:bf:92:35:a8:
         eb:cc:a2:cf:cb:da:61:ee:de:90:86:01:56:38:9d:65:59:53:
         28:3c:15:70:02:37:a6:37:63:c4:03:43:25:2c:f4:e4:32:85:
         c5:ca:a3:c1
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMsm+ZPuU2vUpScNV+rAwq1QYBkIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAxMjRaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFiMGVjMzdhMGEzNTU2MWU3MjI5ZTE1YjEwMmM1OWQyOTRmYjY0ODQ4YmQ4
ZjQzYmVjNGNiMTE4NjEwNzkyMmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPmwLUCIBipucnG2sWvEQ5qU32KObmE3diefqrOJk0biGF5wgmtCgVWHzxVV
O51TndpGcJNnkFnAydGjw/AsC4IvH63RXaYtFY4Kmdu9C5VVSXUGPSQAmypfHbyf
P1AIEWPdhBzoJvZRqjWcpHgOCWaL3QToydP1f/+NThbEd2dMsdrjrLdZfikyCcTM
+ODUuKYj0obx081GpIH3x+yrHaYowHGicmk6d+u4aAKNIT1o7m8ao3R/G+Hkp8n4
UpSqR9DDA9WSCrW8wECARsJk3QnSHIPofChRbBa00BSztpIjltKupHekD/FsTJf8
d/ZsGCDX5M22lfULnH+g2elHysMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQSgdl9
gO3c5nCsGlLuEgFO2KbNGjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTAwNTE2ZGItYTY3NC00YTAyLThkZTktZTBhZDU2OWVjYzZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAisDAN
BgkqhkiG9w0BAQsFAAOCAQEAOgQ8vjSBJRPxHzzIwBDlfaHbE7St6I+tgmwcAAlG
2QvChH4dnTTDdS3LvfkomaTvLyPKVTweJUD1bWIn0Am/9j6jiyoCvIruIQRUczbI
TZHuCcDFFron52BeqG8BJ1BlqdYBZr3H5Kff0jFIwUkoHPgvY6X0+dGZShEDgGzW
Uy2OgcHjfnfsLcAqLKrnZ6zwJN1aXE3x2/EyVSseLDbtRj6cSixJp8T3FLHrT+42
7KPK6h9+5zvTWdT7nHIxMzVmN41p9RnLLu3i3J1pGqMlNjJGiCG/kjWo68yiz8va
Ye7ekIYBVjidZVlTKDwVcAI3pjdjxANDJSz05DKFxcqjwQ==
-----END CERTIFICATE-----