Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ec82a459-cf20-418a-8b9d-03c08dc90b73.roa
File:                     ec82a459-cf20-418a-8b9d-03c08dc90b73.roa (raw, json)
Hash identifier:          OrSewg7KXHdeKB8YUNVl4A48iAhZiHxkFpVSIhPEIh8=
Subject key identifier:   70:36:1D:C7:72:41:53:A3:DF:F3:BA:A2:6C:23:93:7A:7B:29:2E:5B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       437992087F82762A29269BB905B1CA7222FEB3C1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ec82a459-cf20-418a-8b9d-03c08dc90b73.roa
Signing time:             Tue 01 Apr 2025 15:00:21 +0000
ROA not before:           Tue 01 Apr 2025 15:00:21 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:79:92:08:7f:82:76:2a:29:26:9b:b9:05:b1:ca:72:22:fe:b3:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  1 15:00:21 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fc:c2:4c:5c:01:9a:44:8d:a3:42:b3:ec:7d:
                    18:73:5f:d9:ef:c6:e8:ff:73:f3:a3:7e:fa:c9:2f:
                    00:24:ba:6e:f2:7b:04:d7:64:2c:6c:80:e6:6e:96:
                    18:0f:05:66:7e:39:1e:ab:87:da:74:22:40:d8:3b:
                    03:3b:ee:9e:32:93:87:b0:4d:70:82:7a:12:49:94:
                    cb:7a:33:d6:e4:92:98:4f:b2:aa:02:5e:82:8c:16:
                    9f:18:5e:9e:96:77:b8:c2:ad:2e:95:e6:70:63:2c:
                    b7:95:4a:f6:4f:79:32:8f:07:2c:f8:04:8e:a3:b9:
                    8f:f8:df:01:59:52:ab:f0:de:33:14:3b:54:c1:e9:
                    d8:39:09:6c:e9:7c:02:88:3a:cd:81:dc:c3:f3:f4:
                    ce:6b:b7:3e:29:83:87:3f:38:d4:67:3c:31:83:e8:
                    16:03:30:e4:2e:9f:17:ed:44:ee:15:6a:6e:c1:d7:
                    39:04:85:b7:f1:a2:24:37:26:df:80:2a:f5:90:5c:
                    79:5e:17:0f:f9:49:85:85:a3:19:d7:11:12:e5:13:
                    1c:49:cb:7b:ea:eb:ce:dc:77:f3:ba:bc:80:9c:e2:
                    aa:bb:ff:87:fc:ce:af:f4:7f:4b:58:97:fa:72:58:
                    09:4b:43:09:02:90:79:6a:6a:da:0a:0e:50:51:28:
                    9b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:36:1D:C7:72:41:53:A3:DF:F3:BA:A2:6C:23:93:7A:7B:29:2E:5B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ec82a459-cf20-418a-8b9d-03c08dc90b73.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:26:92:89:e2:a7:a9:57:50:bb:6d:f1:52:59:a0:fd:55:64:
         85:54:d3:a7:cc:2a:0c:93:21:c5:8f:73:8f:17:f6:65:55:fd:
         95:c6:da:54:41:66:22:6d:c3:3b:47:70:c4:ed:8e:38:2f:5c:
         c9:7c:c2:99:85:f1:6f:f6:98:46:6e:51:2d:d0:12:41:8e:4c:
         ca:33:40:2d:e7:71:f9:32:d3:42:6c:b7:b5:74:7b:9f:01:d9:
         7c:9a:b5:58:21:f2:fe:db:8a:33:ec:5b:fc:cc:d6:0b:d2:13:
         2d:2a:1f:4d:b5:9c:46:80:20:c5:f3:14:e6:06:f2:66:a1:26:
         2b:ea:8b:17:07:65:d0:dc:52:08:96:75:b1:98:a7:69:38:78:
         12:1c:5d:22:67:1b:ec:81:f8:65:67:61:e9:78:47:e2:22:db:
         83:3d:c3:1b:1e:81:5a:85:db:aa:63:c2:5a:4d:9a:f8:38:70:
         5b:f9:30:cd:c6:6a:72:ee:f9:74:a9:09:c4:17:fb:b0:d1:a3:
         21:25:17:89:bc:7c:1b:20:d4:bc:43:92:b9:3e:91:53:d5:4a:
         b9:8e:40:e8:66:f6:8d:5f:6c:d3:25:af:1f:3a:df:99:cb:3c:
         7f:d1:64:14:d0:15:c6:af:4d:9c:59:eb:52:15:b6:bc:85:4c:
         54:69:a7:a0
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQ3mSCH+CdiopJpu5BbHKciL+s8EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAwMjFaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDc5MTEyZjFlZmI1NjY2NzZkNWE3MWI0OTliYTQ1NDgyZmY5ODM5NTkzNDRk
ZTRkYzE0OTA0MGIyNmJmYTFmMjcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJL8wkxcAZpEjaNCs+x9GHNf2e/G6P9z86N++skvACS6bvJ7BNdkLGyA5m6W
GA8FZn45HquH2nQiQNg7AzvunjKTh7BNcIJ6EkmUy3oz1uSSmE+yqgJegowWnxhe
npZ3uMKtLpXmcGMst5VK9k95Mo8HLPgEjqO5j/jfAVlSq/DeMxQ7VMHp2DkJbOl8
Aog6zYHcw/P0zmu3PimDhz841Gc8MYPoFgMw5C6fF+1E7hVqbsHXOQSFt/GiJDcm
34Aq9ZBceV4XD/lJhYWjGdcREuUTHEnLe+rrztx387q8gJziqrv/h/zOr/R/S1iX
+nJYCUtDCQKQeWpq2goOUFEomyECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRwNh3H
ckFTo9/zuqJsI5N6eykuWzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWM4MmE0NTktY2YyMC00MThhLThiOWQtMDNjMDhkYzkwYjczLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE99AzAN
BgkqhkiG9w0BAQsFAAOCAQEAxSaSieKnqVdQu23xUlmg/VVkhVTTp8wqDJMhxY9z
jxf2ZVX9lcbaVEFmIm3DO0dwxO2OOC9cyXzCmYXxb/aYRm5RLdASQY5MyjNALedx
+TLTQmy3tXR7nwHZfJq1WCHy/tuKM+xb/MzWC9ITLSofTbWcRoAgxfMU5gbyZqEm
K+qLFwdl0NxSCJZ1sZinaTh4EhxdImcb7IH4ZWdh6XhH4iLbgz3DGx6BWoXbqmPC
Wk2a+DhwW/kwzcZqcu75dKkJxBf7sNGjISUXibx8GyDUvEOSuT6RU9VKuY5A6Gb2
jV9s0yWvHzrfmcs8f9FkFNAVxq9NnFnrUhW2vIVMVGmnoA==
-----END CERTIFICATE-----