Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9eecfa6d-eb1b-4f11-9ed3-450a21abdc1d.roa
File:                     9eecfa6d-eb1b-4f11-9ed3-450a21abdc1d.roa (raw, json)
Hash identifier:          t98MW9qjfVxGFQ/Qnh8Qo1lzxFA3kAtvB78qsMr5O+4=
Subject key identifier:   AF:1C:E6:49:4A:E9:96:E0:0B:15:31:C7:B2:D4:85:4B:BA:B5:42:57
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       228538820EA5DE5DA9DDE8AD576C2602F76A5E29
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9eecfa6d-eb1b-4f11-9ed3-450a21abdc1d.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.104.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:85:38:82:0e:a5:de:5d:a9:dd:e8:ad:57:6c:26:02:f7:6a:5e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:2a:ae:e3:ff:3a:36:e0:71:10:40:ae:b8:70:
                    06:8b:7b:82:f4:9f:94:bf:c9:c8:27:6d:1c:34:71:
                    e6:40:7a:79:b1:72:44:02:14:f1:e0:c2:06:83:64:
                    dd:53:35:fd:d6:9b:05:e9:f7:82:90:d1:94:91:10:
                    cd:48:ed:6a:4e:1b:b1:73:cd:d9:0b:75:d2:b1:8e:
                    6b:65:24:45:3b:23:8a:26:9c:62:35:dd:9c:e6:95:
                    b7:18:cd:23:12:7f:b1:ca:b7:47:65:a3:f5:fa:47:
                    41:d1:13:13:03:ce:8b:85:6e:67:70:a8:ff:ff:52:
                    7c:01:46:c9:4e:16:b6:62:61:bd:85:a2:ed:f6:9f:
                    be:79:54:6d:84:8e:2d:da:78:bb:44:b8:7c:84:f3:
                    17:64:c6:bf:10:ae:ba:54:f9:fb:f8:49:0e:4c:75:
                    9b:ae:6f:a2:83:2b:c2:32:b6:bf:ec:0b:2d:e0:3f:
                    ca:f8:08:41:78:b1:3e:a2:12:ee:77:27:20:e7:3b:
                    ea:7f:ad:ee:f1:b2:c1:51:63:bd:8e:27:af:55:31:
                    32:f0:da:03:b2:1d:d6:e7:55:3d:b7:b0:96:53:15:
                    3b:04:20:2e:86:de:36:b1:f3:e8:a2:f0:f6:dd:b3:
                    68:bd:55:f6:cc:ca:7e:89:1c:04:49:63:60:71:62:
                    d1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:1C:E6:49:4A:E9:96:E0:0B:15:31:C7:B2:D4:85:4B:BA:B5:42:57
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9eecfa6d-eb1b-4f11-9ed3-450a21abdc1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9d:ac:0b:0a:2b:aa:f1:11:2f:46:d2:8c:84:93:b2:15:14:5f:
         a5:d6:66:32:78:de:a2:b3:e1:d9:fa:cb:8e:c5:07:40:63:06:
         56:bb:74:7a:9e:eb:39:d2:d3:b1:5a:7a:d0:d4:ef:65:ec:11:
         f0:8a:41:ce:16:3d:f5:9c:b3:4c:1f:0b:ab:d4:72:4c:c4:c5:
         fd:3d:b7:a0:f1:72:9a:8b:15:54:3f:ad:3b:85:d2:2e:ca:53:
         5e:1b:0b:b2:b6:04:da:f9:c6:e3:2b:d1:e9:4c:87:96:2b:6d:
         b1:55:22:d3:ad:a2:24:f1:01:58:6a:9a:ab:61:71:0c:d6:34:
         73:23:c2:b5:13:9b:d0:4c:91:e8:95:05:bf:dc:22:66:65:66:
         fb:2d:4e:e3:d8:cc:a1:11:fb:b6:a0:75:98:03:cb:c5:82:3a:
         75:39:1e:27:b1:55:12:09:03:67:d9:c8:73:6b:33:ee:cb:3c:
         28:a4:9a:01:8c:af:e7:b9:81:8e:87:f0:df:26:19:5d:31:88:
         eb:d8:4a:60:55:02:cd:28:82:29:68:cc:68:c2:b2:63:a7:bb:
         a9:a0:17:83:95:4b:3d:f1:81:d4:b7:20:bd:15:61:b4:8a:45:
         67:41:8a:c4:ae:f9:3d:0d:f2:0d:59:ed:31:9a:6d:09:49:a2:
         ec:47:87:54
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIoU4gg6l3l2p3eitV2wmAvdqXikwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ1MGUwNTZhYWVkZDBmZTdlOGM1ZTllYmRjYzRiMmQ3YTIyN2Y5Nzk2MGZh
YWRjM2UxZDAzNWNlZmI2MzRhMmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOgqruP/OjbgcRBArrhwBot7gvSflL/JyCdtHDRx5kB6ebFyRAIU8eDCBoNk
3VM1/dabBen3gpDRlJEQzUjtak4bsXPN2Qt10rGOa2UkRTsjiiacYjXdnOaVtxjN
IxJ/scq3R2Wj9fpHQdETEwPOi4VuZ3Co//9SfAFGyU4WtmJhvYWi7fafvnlUbYSO
Ldp4u0S4fITzF2TGvxCuulT5+/hJDkx1m65vooMrwjK2v+wLLeA/yvgIQXixPqIS
7ncnIOc76n+t7vGywVFjvY4nr1UxMvDaA7Id1udVPbewllMVOwQgLobeNrHz6KLw
9t2zaL1V9szKfokcBEljYHFi0VcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSvHOZJ
SumW4AsVMcey1IVLurVCVzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWVlY2ZhNmQtZWIxYi00ZjExLTllZDMtNDUwYTIxYWJkYzFkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7AgaDAN
BgkqhkiG9w0BAQsFAAOCAQEAnawLCiuq8REvRtKMhJOyFRRfpdZmMnjeorPh2frL
jsUHQGMGVrt0ep7rOdLTsVp60NTvZewR8IpBzhY99ZyzTB8Lq9RyTMTF/T23oPFy
mosVVD+tO4XSLspTXhsLsrYE2vnG4yvR6UyHlittsVUi062iJPEBWGqaq2FxDNY0
cyPCtROb0EyR6JUFv9wiZmVm+y1O49jMoRH7tqB1mAPLxYI6dTkeJ7FVEgkDZ9nI
c2sz7ss8KKSaAYyv57mBjofw3yYZXTGI69hKYFUCzSiCKWjMaMKyY6e7qaAXg5VL
PfGB1LcgvRVhtIpFZ0GKxK75PQ3yDVntMZptCUmi7EeHVA==
-----END CERTIFICATE-----