Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ba70a89c-5e6c-40ac-9a73-f92bee005d5b.roa
File:                     ba70a89c-5e6c-40ac-9a73-f92bee005d5b.roa (raw, json)
Hash identifier:          IDGnaYy820TpogfmpAFHMPJaoT//XYSS9ohQ4L7zi2o=
Subject key identifier:   89:F7:F6:D6:2B:51:BE:6A:CC:7E:4D:71:25:98:66:B1:84:35:64:92
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3295FEA01B14067DB0E46E47E7ED2DE6BCA987E9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ba70a89c-5e6c-40ac-9a73-f92bee005d5b.roa
Signing time:             Tue 18 Feb 2025 16:40:40 +0000
ROA not before:           Tue 18 Feb 2025 16:40:40 +0000
ROA not after:            Tue 25 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        87.238.80.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:95:fe:a0:1b:14:06:7d:b0:e4:6e:47:e7:ed:2d:e6:bc:a9:87:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb 18 16:40:40 2025 GMT
            Not After : Mar 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:60:50:4d:66:94:e2:11:6f:79:f4:0f:f4:bc:
                    e9:96:a9:34:30:c7:8e:d5:f5:ca:8a:c4:8f:69:6f:
                    c5:0d:6a:74:29:b0:4b:b3:2b:e5:af:2e:2c:be:86:
                    2d:ea:ca:bd:3a:0e:a4:94:56:35:91:59:5b:60:e0:
                    c7:1e:6f:2d:96:f7:78:53:f2:57:e9:91:54:0a:dd:
                    b6:d6:b0:51:56:cf:97:62:12:a4:76:52:a1:47:4f:
                    92:57:d5:6f:1c:18:ef:96:10:60:72:0c:64:b4:fa:
                    cc:51:b3:4b:71:9d:6d:fd:ce:4e:6c:e1:ef:8b:38:
                    d7:82:93:15:8a:7f:17:b6:c2:48:b8:dd:0c:58:8e:
                    b4:43:bc:b6:0f:bb:e3:e9:05:d7:f4:92:1b:71:0b:
                    d3:98:e6:10:1a:f8:31:ca:59:c3:fe:69:d0:3d:4b:
                    08:27:db:57:fb:1a:ed:b3:6b:f2:1a:29:f7:90:ee:
                    0d:cd:6b:2f:50:64:79:45:36:f6:b2:ca:13:b9:cd:
                    c8:b9:af:13:e4:ed:7b:4f:17:89:90:59:30:a2:53:
                    a8:66:56:f4:29:e5:df:b0:ab:ab:a8:b4:6f:01:f4:
                    f0:47:64:9e:2a:ac:4c:ef:62:55:92:4d:33:f8:71:
                    a2:3a:fc:ec:6b:34:0e:75:7b:64:eb:56:c9:cd:7e:
                    90:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:F7:F6:D6:2B:51:BE:6A:CC:7E:4D:71:25:98:66:B1:84:35:64:92
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ba70a89c-5e6c-40ac-9a73-f92bee005d5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.238.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         34:04:6d:a2:3c:80:ee:e4:ce:86:24:45:d1:ad:5c:a5:f5:b6:
         b1:67:a8:68:ec:57:96:bb:1f:f3:46:8c:44:54:fe:d8:d2:ed:
         b0:7f:11:d9:c6:39:41:11:81:24:1b:2b:f1:7f:da:3f:be:67:
         2a:4d:8a:d2:cf:dc:98:ef:86:1c:d5:c6:94:38:66:0c:5a:54:
         f6:f0:01:e3:da:b3:42:8b:c7:05:46:59:a4:f6:08:8b:e4:d1:
         4d:2e:6b:99:fd:36:40:6d:1d:64:5b:a0:f5:36:8f:1d:44:c0:
         20:6d:47:5e:1e:3b:ed:52:cb:d4:a6:9d:1c:96:38:5e:45:21:
         76:cd:e7:98:7a:91:63:00:09:d1:61:89:1a:b5:60:7a:0d:2e:
         6d:4b:99:de:9b:c1:16:c7:79:6c:4a:1b:f2:b5:fa:3e:06:8a:
         89:10:85:4c:4d:f1:b1:8d:ca:4a:16:ab:b0:7e:9e:01:b2:2d:
         45:1f:f0:8f:4f:00:87:a4:5c:3b:f4:f3:c8:05:19:51:04:a8:
         ee:26:4d:ca:b8:1c:0e:6d:ae:e2:e2:3e:db:a7:ac:31:bc:6e:
         fe:2c:0a:c6:55:db:0e:95:6d:a8:6c:c4:b7:9a:38:18:11:35:
         60:9c:77:38:bc:13:b5:89:08:5a:d7:2c:e5:a3:e4:e9:b1:41:
         55:1c:b5:63
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMpX+oBsUBn2w5G5H5+0t5ryph+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMTgxNjQwNDBaFw0yNTAzMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDlkMmY4OTZhZjY1YzgzZmFiZDY1MjA3ZWFmZWVhNzU3Mjg3OWRiZTBiNTBl
Y2Y2MDA0MmVkYTExNzZhNmRiOGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJVgUE1mlOIRb3n0D/S86ZapNDDHjtX1yorEj2lvxQ1qdCmwS7Mr5a8uLL6G
LerKvToOpJRWNZFZW2Dgxx5vLZb3eFPyV+mRVArdttawUVbPl2ISpHZSoUdPklfV
bxwY75YQYHIMZLT6zFGzS3Gdbf3OTmzh74s414KTFYp/F7bCSLjdDFiOtEO8tg+7
4+kF1/SSG3EL05jmEBr4McpZw/5p0D1LCCfbV/sa7bNr8hop95DuDc1rL1BkeUU2
9rLKE7nNyLmvE+Tte08XiZBZMKJTqGZW9Cnl37Crq6i0bwH08EdkniqsTO9iVZJN
M/hxojr87Gs0DnV7ZOtWyc1+kHUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSJ9/bW
K1G+asx+TXElmGaxhDVkkjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmE3MGE4OWMtNWU2Yy00MGFjLTlhNzMtZjkyYmVlMDA1ZDViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1fuUDAN
BgkqhkiG9w0BAQsFAAOCAQEANARtojyA7uTOhiRF0a1cpfW2sWeoaOxXlrsf80aM
RFT+2NLtsH8R2cY5QRGBJBsr8X/aP75nKk2K0s/cmO+GHNXGlDhmDFpU9vAB49qz
QovHBUZZpPYIi+TRTS5rmf02QG0dZFug9TaPHUTAIG1HXh477VLL1KadHJY4XkUh
ds3nmHqRYwAJ0WGJGrVgeg0ubUuZ3pvBFsd5bEob8rX6PgaKiRCFTE3xsY3KShar
sH6eAbItRR/wj08Ah6RcO/TzyAUZUQSo7iZNyrgcDm2u4uI+26esMbxu/iwKxlXb
DpVtqGzEt5o4GBE1YJx3OLwTtYkIWtcs5aPk6bFBVRy1Yw==
-----END CERTIFICATE-----