Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/db2d9177-e3d4-459e-980d-b68f027facc9.roa
File:                     db2d9177-e3d4-459e-980d-b68f027facc9.roa (raw, json)
Hash identifier:          uTut68X23EC85oetcJlp1U+Mko6xdiNKmuEOA+HVdAA=
Subject key identifier:   CB:6A:FA:30:3C:15:AD:46:BC:11:D1:58:A2:D7:D0:EA:36:45:94:51
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       25A34511B7F3683059789273A483C4A9E2091869
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/db2d9177-e3d4-459e-980d-b68f027facc9.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        176.32.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:a3:45:11:b7:f3:68:30:59:78:92:73:a4:83:c4:a9:e2:09:18:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ec:55:ae:1e:0d:cb:ea:ba:20:b9:03:47:32:
                    d2:5c:df:10:a6:7a:81:db:81:c2:96:55:c4:f0:8d:
                    65:23:9e:17:08:df:ab:03:78:7b:21:16:37:cf:d0:
                    9a:81:b6:71:0e:3c:7e:c6:fa:4b:8d:44:40:98:fe:
                    d3:bc:06:b2:a3:3e:dd:a5:bd:69:ee:9c:d6:88:d6:
                    bc:6b:4e:5a:9b:4e:a3:e8:77:24:a2:1d:f6:0e:8d:
                    e4:44:c6:8b:17:5d:5b:dd:ea:69:13:13:fd:7b:1b:
                    ef:3e:69:df:53:7e:d7:13:62:bd:b3:4a:8c:4f:4b:
                    6f:94:1c:3b:9c:d1:d8:28:c6:68:c4:88:06:bf:08:
                    1f:5e:e6:92:c0:86:36:b6:6e:73:70:b1:99:26:00:
                    20:18:9e:e3:d8:4f:2c:b7:fb:20:93:38:aa:61:18:
                    c5:ae:ad:93:01:1b:71:79:99:62:07:ce:65:fc:d8:
                    83:e2:a0:29:b7:67:d3:73:e4:63:9f:4f:06:52:67:
                    fa:d1:07:db:b7:ec:36:cf:d9:96:22:a7:19:bb:08:
                    07:06:be:50:4b:39:01:c6:0f:ca:63:69:64:41:41:
                    6e:67:51:60:83:9e:0f:d8:35:b9:a9:7d:b8:ee:5c:
                    fc:4c:d5:96:3b:1d:0a:c7:f2:b9:6f:59:83:f2:12:
                    37:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:6A:FA:30:3C:15:AD:46:BC:11:D1:58:A2:D7:D0:EA:36:45:94:51
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/db2d9177-e3d4-459e-980d-b68f027facc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7a:04:1f:16:ba:b2:83:34:51:28:8e:7d:02:a1:92:af:5d:1b:
         25:31:91:9c:90:d8:77:63:90:b1:71:61:1f:03:21:39:be:92:
         03:51:0f:85:64:6e:4c:21:9a:c3:92:5e:0b:90:eb:2d:0d:d3:
         63:ab:28:71:db:08:fd:d3:cb:6d:96:50:3c:cd:c7:79:12:d9:
         53:02:4c:81:04:cc:ff:ad:bd:7a:c2:e2:9f:0a:79:cc:11:21:
         a9:77:6e:45:a4:53:57:f9:53:34:84:db:bd:f2:e7:ed:2d:a4:
         b1:65:76:3b:5c:93:c6:b8:b1:a1:c0:9b:51:d2:aa:0a:41:31:
         4e:66:59:b1:ff:a7:26:70:98:0b:98:e4:08:ac:aa:ad:6d:43:
         0e:56:31:a0:3f:3d:2a:93:48:09:30:64:36:dc:51:e8:d9:14:
         f7:ca:76:47:6f:f1:bd:7e:0a:ed:94:a6:f1:0f:4e:95:56:77:
         13:62:a0:a6:a3:5a:46:00:a4:89:df:87:46:e2:a0:92:5c:1c:
         c6:7f:8d:8c:bf:c5:96:7f:c8:e2:32:fb:df:f1:7d:8f:73:88:
         9d:2e:5f:67:11:4e:46:cb:c4:e4:ce:e2:23:41:39:8f:db:9c:
         50:d7:cb:4c:61:e6:df:da:bd:dd:ed:4f:90:df:d4:e1:5f:48:
         84:a7:f3:f8
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUJaNFEbfzaDBZeJJzpIPEqeIJGGkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAxMTAwMDAwMDBaFw0yNTAyMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGUxNDQ2M2IzMGM4ZTczZGM3OTVjZGFlMjU5YWU4ZDkzMTk2YzRmNzRjNDZh
ODM4Y2RjMGVmY2Y0NjhiNDk1ZDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN3sVa4eDcvquiC5A0cy0lzfEKZ6gduBwpZVxPCNZSOeFwjfqwN4eyEWN8/Q
moG2cQ48fsb6S41EQJj+07wGsqM+3aW9ae6c1ojWvGtOWptOo+h3JKId9g6N5ETG
ixddW93qaRMT/Xsb7z5p31N+1xNivbNKjE9Lb5QcO5zR2CjGaMSIBr8IH17mksCG
NrZuc3CxmSYAIBie49hPLLf7IJM4qmEYxa6tkwEbcXmZYgfOZfzYg+KgKbdn03Pk
Y59PBlJn+tEH27fsNs/ZliKnGbsIBwa+UEs5AcYPymNpZEFBbmdRYIOeD9g1ual9
uO5c/EzVljsdCsfyuW9Zg/ISN5MCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTLavow
PBWtRrwR0Vii19DqNkWUUTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGIyZDkxNzctZTNkNC00NTllLTk4MGQtYjY4ZjAyN2ZhY2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7AgYDAN
BgkqhkiG9w0BAQsFAAOCAQEAegQfFrqygzRRKI59AqGSr10bJTGRnJDYd2OQsXFh
HwMhOb6SA1EPhWRuTCGaw5JeC5DrLQ3TY6socdsI/dPLbZZQPM3HeRLZUwJMgQTM
/629esLinwp5zBEhqXduRaRTV/lTNITbvfLn7S2ksWV2O1yTxrixocCbUdKqCkEx
TmZZsf+nJnCYC5jkCKyqrW1DDlYxoD89KpNICTBkNtxR6NkU98p2R2/xvX4K7ZSm
8Q9OlVZ3E2KgpqNaRgCkid+HRuKgklwcxn+NjL/Fln/I4jL73/F9j3OInS5fZxFO
RsvE5M7iI0E5j9ucUNfLTGHm39q93e1PkN/U4V9IhKfz+A==
-----END CERTIFICATE-----