Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5744d03-14d6-49dd-bcc7-bbf41846c647.roa
File:                     e5744d03-14d6-49dd-bcc7-bbf41846c647.roa (raw, json)
Hash identifier:          5nLpYEjozv5Nj9KqB+oXATJMqzz8qHAGzexHl3SVbtM=
Subject key identifier:   89:F0:3B:FF:34:75:D8:69:73:3E:B3:B7:13:9B:8C:67:E1:83:08:03
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7CC541A623E744993790830F284E2D76E7FFAA26
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5744d03-14d6-49dd-bcc7-bbf41846c647.roa
Signing time:             Tue 04 Mar 2025 23:50:44 +0000
ROA not before:           Tue 04 Mar 2025 23:50:44 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.126.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:c5:41:a6:23:e7:44:99:37:90:83:0f:28:4e:2d:76:e7:ff:aa:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  4 23:50:44 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ab:ea:2d:d4:5a:e6:04:2e:c4:76:c1:a1:d7:
                    fe:84:05:b1:9f:1f:94:59:e4:35:89:b1:38:f8:63:
                    b9:17:db:fb:04:66:53:93:2f:a7:63:9f:80:9a:98:
                    f0:f5:01:94:83:1b:f5:a2:7b:f7:84:4e:f5:f0:e0:
                    53:2b:1d:38:bb:4b:09:67:25:f2:5d:c4:17:5e:3b:
                    dc:79:9a:8a:75:51:d7:d7:0b:e2:46:67:cd:26:40:
                    6a:c7:59:34:1d:8f:fe:89:df:72:5f:74:04:d3:11:
                    7d:c7:d1:55:9c:e4:13:8d:1c:66:28:9f:57:07:e4:
                    12:b2:55:ea:a1:73:6f:c9:c6:7e:dc:95:10:52:b3:
                    c2:4a:d2:94:66:59:b3:1a:de:1f:6c:c0:ee:3c:83:
                    36:4d:f7:80:fc:ed:2f:30:b8:b5:ea:be:64:63:3d:
                    b2:37:7a:b9:13:86:cd:ab:6a:92:a5:32:ca:13:27:
                    74:09:24:dc:5a:f7:58:6c:1a:f1:a7:54:1b:81:e3:
                    f5:12:ea:55:65:e6:a6:ff:80:75:28:a4:99:f4:c2:
                    e0:49:02:ae:50:55:bb:e8:e8:94:77:76:96:79:ac:
                    10:c1:69:0e:58:8e:60:14:a0:f2:3f:a1:a8:07:64:
                    57:a4:9e:99:68:5b:12:1d:0f:c5:b5:54:c1:19:ae:
                    3d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:F0:3B:FF:34:75:D8:69:73:3E:B3:B7:13:9B:8C:67:E1:83:08:03
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5744d03-14d6-49dd-bcc7-bbf41846c647.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:c7:31:b5:9f:ff:49:18:12:38:7d:32:66:8f:c8:c2:95:1c:
         a0:66:b5:e4:3e:d6:93:30:94:e5:22:6d:98:55:e8:c0:83:81:
         b6:15:95:ca:b8:30:dd:80:ec:d7:52:39:ad:6d:f0:af:8d:b2:
         df:88:e0:6b:45:14:8e:35:26:76:8e:da:c4:c3:88:b3:af:5f:
         1f:e9:f9:08:0a:61:6a:98:2f:8a:ea:e7:75:25:c3:4b:29:98:
         75:bc:a3:86:b1:cd:ee:f0:b3:c5:81:1a:be:d2:01:66:c9:23:
         31:2e:32:56:e2:d0:40:62:c7:0f:5f:72:8f:80:07:9e:bb:b8:
         b2:ec:36:a6:3f:90:9a:4e:7a:d5:c5:59:a7:95:7e:5e:4c:ab:
         40:84:12:28:3a:ca:49:d8:2d:38:31:40:46:6b:6c:0a:7d:4a:
         68:80:0a:c8:59:05:5e:2b:b7:a4:29:32:2d:7b:8b:7c:15:f5:
         04:cf:65:12:f8:41:31:3c:d7:df:4e:b3:49:2c:ad:7c:1c:71:
         3b:5f:90:10:0e:5a:6b:58:84:36:f3:7d:7c:52:1a:10:ac:a1:
         57:d4:af:eb:46:dc:9f:c3:a4:76:f6:16:ff:58:01:fa:67:8c:
         50:4f:2f:f2:07:5b:5b:1d:b5:b9:39:82:c2:5d:18:38:86:7d:
         ca:a9:a0:02
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUfMVBpiPnRJk3kIMPKE4tduf/qiYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDQyMzUwNDRaFw0yNTA0MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQGU0Y2MxMDNmYTkxMmE0NmQ4NTU2YjE5NGRkNWNhMTY5YjQ4ZGE0ZTU2YjFh
MTE3MzNkN2RlMzE1MDVhY2M3OWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANSr6i3UWuYELsR2waHX/oQFsZ8flFnkNYmxOPhjuRfb+wRmU5Mvp2OfgJqY
8PUBlIMb9aJ794RO9fDgUysdOLtLCWcl8l3EF1473HmainVR19cL4kZnzSZAasdZ
NB2P/onfcl90BNMRfcfRVZzkE40cZiifVwfkErJV6qFzb8nGftyVEFKzwkrSlGZZ
sxreH2zA7jyDNk33gPztLzC4teq+ZGM9sjd6uROGzatqkqUyyhMndAkk3Fr3WGwa
8adUG4Hj9RLqVWXmpv+AdSikmfTC4EkCrlBVu+jolHd2lnmsEMFpDliOYBSg8j+h
qAdkV6SemWhbEh0PxbVUwRmuPSUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSJ8Dv/
NHXYaXM+s7cTm4xn4YMIAzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTU3NDRkMDMtMTRkNi00OWRkLWJjYzctYmJmNDE4NDZjNjQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbAgfjAN
BgkqhkiG9w0BAQsFAAOCAQEAascxtZ//SRgSOH0yZo/IwpUcoGa15D7WkzCU5SJt
mFXowIOBthWVyrgw3YDs11I5rW3wr42y34jga0UUjjUmdo7axMOIs69fH+n5CAph
apgviurndSXDSymYdbyjhrHN7vCzxYEavtIBZskjMS4yVuLQQGLHD19yj4AHnru4
suw2pj+Qmk561cVZp5V+XkyrQIQSKDrKSdgtODFARmtsCn1KaIAKyFkFXiu3pCky
LXuLfBX1BM9lEvhBMTzX306zSSytfBxxO1+QEA5aa1iENvN9fFIaEKyhV9Sv60bc
n8OkdvYW/1gB+meMUE8v8gdbWx21uTmCwl0YOIZ9yqmgAg==
-----END CERTIFICATE-----