Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5744d03-14d6-49dd-bcc7-bbf41846c647.roa
File:                     e5744d03-14d6-49dd-bcc7-bbf41846c647.roa (raw, json)
Hash identifier:          NdmeWofgyrpCfwj58AJZqvUjFPMkkPBOD/kLogV7km8=
Subject key identifier:   0D:DA:3D:C4:D7:FC:11:9D:22:3E:24:7D:D9:D6:51:61:20:88:E3:4C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2E8630DEDD0FD5070B05034E8DB551FD5429848A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5744d03-14d6-49dd-bcc7-bbf41846c647.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.126.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:86:30:de:dd:0f:d5:07:0b:05:03:4e:8d:b5:51:fd:54:29:84:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:5d:8a:6c:11:18:d6:fe:6f:45:8b:79:7f:
                    f3:e7:ad:e6:89:94:82:72:15:d4:3b:f5:de:2f:87:
                    af:4d:d0:bb:2d:8c:36:60:3e:cd:da:f9:af:54:37:
                    0a:6f:05:7a:cf:47:bf:9a:75:e9:94:f0:c2:25:ae:
                    5b:db:c8:a4:4c:b3:8e:b7:b3:80:27:33:ec:f5:7e:
                    bc:1e:be:c7:63:65:fd:ad:9a:c6:f2:3d:55:46:1a:
                    b1:3d:b2:6e:e5:07:ed:ac:c7:80:2a:03:43:5e:e3:
                    74:07:13:59:66:90:f6:24:bf:86:7d:14:ef:ea:11:
                    13:cf:49:cb:49:e4:e1:12:9f:50:43:fb:d1:d7:0c:
                    cf:7d:d9:72:47:00:41:f4:65:42:e0:c6:74:f4:7e:
                    6a:e3:07:0a:9b:6b:76:47:2d:5e:4e:71:fa:52:ff:
                    b4:8f:f0:16:de:db:6c:b1:71:3a:04:31:ba:67:57:
                    52:3d:54:4f:ea:f4:ee:f8:60:37:63:28:a6:1a:e8:
                    61:60:cf:ed:31:8b:1c:66:8c:00:27:bb:ab:aa:09:
                    09:8b:0a:70:fc:d4:38:3f:0d:9b:4c:99:76:08:db:
                    59:06:57:56:e3:2d:60:f6:d9:fa:4c:a1:2c:27:af:
                    02:85:3f:4d:3e:07:91:66:de:ae:9c:dc:5d:ba:7a:
                    a9:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:DA:3D:C4:D7:FC:11:9D:22:3E:24:7D:D9:D6:51:61:20:88:E3:4C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5744d03-14d6-49dd-bcc7-bbf41846c647.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:04:c8:59:29:29:aa:64:fa:d0:0c:05:75:05:c4:78:fb:f1:
         3a:2a:36:90:ee:98:62:9c:ca:86:6e:c9:b9:f9:a8:e9:8b:da:
         05:71:f3:3b:b7:67:ac:19:8f:61:c5:63:00:0f:87:86:40:1d:
         29:12:0e:79:d8:07:f2:06:1c:96:60:11:fd:d1:a2:aa:d8:3e:
         88:5f:94:e0:67:a0:21:2f:13:dd:cb:f7:28:8f:db:86:35:27:
         a1:8c:f4:72:e4:71:62:30:73:82:3d:68:9a:7f:b3:b0:2d:59:
         8b:7a:0e:fc:15:0c:1a:eb:30:96:f4:b7:c9:92:67:01:1c:e9:
         ac:8b:e6:dc:05:b3:a7:a7:8b:03:be:a3:af:4d:45:41:50:2d:
         33:f4:ec:36:55:7f:28:5a:11:30:f9:eb:37:be:c8:1f:f4:f3:
         f0:de:63:50:aa:b3:2b:e5:2a:fc:29:86:bf:82:06:d4:4c:e6:
         58:17:d7:a3:be:9d:95:50:1d:9a:48:02:f5:59:98:5c:f9:23:
         08:9f:5d:ec:32:cf:fc:ed:9b:9c:60:82:8f:40:be:6a:02:af:
         d9:d2:e3:11:07:4c:50:6b:41:de:c1:0e:33:ab:8f:cc:4c:8f:
         93:7f:6a:0b:96:a6:8d:8b:28:13:84:ff:32:26:ae:a9:fa:c8:
         fe:da:c2:70
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIULoYw3t0P1QcLBQNOjbVR/VQphIowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyZjQyZDAxOWY0ZGVkZmQ1MDBlMzcwOTgwYTAwZjI5MzlhMDcxNTgzMTZm
YWRmMjNkMWYzYTFjODdmNDNiMzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmvXYpsERjW/m9Fi3l/8+et5omUgnIV1Dv13i+Hr03Quy2MNmA+zdr5r1Q3
Cm8Fes9Hv5p16ZTwwiWuW9vIpEyzjrezgCcz7PV+vB6+x2Nl/a2axvI9VUYasT2y
buUH7azHgCoDQ17jdAcTWWaQ9iS/hn0U7+oRE89Jy0nk4RKfUEP70dcMz33ZckcA
QfRlQuDGdPR+auMHCptrdkctXk5x+lL/tI/wFt7bbLFxOgQxumdXUj1UT+r07vhg
N2MophroYWDP7TGLHGaMACe7q6oJCYsKcPzUOD8Nm0yZdgjbWQZXVuMtYPbZ+kyh
LCevAoU/TT4HkWberpzcXbp6qf0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQN2j3E
1/wRnSI+JH3Z1lFhIIjjTDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTU3NDRkMDMtMTRkNi00OWRkLWJjYzctYmJmNDE4NDZjNjQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbAgfjAN
BgkqhkiG9w0BAQsFAAOCAQEAOgTIWSkpqmT60AwFdQXEePvxOio2kO6YYpzKhm7J
ufmo6YvaBXHzO7dnrBmPYcVjAA+HhkAdKRIOedgH8gYclmAR/dGiqtg+iF+U4Geg
IS8T3cv3KI/bhjUnoYz0cuRxYjBzgj1omn+zsC1Zi3oO/BUMGuswlvS3yZJnARzp
rIvm3AWzp6eLA76jr01FQVAtM/TsNlV/KFoRMPnrN77IH/Tz8N5jUKqzK+Uq/CmG
v4IG1EzmWBfXo76dlVAdmkgC9VmYXPkjCJ9d7DLP/O2bnGCCj0C+agKv2dLjEQdM
UGtB3sEOM6uPzEyPk39qC5amjYsoE4T/MiauqfrI/trCcA==
-----END CERTIFICATE-----