Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa
File:                     11f67075-d744-49be-809b-fca0d72c41e0.roa (raw, json)
Hash identifier:          pleA/6uxU5Z/D8KE5VybyF8T7WWptTvA5iSiOvTFK5Q=
Subject key identifier:   EB:7A:30:6E:FD:BE:5B:8E:83:2B:6A:8E:01:1A:98:53:8C:14:36:E4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       016B652F81ABA226B711D8DCCC51CBB4FC94F79B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa
Signing time:             Sat 18 Mar 2023 00:00:00 +0000
ROA not before:           Sat 18 Mar 2023 00:00:00 +0000
ROA not after:            Sat 22 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Mar 2023 16:08:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:6b:65:2f:81:ab:a2:26:b7:11:d8:dc:cc:51:cb:b4:fc:94:f7:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 00:00:00 2023 GMT
            Not After : Apr 22 23:59:59 2023 GMT
        Subject: serialNumber=f8e319938a2b0d7ca842fe2896ab265007e1003713af3e9309deb79b3ee194a4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:01:42:a3:8c:76:b8:35:2d:c2:58:55:61:69:
                    ad:27:fa:4f:a6:d5:7b:3c:ef:35:16:2a:34:03:ce:
                    f7:db:67:26:2d:d5:35:2c:fe:76:3a:da:83:f0:fa:
                    0a:80:d8:b9:89:4a:0a:2b:bc:34:99:ac:ca:e1:ba:
                    81:85:25:4a:fa:8d:4a:fe:88:8a:99:1e:21:6b:07:
                    a1:00:c4:64:83:45:11:3b:1e:15:1c:57:72:db:ab:
                    e1:f0:47:7f:07:a5:04:7b:92:3c:d5:58:d9:b6:2b:
                    7b:0c:68:19:8e:44:3f:bb:6f:d9:8b:cd:48:06:a4:
                    6e:53:de:97:58:3f:31:20:1c:3b:8d:22:01:2c:40:
                    29:29:ab:19:d2:10:5f:e6:74:49:e9:9a:c5:71:a8:
                    90:a9:07:20:d7:4a:a0:30:fa:3a:0a:bc:e8:b8:9c:
                    55:f1:c4:36:c1:59:09:4c:3a:86:30:42:7b:ce:d7:
                    dd:18:90:d7:8a:22:6a:94:32:d6:e6:12:9f:89:ca:
                    7b:84:ca:b4:6d:44:9a:2b:6f:e3:cb:9d:57:6f:ca:
                    88:a1:21:39:63:b5:72:1b:7c:eb:a5:c8:ee:2b:6f:
                    59:1d:a6:d2:e3:3f:74:87:9c:57:12:d8:20:53:6b:
                    9f:9f:99:6d:f5:94:e9:55:1a:09:16:9b:ee:bc:82:
                    5a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                EB:7A:30:6E:FD:BE:5B:8E:83:2B:6A:8E:01:1A:98:53:8C:14:36:E4
            X509v3 Authority Key Identifier: 
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         03:47:47:dd:e5:eb:51:c4:d2:fc:49:0b:ec:8b:da:34:e4:fe:
         ea:86:ec:58:44:0a:83:76:b1:ec:62:3e:4b:1c:4f:80:e3:ae:
         11:6f:ba:75:5b:8c:44:2d:17:32:de:19:57:a4:62:8d:a3:ee:
         d0:2a:cd:9b:fd:ce:5f:28:f4:73:c2:46:7c:74:93:be:00:54:
         48:54:e9:bd:8e:bf:84:8b:d7:d5:b9:e1:31:c5:8d:93:28:83:
         5e:03:b7:3b:29:78:a2:10:9c:35:a1:a5:0e:ec:29:02:23:24:
         fc:43:9f:c6:56:bf:25:18:3f:98:6e:e1:da:60:5e:5a:3e:d5:
         50:59:ba:53:4f:be:68:60:a7:b0:20:63:f5:28:31:57:eb:ed:
         bd:5c:fb:aa:d4:b0:31:3f:cf:c3:82:fd:e3:42:ef:84:5b:21:
         35:63:d1:ae:e5:f2:88:af:72:f9:0d:87:a0:70:a3:bc:86:ca:
         5c:43:b3:08:65:30:ac:5e:31:39:2d:04:80:d8:37:6a:6f:67:
         2e:78:a7:b2:26:27:fe:17:22:b0:74:a4:38:d1:dc:54:89:bf:
         35:32:86:8b:f3:6b:dc:44:e5:41:63:49:db:9a:0d:d3:25:f9:
         c9:32:7f:2a:99:c2:ed:a1:bc:f3:70:c9:c2:01:a7:7f:84:c8:
         96:f8:78:be
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIUAWtlL4Groia3EdjczFHLtPyU95swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzAzMTgwMDAwMDBaFw0yMzA0MjIyMzU5NTlaMIGlMUkwRwYD
VQQFE0BmOGUzMTk5MzhhMmIwZDdjYTg0MmZlMjg5NmFiMjY1MDA3ZTEwMDM3MTNh
ZjNlOTMwOWRlYjc5YjNlZTE5NGE0MS0wKwYDVQQDEyQ2NjE1YTM4Yi0zYWQ3LTQ3
YjctOGZiMi02ODVjMzhkMDA5MTQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
wgFCo4x2uDUtwlhVYWmtJ/pPptV7PO81Fio0A87322cmLdU1LP52OtqD8PoKgNi5
iUoKK7w0mazK4bqBhSVK+o1K/oiKmR4hawehAMRkg0UROx4VHFdy26vh8Ed/B6UE
e5I81VjZtit7DGgZjkQ/u2/Zi81IBqRuU96XWD8xIBw7jSIBLEApKasZ0hBf5nRJ
6ZrFcaiQqQcg10qgMPo6CrzouJxV8cQ2wVkJTDqGMEJ7ztfdGJDXiiJqlDLW5hKf
icp7hMq0bUSaK2/jy51Xb8qIoSE5Y7VyG3zrpcjuK29ZHabS4z90h5xXEtggU2uf
n5lt9ZTpVRoJFpvuvIJaSQIDAQABo4ICIzCCAh8wHQYDVR0OBBYEFOt6MG79vluO
gytqjgEamFOMFDbkMB8GA1UdIwQYMBaAFItiY9vpeZ3WeT4OiCrSHLSEmXC8MA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvaTJKajItbDVuZFo1
UGc2SUt0SWN0SVNaY0x3LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lL2RiYThmMDFjLTk2NjktNDRhMy1hYzZlLWRiMmVkYjA5OWI4NC8xMWY2
NzA3NS1kNzQ0LTQ5YmUtODA5Yi1mY2EwZDcyYzQxZTAucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
dU9EYXRkdFljMUhyaHRVUVZReXJESzA4R2VJLmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgXQeCAwDQYJ
KoZIhvcNAQELBQADggEBAANHR93l61HE0vxJC+yL2jTk/uqG7FhECoN2sexiPksc
T4DjrhFvunVbjEQtFzLeGVekYo2j7tAqzZv9zl8o9HPCRnx0k74AVEhU6b2Ov4SL
19W54THFjZMog14DtzspeKIQnDWhpQ7sKQIjJPxDn8ZWvyUYP5hu4dpgXlo+1VBZ
ulNPvmhgp7AgY/UoMVfr7b1c+6rUsDE/z8OC/eNC74RbITVj0a7l8oivcvkNh6Bw
o7yGylxDswhlMKxeMTktBIDYN2pvZy54p7ImJ/4XIrB0pDjR3FSJvzUyhovza9xE
5UFjSduaDdMl+ckyfyqZwu2hvPNwycIBp3+EyJb4eL4=
-----END CERTIFICATE-----
Generated at Sat Mar 18 00:25:51 2023 by rpki-client on console-fra.rpki-client.org