Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/16e83d89-9c29-4d70-9d1d-85e4dc7e3d6e.roa
File:                     16e83d89-9c29-4d70-9d1d-85e4dc7e3d6e.roa (raw, json)
Hash identifier:          39LoxODUj0XPIyZNJLrYYYQiVlR6ctbO3HxrnfMhgsc=
Subject key identifier:   27:F1:CC:E9:9A:41:8B:DD:E8:9C:BA:75:CA:D8:29:9C:DD:DE:E2:43
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       35047829F1A4674E833BD981BF6680EE4D5C429E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/16e83d89-9c29-4d70-9d1d-85e4dc7e3d6e.roa
Signing time:             Fri 15 Nov 2024 00:00:00 +0000
ROA not before:           Fri 15 Nov 2024 00:00:00 +0000
ROA not after:            Fri 20 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:04:78:29:f1:a4:67:4e:83:3b:d9:81:bf:66:80:ee:4d:5c:42:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Nov 15 00:00:00 2024 GMT
            Not After : Dec 20 23:59:59 2024 GMT
        Subject: serialNumber=6bf1ee41f477f7cc0a949fb3c9e2c22c6fd4cb39426c66ae41929581d96304dd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6a:85:60:25:31:aa:c7:dd:64:6e:44:b7:ef:
                    25:f4:21:1f:6a:f1:68:c2:ce:8e:e4:28:30:dc:12:
                    05:1d:db:10:af:c7:77:60:e4:e3:6e:ee:e3:5c:2f:
                    c6:9a:da:21:84:e5:f0:7a:6d:3d:69:a1:1c:c2:4a:
                    93:1c:51:40:0a:1d:f4:83:44:43:1c:cb:07:d4:97:
                    e2:12:7f:db:82:67:eb:d7:a6:1f:96:0c:cc:e7:d7:
                    b6:fd:e7:d5:01:8e:41:bb:3e:51:17:77:73:c2:35:
                    40:60:66:af:d2:1a:29:bf:1d:7e:93:bf:54:fa:77:
                    93:1e:01:e1:4a:a2:5d:7f:f0:9f:3f:16:a7:ae:c3:
                    ff:41:ea:18:41:ec:2b:14:af:9f:fb:99:9e:42:81:
                    83:52:89:fd:29:6a:9a:68:ec:3a:4f:be:6f:67:6e:
                    de:da:ea:02:79:a2:b7:85:d2:37:4d:07:03:e0:ab:
                    99:ba:4c:9b:e3:ce:8d:43:76:9e:cf:fb:2c:c1:4c:
                    23:57:02:14:72:69:bb:cb:ea:74:5d:c2:fe:6e:d4:
                    75:9f:6e:d3:d5:76:34:72:15:6a:1d:92:02:af:2a:
                    eb:13:ff:99:5a:85:28:8a:e8:f7:8c:70:f8:9e:53:
                    88:6f:2f:79:8d:6e:90:7d:d2:70:aa:63:95:dd:40:
                    32:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:F1:CC:E9:9A:41:8B:DD:E8:9C:BA:75:CA:D8:29:9C:DD:DE:E2:43
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/16e83d89-9c29-4d70-9d1d-85e4dc7e3d6e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         84:35:cb:f9:4e:d7:23:31:ea:13:bf:e1:de:fa:d3:49:09:f6:
         3e:8a:f8:ef:75:ce:aa:0d:6f:0e:f6:1f:78:a3:5a:cc:50:0f:
         be:96:b8:93:f1:7e:09:a4:66:28:5f:d9:e6:bb:bb:5d:ae:3f:
         bb:10:78:fe:d6:f6:10:a1:94:7b:a0:1e:f1:c3:71:43:24:b2:
         bf:20:36:3b:e9:4f:10:67:54:c9:14:55:a3:65:b6:6b:ff:7d:
         50:6c:32:30:55:31:58:62:a8:61:75:90:f6:61:fa:d6:3a:50:
         29:59:00:86:9a:c0:bb:02:6f:16:f8:36:81:93:3c:5b:c1:df:
         22:e2:ad:9d:7b:24:a9:8e:5a:28:7f:93:14:f7:79:b1:f2:73:
         f9:3f:13:d1:39:10:ee:93:36:d6:c5:5d:de:8d:c7:84:e1:10:
         88:b3:ec:ff:10:92:ad:cf:b9:bf:75:08:07:f6:af:b9:8a:11:
         63:74:c0:42:26:ae:8b:af:e3:0f:e5:81:97:92:05:ac:08:75:
         c6:e5:d6:03:47:ec:77:ed:b6:87:0d:82:c9:70:7e:0f:05:cc:
         27:36:d3:5d:7f:7f:6f:b0:8b:1f:83:be:75:c2:d5:e1:84:3b:
         de:da:67:0c:60:00:c3:8a:c8:40:c3:17:a7:02:52:6a:ff:16:
         56:74:a6:55
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNQR4KfGkZ06DO9mBv2aA7k1cQp4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDExMTUwMDAwMDBaFw0yNDEyMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiZjFlZTQxZjQ3N2Y3Y2MwYTk0OWZiM2M5ZTJjMjJjNmZkNGNiMzk0MjZj
NjZhZTQxOTI5NTgxZDk2MzA0ZGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKxqhWAlMarH3WRuRLfvJfQhH2rxaMLOjuQoMNwSBR3bEK/Hd2Dk427u41wv
xpraIYTl8HptPWmhHMJKkxxRQAod9INEQxzLB9SX4hJ/24Jn69emH5YMzOfXtv3n
1QGOQbs+URd3c8I1QGBmr9IaKb8dfpO/VPp3kx4B4UqiXX/wnz8Wp67D/0HqGEHs
KxSvn/uZnkKBg1KJ/SlqmmjsOk++b2du3trqAnmit4XSN00HA+CrmbpMm+POjUN2
ns/7LMFMI1cCFHJpu8vqdF3C/m7UdZ9u09V2NHIVah2SAq8q6xP/mVqFKIro94xw
+J5TiG8veY1ukH3ScKpjld1AMmECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQn8czp
mkGL3eicunXK2Cmc3d7iQzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTZlODNkODktOWMyOS00ZDcwLTlkMWQtODVlNGRjN2UzZDZlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hiw
MA0GCSqGSIb3DQEBCwUAA4IBAQCENcv5TtcjMeoTv+He+tNJCfY+ivjvdc6qDW8O
9h94o1rMUA++lriT8X4JpGYoX9nmu7tdrj+7EHj+1vYQoZR7oB7xw3FDJLK/IDY7
6U8QZ1TJFFWjZbZr/31QbDIwVTFYYqhhdZD2YfrWOlApWQCGmsC7Am8W+DaBkzxb
wd8i4q2deySpjloof5MU93mx8nP5PxPRORDukzbWxV3ejceE4RCIs+z/EJKtz7m/
dQgH9q+5ihFjdMBCJq6Lr+MP5YGXkgWsCHXG5dYDR+x37baHDYLJcH4PBcwnNtNd
f39vsIsfg751wtXhhDve2mcMYADDishAwxenAlJq/xZWdKZV
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:40:31 2024 by rpki-client on console-ams.rpki-client.org