Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a1cc011-aaff-43bc-b858-8b2eb081a654.roa
File:                     1a1cc011-aaff-43bc-b858-8b2eb081a654.roa (raw, json)
Hash identifier:          12Tai0EB7jqVTWWaarxQy8XQl3dwtYueyUcu6fLSkXg=
Subject key identifier:   6F:81:CB:AB:1D:82:D8:38:99:5C:46:16:E2:4B:83:74:67:44:11:19
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       06DE45924F99099FFC165745D06A111D4BD3EC22
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a1cc011-aaff-43bc-b858-8b2eb081a654.roa
Signing time:             Mon 18 Nov 2024 00:00:00 +0000
ROA not before:           Mon 18 Nov 2024 00:00:00 +0000
ROA not after:            Mon 23 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:de:45:92:4f:99:09:9f:fc:16:57:45:d0:6a:11:1d:4b:d3:ec:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Nov 18 00:00:00 2024 GMT
            Not After : Dec 23 23:59:59 2024 GMT
        Subject: serialNumber=edba3728cbf69570a98dba9016e5d831ee76c4c2d1aeebd52ff81704b3fce3c7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2b:d2:6d:5a:0a:c5:83:39:2b:95:93:d3:2f:
                    90:fe:4b:2b:c2:eb:58:1a:5b:f4:2f:ab:c0:df:3c:
                    dc:0f:36:6a:0e:5a:bc:b9:95:21:18:6f:9e:58:90:
                    72:f5:c8:79:52:f8:a8:be:9c:3d:fe:3d:51:8d:d5:
                    8e:86:a5:c7:2b:00:1b:af:04:a6:a7:2d:92:d2:37:
                    d9:03:3a:ee:96:ee:54:4b:23:b8:ed:34:8a:2c:a5:
                    a5:21:4a:01:dd:eb:26:c0:87:d7:79:c0:b0:f0:03:
                    a6:16:5f:12:dc:cd:51:59:d9:02:d6:3a:7d:63:63:
                    56:54:57:a6:86:e2:77:ac:6f:2a:92:43:66:67:4b:
                    1f:d1:1e:4c:51:96:94:81:72:2c:84:1f:c6:e1:5a:
                    00:6c:d7:cc:2e:bf:4e:e3:81:1a:d4:e6:a5:ff:ed:
                    6b:09:1e:bc:8a:16:8e:db:d2:8d:8d:1b:94:c8:40:
                    03:22:f8:f6:7c:67:f4:49:e1:45:53:5c:e0:c7:da:
                    0d:e2:2a:e5:5c:61:d9:10:3d:f7:72:fc:7e:e6:b7:
                    51:6d:84:1e:9a:a4:03:3b:64:71:46:0f:d3:a0:57:
                    4c:12:bc:67:2a:be:33:6c:fa:f2:ed:cf:81:5d:81:
                    6d:3e:ab:54:4d:dc:3b:b9:5b:df:95:48:8a:e0:34:
                    03:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:81:CB:AB:1D:82:D8:38:99:5C:46:16:E2:4B:83:74:67:44:11:19
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a1cc011-aaff-43bc-b858-8b2eb081a654.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         84:0d:d7:40:99:dd:19:37:a9:05:1d:82:c7:7c:82:47:86:bb:
         72:1b:1d:fc:1b:ca:f5:5e:cc:23:ec:79:0b:19:9b:1d:38:87:
         11:45:30:73:1d:42:5b:57:33:67:b5:56:5f:05:28:96:86:ec:
         c1:59:66:9f:c7:75:aa:c9:0b:41:c7:0e:fd:2f:bf:56:95:90:
         8b:ce:2d:11:09:e5:f1:86:76:d0:a6:ab:de:6e:b5:94:0c:17:
         33:74:f1:a6:49:52:24:8c:73:10:16:72:83:f5:56:dc:7a:54:
         26:00:74:63:38:d6:db:c5:bb:3e:ba:2a:00:6f:59:10:72:f5:
         28:f8:a5:80:3b:80:80:a5:84:69:5a:cb:de:b3:50:54:b4:60:
         97:79:00:dd:a6:03:db:ac:62:64:1a:50:4a:0e:e4:4c:73:5c:
         e4:8c:92:30:52:46:e4:dc:05:2f:7b:0d:30:f0:d4:3c:c0:34:
         25:b4:50:5f:d9:af:1e:02:c7:00:c4:e8:c1:cc:02:59:17:ec:
         70:9c:3d:a5:a3:18:e2:c3:3f:66:f8:98:c5:2e:e3:6f:84:ad:
         1f:f6:f6:4c:68:cb:db:8c:d9:db:66:1c:3f:5a:37:9d:25:b3:
         a8:4f:74:3e:a0:b6:da:c3:11:a4:a4:de:58:31:5a:76:e1:23:
         6f:1e:82:65
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBt5Fkk+ZCZ/8FldF0GoRHUvT7CIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDExMTgwMDAwMDBaFw0yNDEyMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkYmEzNzI4Y2JmNjk1NzBhOThkYmE5MDE2ZTVkODMxZWU3NmM0YzJkMWFl
ZWJkNTJmZjgxNzA0YjNmY2UzYzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKIr0m1aCsWDOSuVk9MvkP5LK8LrWBpb9C+rwN883A82ag5avLmVIRhvnliQ
cvXIeVL4qL6cPf49UY3VjoalxysAG68EpqctktI32QM67pbuVEsjuO00iiylpSFK
Ad3rJsCH13nAsPADphZfEtzNUVnZAtY6fWNjVlRXpobid6xvKpJDZmdLH9EeTFGW
lIFyLIQfxuFaAGzXzC6/TuOBGtTmpf/tawkevIoWjtvSjY0blMhAAyL49nxn9Enh
RVNc4MfaDeIq5Vxh2RA993L8fua3UW2EHpqkAztkcUYP06BXTBK8Zyq+M2z68u3P
gV2BbT6rVE3cO7lb35VIiuA0Ay8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRvgcur
HYLYOJlcRhbiS4N0Z0QRGTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWExY2MwMTEtYWFmZi00M2JjLWI4NTgtOGIyZWIwODFhNjU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fiw
MA0GCSqGSIb3DQEBCwUAA4IBAQCEDddAmd0ZN6kFHYLHfIJHhrtyGx38G8r1Xswj
7HkLGZsdOIcRRTBzHUJbVzNntVZfBSiWhuzBWWafx3WqyQtBxw79L79WlZCLzi0R
CeXxhnbQpqvebrWUDBczdPGmSVIkjHMQFnKD9VbcelQmAHRjONbbxbs+uioAb1kQ
cvUo+KWAO4CApYRpWsves1BUtGCXeQDdpgPbrGJkGlBKDuRMc1zkjJIwUkbk3AUv
ew0w8NQ8wDQltFBf2a8eAscAxOjBzAJZF+xwnD2loxjiwz9m+JjFLuNvhK0f9vZM
aMvbjNnbZhw/WjedJbOoT3Q+oLbawxGkpN5YMVp24SNvHoJl
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:07:44 2024 by rpki-client on console-ams.rpki-client.org