Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa
File:                     1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa (raw, json)
Hash identifier:          OMnSAhUqnXeBCm4l0F6DUQFNyW4N8Qu1DEC/9LLiDAg=
Subject key identifier:   5C:B9:04:CE:30:61:F1:C3:AD:47:32:B7:7C:C3:DE:8F:98:DF:8B:77
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       36AB302EFF41D0DFFFB79095FB7E713B04D4DC5B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa
Signing time:             Tue 19 Nov 2024 00:00:00 +0000
ROA not before:           Tue 19 Nov 2024 00:00:00 +0000
ROA not after:            Tue 24 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Dec 2024 14:48:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:ab:30:2e:ff:41:d0:df:ff:b7:90:95:fb:7e:71:3b:04:d4:dc:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Nov 19 00:00:00 2024 GMT
            Not After : Dec 24 23:59:59 2024 GMT
        Subject: serialNumber=5dccad5973708b1cef97000fcfda5c3185fd8eaea260d6d6f9a07a0f84adf1a4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3d:fb:e1:f6:9c:78:e7:28:0a:2a:f4:5c:d1:
                    e5:91:be:98:e6:3c:1e:01:fd:8a:7d:2c:ca:29:e3:
                    87:2a:e4:94:d9:f4:10:a2:82:99:38:ea:dd:a2:2f:
                    04:72:5a:59:ab:df:20:dd:46:45:ab:36:ae:4f:f8:
                    fa:96:a5:87:f9:f7:55:9c:e2:f3:fe:a1:0b:e9:8e:
                    db:c8:9a:b3:45:42:60:2b:54:7a:4c:84:39:26:0c:
                    6f:8b:a6:35:6e:ac:42:fc:4f:23:9f:d2:84:29:a2:
                    24:08:ac:58:71:eb:22:3a:60:fe:55:6c:7b:8f:12:
                    c3:28:d3:79:04:b0:f8:22:27:9a:81:1b:7b:90:8c:
                    fe:18:6c:b0:46:2c:3e:5a:c7:3f:fe:38:ae:9b:23:
                    28:3b:ed:ad:45:be:75:24:d2:cc:ed:bb:20:f9:8d:
                    2f:af:4c:73:14:b7:bd:23:c3:fe:fe:9a:9d:aa:e0:
                    a0:ed:c1:bb:45:13:fc:dd:00:15:23:2f:0f:c3:bd:
                    48:d7:12:04:9c:dd:4d:5e:26:52:88:6d:9b:22:37:
                    72:14:91:d0:47:e0:fa:6e:d2:1b:26:45:b0:37:fb:
                    f6:61:9e:e1:1f:bb:0d:2a:3d:61:b3:a6:b8:33:17:
                    5e:51:99:51:e8:64:94:76:ad:b3:30:79:ad:ef:89:
                    c2:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:B9:04:CE:30:61:F1:C3:AD:47:32:B7:7C:C3:DE:8F:98:DF:8B:77
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ba:c9:db:d4:77:f3:44:d2:70:00:c7:47:0f:ba:af:84:60:79:
         92:8a:d8:09:55:e3:9d:3f:07:f5:e9:39:31:53:da:8e:f0:05:
         52:05:47:37:4b:a9:ef:b3:1b:c1:8e:28:fd:22:b8:b4:54:03:
         63:6e:0c:42:80:42:47:9c:c6:ca:94:16:25:90:4b:b9:3f:31:
         bb:18:06:33:67:5c:a6:83:f2:f7:b7:75:41:09:cf:3c:6c:3c:
         f2:ed:4e:74:a9:44:c1:e2:c1:7c:7c:40:36:eb:27:90:d4:49:
         57:a0:05:59:74:66:e3:79:56:14:96:cc:d5:23:1e:14:37:df:
         30:ef:e4:6d:68:59:ef:18:83:b2:38:f8:54:40:b6:d0:bb:ef:
         6c:c2:19:45:b1:91:8e:8d:3a:56:11:cd:d9:47:46:2b:eb:4c:
         f8:6d:97:fa:38:c3:f0:44:0a:73:14:96:f5:e4:39:9c:0b:c3:
         a6:f2:90:bb:e5:0f:a1:82:99:59:61:f0:71:43:df:24:4e:ee:
         2a:75:67:6c:d7:30:ce:95:40:86:ce:8f:6d:1f:79:53:66:51:
         ac:c8:96:1e:05:d7:5a:5b:02:86:9c:d6:7d:4c:e8:34:7e:03:
         b7:ac:57:89:49:d9:6f:2e:4f:50:4d:07:54:fe:56:ee:d1:d3:
         99:51:1f:d3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNqswLv9B0N//t5CV+35xOwTU3FswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDExMTkwMDAwMDBaFw0yNDEyMjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDVkY2NhZDU5NzM3MDhiMWNlZjk3MDAwZmNmZGE1YzMxODVmZDhlYWVhMjYw
ZDZkNmY5YTA3YTBmODRhZGYxYTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKQ9++H2nHjnKAoq9FzR5ZG+mOY8HgH9in0syinjhyrklNn0EKKCmTjq3aIv
BHJaWavfIN1GRas2rk/4+palh/n3VZzi8/6hC+mO28ias0VCYCtUekyEOSYMb4um
NW6sQvxPI5/ShCmiJAisWHHrIjpg/lVse48SwyjTeQSw+CInmoEbe5CM/hhssEYs
PlrHP/44rpsjKDvtrUW+dSTSzO27IPmNL69McxS3vSPD/v6anargoO3Bu0UT/N0A
FSMvD8O9SNcSBJzdTV4mUohtmyI3chSR0Efg+m7SGyZFsDf79mGe4R+7DSo9YbOm
uDMXXlGZUehklHatszB5re+Jws8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRcuQTO
MGHxw61HMrd8w96PmN+LdzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWJhMmQwNjMtOTE1Yi00ZWY1LWIxYjgtMDBkNzNkYzhhMzFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRg
MA0GCSqGSIb3DQEBCwUAA4IBAQC6ydvUd/NE0nAAx0cPuq+EYHmSitgJVeOdPwf1
6TkxU9qO8AVSBUc3S6nvsxvBjij9Iri0VANjbgxCgEJHnMbKlBYlkEu5PzG7GAYz
Z1ymg/L3t3VBCc88bDzy7U50qUTB4sF8fEA26yeQ1ElXoAVZdGbjeVYUlszVIx4U
N98w7+RtaFnvGIOyOPhUQLbQu+9swhlFsZGOjTpWEc3ZR0Yr60z4bZf6OMPwRApz
FJb15DmcC8Om8pC75Q+hgplZYfBxQ98kTu4qdWds1zDOlUCGzo9tH3lTZlGsyJYe
BddaWwKGnNZ9TOg0fgO3rFeJSdlvLk9QTQdU/lbu0dOZUR/T
-----END CERTIFICATE-----
Generated at Thu Dec 12 20:57:42 2024 by rpki-client on console-ams.rpki-client.org