Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2030a8d8-88f9-4725-9c63-e7aaa9e49e8a.roa
File:                     2030a8d8-88f9-4725-9c63-e7aaa9e49e8a.roa (raw, json)
Hash identifier:          2hq+aiipeo/VArHUnfUqkSpDGM7l10VGfj0ErZGbO4Y=
Subject key identifier:   5B:1A:97:99:1A:7A:2F:80:A5:C2:5F:3B:FF:37:44:68:03:00:CA:9D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       642043859AAC45962AF633BD9E401A2DC6CD593D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2030a8d8-88f9-4725-9c63-e7aaa9e49e8a.roa
Signing time:             Fri 29 Mar 2024 00:00:00 +0000
ROA not before:           Fri 29 Mar 2024 00:00:00 +0000
ROA not after:            Fri 03 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:20:43:85:9a:ac:45:96:2a:f6:33:bd:9e:40:1a:2d:c6:cd:59:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 29 00:00:00 2024 GMT
            Not After : May  3 23:59:59 2024 GMT
        Subject: serialNumber=213a9bbd32ca7260b5acc66aefe26a7de76e43ece3cfa00f9374ffae954b0793, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:34:4d:11:bf:29:c4:a8:c7:62:a0:b7:fa:b0:
                    b1:4c:ca:f9:df:74:9f:c4:2b:83:45:f2:01:8b:8b:
                    14:eb:db:92:62:ca:03:ea:54:1f:16:71:af:78:54:
                    f8:b7:f5:7c:71:17:1d:05:a7:39:4f:79:64:c6:30:
                    b3:b8:c2:d5:f7:06:79:13:5c:24:f4:9d:e8:19:34:
                    7f:af:49:65:e1:4b:f2:0b:f5:10:2c:5e:54:2f:5a:
                    03:8a:c2:e7:1c:b1:53:73:e0:01:26:e8:36:1e:03:
                    de:ec:40:f7:67:30:44:f9:ee:12:a3:20:9d:8d:2c:
                    81:1b:fc:07:26:18:6b:e0:e3:9e:57:1a:e7:92:6a:
                    ea:cb:a2:07:f0:b5:4e:c4:15:f4:7c:b7:70:4a:6e:
                    b7:25:68:86:f9:ca:f6:a7:a3:3c:05:37:df:22:dc:
                    ad:3a:10:54:81:eb:94:5d:e9:42:3f:d5:6a:b0:e3:
                    90:a6:70:38:4b:e5:e3:28:1a:6b:5f:a2:f6:1f:44:
                    a0:3a:a2:d8:0c:0f:9e:15:23:11:2a:1f:11:cf:5e:
                    ff:a6:86:b9:8e:4f:cc:92:6c:f8:c0:3a:c6:61:8c:
                    5b:ac:1c:79:cd:ef:bc:26:37:3a:1b:9d:f5:c0:00:
                    d0:d3:fc:fa:f2:49:9c:bb:9a:42:b8:a0:cd:43:0b:
                    07:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:1A:97:99:1A:7A:2F:80:A5:C2:5F:3B:FF:37:44:68:03:00:CA:9D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2030a8d8-88f9-4725-9c63-e7aaa9e49e8a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c5:36:4d:8a:d0:26:f1:4b:15:13:4b:e0:a7:9e:79:d7:36:9d:
         31:4e:dd:77:60:95:49:72:f5:05:b0:18:17:f0:40:28:fb:e9:
         0f:87:12:33:6c:b1:26:d9:7a:3c:6e:16:77:1a:38:5a:eb:a7:
         c8:48:d1:72:4b:f6:ee:27:2e:94:e5:be:c1:de:9d:25:1f:6e:
         21:41:8f:28:ae:f5:8c:c5:c3:08:a4:41:50:74:3d:d8:a9:9d:
         77:07:69:f8:49:50:70:e5:f7:2d:52:e1:66:ce:ae:fe:bc:63:
         a8:bb:48:fd:b8:b1:4f:89:8e:65:da:c0:48:23:8f:5e:30:65:
         af:50:01:13:6c:ed:1a:43:9b:bc:fd:d1:c8:d0:04:a6:44:ae:
         cf:a3:e5:fd:fe:4f:61:dc:ad:bf:cd:f4:78:e2:a8:c1:73:e3:
         dc:ed:53:72:a5:48:e1:c5:f4:b1:e5:bb:44:f0:28:5d:b5:c5:
         52:f5:d1:6c:a7:48:94:33:1b:3b:29:41:d2:90:7d:9a:53:51:
         a0:f7:7c:55:8e:73:fa:3b:0c:14:9c:cc:4d:15:d2:60:3d:20:
         bf:d1:d5:4a:53:0c:40:4f:28:ef:c0:d8:b1:ec:b6:32:46:08:
         2c:b3:30:b8:5d:59:64:42:ce:95:2a:24:af:28:75:71:f1:88:
         f7:b6:5b:57
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZCBDhZqsRZYq9jO9nkAaLcbNWT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMjkwMDAwMDBaFw0yNDA1MDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDIxM2E5YmJkMzJjYTcyNjBiNWFjYzY2YWVmZTI2YTdkZTc2ZTQzZWNlM2Nm
YTAwZjkzNzRmZmFlOTU0YjA3OTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANU0TRG/KcSox2Kgt/qwsUzK+d90n8Qrg0XyAYuLFOvbkmLKA+pUHxZxr3hU
+Lf1fHEXHQWnOU95ZMYws7jC1fcGeRNcJPSd6Bk0f69JZeFL8gv1ECxeVC9aA4rC
5xyxU3PgASboNh4D3uxA92cwRPnuEqMgnY0sgRv8ByYYa+Djnlca55Jq6suiB/C1
TsQV9Hy3cEputyVohvnK9qejPAU33yLcrToQVIHrlF3pQj/VarDjkKZwOEvl4yga
a1+i9h9EoDqi2AwPnhUjESofEc9e/6aGuY5PzJJs+MA6xmGMW6wcec3vvCY3Ohud
9cAA0NP8+vJJnLuaQrigzUMLBwkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRbGpeZ
GnovgKXCXzv/N0RoAwDKnTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjAzMGE4ZDgtODhmOS00NzI1LTljNjMtZTdhYWE5ZTQ5ZThhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ABg
MA0GCSqGSIb3DQEBCwUAA4IBAQDFNk2K0CbxSxUTS+CnnnnXNp0xTt13YJVJcvUF
sBgX8EAo++kPhxIzbLEm2Xo8bhZ3Gjha66fISNFyS/buJy6U5b7B3p0lH24hQY8o
rvWMxcMIpEFQdD3YqZ13B2n4SVBw5fctUuFmzq7+vGOou0j9uLFPiY5l2sBII49e
MGWvUAETbO0aQ5u8/dHI0ASmRK7Po+X9/k9h3K2/zfR44qjBc+Pc7VNypUjhxfSx
5btE8ChdtcVS9dFsp0iUMxs7KUHSkH2aU1Gg93xVjnP6OwwUnMxNFdJgPSC/0dVK
UwxATyjvwNix7LYyRggsszC4XVlkQs6VKiSvKHVx8Yj3tltX
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:30 2024 by rpki-client on console-ams.rpki-client.org