Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/23bf04ce-3f25-4dfc-854b-7ab9fceb5046.roa
File:                     23bf04ce-3f25-4dfc-854b-7ab9fceb5046.roa (raw, json)
Hash identifier:          z6dsIEuhsRWeaM+MkjNTlpGVcGiQDm0fUVH5wJ5SzSQ=
Subject key identifier:   06:4E:C2:24:9F:A8:A0:A9:95:06:76:60:DC:57:2D:CE:65:EF:77:2B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4DECE16EA25859C9EDB552DDDB3C9E222FC05620
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/23bf04ce-3f25-4dfc-854b-7ab9fceb5046.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:c000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:ec:e1:6e:a2:58:59:c9:ed:b5:52:dd:db:3c:9e:22:2f:c0:56:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=b5f16a054322fdf46c877a3e288f98260ddfe67a0675c5962db3c5058d4a4983, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:57:36:24:ba:f1:89:c4:21:b8:83:c3:5b:ea:
                    ae:05:63:08:f7:4b:ba:3e:bf:5e:5a:6a:94:f2:03:
                    eb:cc:06:b6:64:e7:50:2c:cc:bb:51:7e:82:f7:e5:
                    f4:22:07:0f:a7:65:1c:e8:cd:66:77:36:df:1f:38:
                    e4:5a:5a:c3:ac:8c:b0:58:b0:96:c4:da:e5:a2:d8:
                    4f:43:26:93:7b:87:a2:3a:ed:8a:29:1b:22:b5:14:
                    0c:b7:f0:4f:25:fa:23:b9:fb:d0:76:bd:34:7e:9d:
                    c1:d6:bc:a6:36:e5:4d:22:76:e7:55:65:98:65:4b:
                    b8:3f:b8:37:9f:25:f2:44:fe:87:7c:d7:d2:ec:96:
                    fb:c7:1a:7d:b7:72:c9:1e:64:83:1d:ed:45:2e:9f:
                    cc:07:65:bb:a9:07:ae:fd:fc:e1:4f:cf:04:81:6e:
                    a4:e8:5b:b4:8d:ee:a6:c3:96:5c:db:49:2a:a4:7f:
                    ce:84:1b:54:59:df:ad:7a:88:c1:df:dd:a9:1e:be:
                    aa:7a:55:4e:ca:37:cf:28:25:3a:f5:92:5c:31:dc:
                    07:4f:0e:4a:6f:35:0d:94:24:c7:2c:38:48:5b:a1:
                    1a:0f:da:76:cc:2f:21:94:b2:e5:a3:1f:cc:ef:7b:
                    3e:3c:10:5b:11:62:2a:40:74:a3:17:7d:cd:83:ac:
                    00:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:4E:C2:24:9F:A8:A0:A9:95:06:76:60:DC:57:2D:CE:65:EF:77:2B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/23bf04ce-3f25-4dfc-854b-7ab9fceb5046.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4f:b1:9c:82:a2:d7:9a:1b:71:e6:86:56:cf:94:25:5a:0f:43:
         1b:c9:0b:e2:8a:91:52:3e:ec:32:d4:53:8e:d1:77:43:bc:45:
         dc:a7:8e:33:57:56:c2:8b:ec:c9:60:6f:28:0f:4a:37:39:12:
         8b:34:be:98:c4:7b:11:cb:a8:e7:a5:5e:15:63:6c:46:e0:4b:
         36:4b:49:b2:72:6d:52:60:a2:a7:9f:24:14:44:d7:52:34:a5:
         3d:a6:77:c0:a0:2a:17:30:5b:45:3b:54:9e:fc:a1:f4:66:7c:
         a1:3c:62:53:b9:09:59:3d:1d:b7:f3:51:b7:8c:ca:cc:15:96:
         6c:1d:7d:96:b7:71:8c:be:66:86:a7:0e:a9:ba:1e:5c:af:9b:
         3a:7f:46:16:41:9d:6d:04:fb:37:62:66:25:a1:71:aa:bc:b1:
         26:76:29:03:e4:5d:3f:06:e2:f6:94:11:71:6b:b7:9f:db:70:
         d9:5d:79:29:3a:e9:9c:c2:5b:95:18:67:41:bb:b1:d7:3b:b2:
         d4:1d:20:84:42:08:96:5c:4e:e4:cb:72:b3:8e:a3:33:b8:ee:
         0e:25:f0:cb:5d:d5:02:28:ec:4a:5d:f0:80:a6:5a:f9:91:35:
         11:b2:74:b4:31:ed:9b:e2:8e:7b:bf:3c:6e:72:f3:81:5a:0a:
         b6:5f:1c:af
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTezhbqJYWcnttVLd2zyeIi/AViAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGI1ZjE2YTA1NDMyMmZkZjQ2Yzg3N2EzZTI4OGY5ODI2MGRkZmU2N2EwNjc1
YzU5NjJkYjNjNTA1OGQ0YTQ5ODMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMVXNiS68YnEIbiDw1vqrgVjCPdLuj6/XlpqlPID68wGtmTnUCzMu1F+gvfl
9CIHD6dlHOjNZnc23x845Fpaw6yMsFiwlsTa5aLYT0Mmk3uHojrtiikbIrUUDLfw
TyX6I7n70Ha9NH6dwda8pjblTSJ251VlmGVLuD+4N58l8kT+h3zX0uyW+8cafbdy
yR5kgx3tRS6fzAdlu6kHrv384U/PBIFupOhbtI3upsOWXNtJKqR/zoQbVFnfrXqI
wd/dqR6+qnpVTso3zyglOvWSXDHcB08OSm81DZQkxyw4SFuhGg/adswvIZSy5aMf
zO97PjwQWxFiKkB0oxd9zYOsAJkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQGTsIk
n6igqZUGdmDcVy3OZe93KzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjNiZjA0Y2UtM2YyNS00ZGZjLTg1NGItN2FiOWZjZWI1MDQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H/A
MA0GCSqGSIb3DQEBCwUAA4IBAQBPsZyCoteaG3HmhlbPlCVaD0MbyQviipFSPuwy
1FOO0XdDvEXcp44zV1bCi+zJYG8oD0o3ORKLNL6YxHsRy6jnpV4VY2xG4Es2S0my
cm1SYKKnnyQURNdSNKU9pnfAoCoXMFtFO1Se/KH0ZnyhPGJTuQlZPR2381G3jMrM
FZZsHX2Wt3GMvmaGpw6puh5cr5s6f0YWQZ1tBPs3YmYloXGqvLEmdikD5F0/BuL2
lBFxa7ef23DZXXkpOumcwluVGGdBu7HXO7LUHSCEQgiWXE7ky3KzjqMzuO4OJfDL
XdUCKOxKXfCAplr5kTURsnS0Me2b4o57vzxucvOBWgq2Xxyv
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:43 2024 by rpki-client on console-ams.rpki-client.org