Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/24cb2bd5-37da-4fe1-b8de-cc59bc9d5511.roa
File:                     24cb2bd5-37da-4fe1-b8de-cc59bc9d5511.roa (raw, json)
Hash identifier:          Ru2f+gT43lk29Ko7mWkQA2ZK9ePoqLC5m6VBYixZR6g=
Subject key identifier:   4C:64:54:6E:A5:AD:99:4D:09:2B:B7:2F:E4:9F:70:15:67:C6:88:FF
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       304BA5772025D5A95282FCC215761FB34EF68C0C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/24cb2bd5-37da-4fe1-b8de-cc59bc9d5511.roa
Signing time:             Sat 09 Sep 2023 00:00:00 +0000
ROA not before:           Sat 09 Sep 2023 00:00:00 +0000
ROA not after:            Sat 14 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 17:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:4b:a5:77:20:25:d5:a9:52:82:fc:c2:15:76:1f:b3:4e:f6:8c:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep  9 00:00:00 2023 GMT
            Not After : Oct 14 23:59:59 2023 GMT
        Subject: serialNumber=e9631654d36460c15fbc8eda8721951125eaed950d29f4208e38de649bb10c5b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8d:ec:f1:16:9c:0e:fb:3f:6e:a1:e0:29:6e:
                    80:d8:f0:f0:97:cf:75:38:8e:c6:43:5f:57:10:9e:
                    26:5e:7e:73:81:a7:3b:89:a3:52:3d:5e:51:f2:f7:
                    4d:76:65:02:59:6a:be:c8:4d:86:29:b6:32:dc:b2:
                    d5:5d:63:16:6b:b3:c3:9e:65:7b:18:a7:47:00:39:
                    8a:6d:23:33:a8:ce:a0:a1:57:1c:b1:b2:69:61:78:
                    09:39:9b:23:ee:84:2e:ca:fd:51:78:86:fe:89:32:
                    68:96:32:68:2b:18:cd:68:e7:15:17:23:30:26:e3:
                    da:f9:f9:f1:73:59:7f:80:0b:ac:da:a3:d3:1e:a7:
                    38:2d:26:29:be:35:16:2f:69:ab:2c:a9:58:cb:b1:
                    db:eb:fd:3c:3a:09:6d:e4:df:1d:ac:d9:80:d4:7a:
                    2b:79:78:b9:79:22:9c:2b:9d:c3:c1:8c:6e:f6:85:
                    7a:88:a7:50:8b:32:51:12:8a:55:f4:97:53:9e:58:
                    ac:b7:9b:8c:0c:6d:6a:9a:bf:7f:5f:8a:e7:e7:38:
                    d2:3e:4a:88:dd:17:f8:ed:12:77:76:be:0c:b1:83:
                    11:c4:dc:5a:97:ef:85:d7:ce:b4:d4:72:3f:08:0e:
                    08:a4:10:f3:30:34:d6:94:36:1b:81:8d:f4:6c:5a:
                    c9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:64:54:6E:A5:AD:99:4D:09:2B:B7:2F:E4:9F:70:15:67:C6:88:FF
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/24cb2bd5-37da-4fe1-b8de-cc59bc9d5511.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a2:dc:df:5c:1d:09:1d:ef:ac:b1:ee:3d:6b:6c:57:99:32:f4:
         87:57:73:a3:2f:65:4a:72:a0:72:65:2e:77:c9:92:f6:eb:96:
         f5:55:12:f5:89:a9:ad:45:1c:be:30:b1:5c:e8:fc:14:eb:13:
         b2:9f:63:de:6b:0d:e4:68:5b:b8:05:e9:a6:1e:5f:57:a3:8b:
         0d:d7:f5:c3:9c:bb:42:63:d1:f6:85:2c:71:a4:97:36:36:a2:
         6b:ac:67:0c:cf:52:95:58:25:45:a8:08:93:bd:e8:f5:39:40:
         15:e1:65:71:53:dc:d7:0c:7d:55:9c:48:ee:70:a2:f2:e4:4b:
         8d:00:e3:81:a4:3c:a1:74:c6:ab:df:bb:9f:4f:7e:12:5a:0b:
         0b:79:58:1a:0c:25:ce:48:2d:40:2a:c4:66:e6:02:4e:76:fc:
         bc:ef:06:9c:1f:32:12:e5:43:fd:46:01:61:5b:c5:8a:1f:40:
         49:8a:1b:4d:f9:3d:88:0b:e1:fb:02:f2:b1:c5:51:d0:ef:14:
         65:0b:ea:4f:56:7d:c6:dd:ca:45:9a:7d:a2:1a:24:7a:c0:e7:
         4e:4e:df:ef:f7:41:a7:4e:f4:88:ba:0a:51:99:06:b5:a5:b1:
         df:17:a7:79:3d:32:00:b7:60:ed:81:65:bd:11:14:65:fc:80:
         e4:cd:35:59
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMEuldyAl1alSgvzCFXYfs072jAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzA5MDkwMDAwMDBaFw0yMzEwMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5NjMxNjU0ZDM2NDYwYzE1ZmJjOGVkYTg3MjE5NTExMjVlYWVkOTUwZDI5
ZjQyMDhlMzhkZTY0OWJiMTBjNWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKSN7PEWnA77P26h4ClugNjw8JfPdTiOxkNfVxCeJl5+c4GnO4mjUj1eUfL3
TXZlAllqvshNhim2Mtyy1V1jFmuzw55lexinRwA5im0jM6jOoKFXHLGyaWF4CTmb
I+6ELsr9UXiG/okyaJYyaCsYzWjnFRcjMCbj2vn58XNZf4ALrNqj0x6nOC0mKb41
Fi9pqyypWMux2+v9PDoJbeTfHazZgNR6K3l4uXkinCudw8GMbvaFeoinUIsyURKK
VfSXU55YrLebjAxtapq/f1+K5+c40j5KiN0X+O0Sd3a+DLGDEcTcWpfvhdfOtNRy
PwgOCKQQ8zA01pQ2G4GN9GxaybsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRMZFRu
pa2ZTQkrty/kn3AVZ8aI/zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjRjYjJiZDUtMzdkYS00ZmUxLWI4ZGUtY2M1OWJjOWQ1NTExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HeA
MA0GCSqGSIb3DQEBCwUAA4IBAQCi3N9cHQkd76yx7j1rbFeZMvSHV3OjL2VKcqBy
ZS53yZL265b1VRL1iamtRRy+MLFc6PwU6xOyn2Peaw3kaFu4BemmHl9Xo4sN1/XD
nLtCY9H2hSxxpJc2NqJrrGcMz1KVWCVFqAiTvej1OUAV4WVxU9zXDH1VnEjucKLy
5EuNAOOBpDyhdMar37ufT34SWgsLeVgaDCXOSC1AKsRm5gJOdvy87wacHzIS5UP9
RgFhW8WKH0BJihtN+T2IC+H7AvKxxVHQ7xRlC+pPVn3G3cpFmn2iGiR6wOdOTt/v
90GnTvSIugpRmQa1pbHfF6d5PTIAt2DtgWW9ERRl/IDkzTVZ
-----END CERTIFICATE-----
Generated at Sat Sep 9 00:26:29 2023 by rpki-client on console-fra.rpki-client.org