Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/27e57c8a-3f63-4773-a205-fef17d1cf1d1.roa
File:                     27e57c8a-3f63-4773-a205-fef17d1cf1d1.roa (raw, json)
Hash identifier:          yCrYjsKQkFeiBjnXPTfCuXGAMUFTin00A6NatDuNZtM=
Subject key identifier:   ED:5B:BA:3E:09:01:08:5D:0E:EA:46:B3:33:B8:25:D5:E4:EF:3C:C9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4C1BCD2503C1185AC3B42042DEDD95CDDB19990D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/27e57c8a-3f63-4773-a205-fef17d1cf1d1.roa
Signing time:             Mon 30 Sep 2024 00:00:00 +0000
ROA not before:           Mon 30 Sep 2024 00:00:00 +0000
ROA not after:            Mon 04 Nov 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d030:5000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Oct 2024 14:16:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:1b:cd:25:03:c1:18:5a:c3:b4:20:42:de:dd:95:cd:db:19:99:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 30 00:00:00 2024 GMT
            Not After : Nov  4 23:59:59 2024 GMT
        Subject: serialNumber=b72712ee11e5b7f17805c4a3eea13667a962c9a8d0d2197658f8ca47d6355515, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:16:69:17:76:64:c5:80:cc:1f:47:30:89:cf:
                    c4:82:d0:41:50:9a:10:ad:d0:4a:f8:cd:8b:f0:74:
                    e7:35:7a:e6:84:12:fa:19:67:e9:ba:97:20:6d:fd:
                    f2:9b:42:08:f5:cc:5d:b7:ff:06:d7:6b:35:fd:c7:
                    4d:19:f6:4d:b8:6f:5a:8d:b6:33:7d:cf:10:1c:09:
                    ee:1b:59:9f:80:5d:67:1c:2d:ea:09:40:7a:c8:f8:
                    51:f2:45:a6:43:76:d5:3e:7f:07:57:c5:de:fb:ea:
                    ce:e1:6f:50:46:52:8b:68:09:3c:be:d4:2a:15:49:
                    56:74:24:59:e9:a8:78:73:8f:f8:66:5a:3e:12:d6:
                    45:1b:e0:16:0c:d8:d6:ea:d6:90:76:36:d2:a7:ee:
                    60:60:d8:04:58:bf:ea:4e:e0:05:dd:16:50:80:4d:
                    83:9d:df:71:48:e0:be:db:58:0a:a8:dd:aa:ac:9f:
                    32:49:80:51:af:b8:53:a5:54:d4:20:af:88:bd:b3:
                    c7:9e:fe:de:4c:dc:10:96:17:1f:80:6b:ea:54:ad:
                    e7:a3:19:99:79:34:31:2a:6f:6f:00:f6:bb:52:99:
                    ad:89:66:82:96:6e:ea:e2:ff:3d:2e:b4:3c:35:cf:
                    f8:34:06:e0:1f:5d:63:4f:ad:8b:6a:e0:4f:b7:90:
                    12:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:5B:BA:3E:09:01:08:5D:0E:EA:46:B3:33:B8:25:D5:E4:EF:3C:C9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/27e57c8a-3f63-4773-a205-fef17d1cf1d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7e:20:8f:08:79:e4:78:46:03:a1:66:a6:15:f0:92:2e:b7:b6:
         66:80:25:b3:e3:64:95:71:fc:e4:f6:87:09:0c:95:d6:bf:2e:
         61:cb:8f:cb:5d:12:73:7d:a3:0b:5d:85:e1:b0:b7:ce:d2:61:
         14:cd:65:1f:9e:93:0c:09:55:fa:57:5c:d4:a7:56:8d:4e:f4:
         00:79:f3:c0:1a:52:06:d7:52:a6:da:5b:2d:7a:a3:d1:0a:cd:
         3a:9d:eb:c8:df:41:0d:a8:10:db:a3:e7:3b:54:3e:5b:4d:ba:
         65:ec:7b:fd:3b:c3:81:d5:fe:7a:98:31:d6:ae:16:6c:d8:fd:
         c9:96:e2:e7:3c:9a:e2:2d:2f:e3:d7:fd:2b:4e:ee:5a:7c:0a:
         56:86:7c:60:44:3e:6a:d9:e0:d8:69:a2:25:b9:62:77:c0:73:
         4e:3e:74:3d:23:d3:f6:89:67:d0:52:65:b4:bf:71:ad:13:8b:
         a1:ec:d6:68:50:cd:cb:db:5f:48:fc:76:d8:cf:4b:64:06:ed:
         3f:6b:6d:05:2a:c8:f8:66:2f:32:77:2a:f6:55:ba:32:40:e2:
         2f:74:80:c2:08:97:63:69:68:10:31:c5:36:fc:64:e3:38:95:
         a8:37:d8:8a:9f:84:8f:69:be:c9:b1:84:cf:74:87:c6:11:f5:
         90:99:18:01
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTBvNJQPBGFrDtCBC3t2VzdsZmQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDA5MzAwMDAwMDBaFw0yNDExMDQyMzU5NTlaMHoxSTBHBgNV
BAUTQGI3MjcxMmVlMTFlNWI3ZjE3ODA1YzRhM2VlYTEzNjY3YTk2MmM5YThkMGQy
MTk3NjU4ZjhjYTQ3ZDYzNTU1MTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOwWaRd2ZMWAzB9HMInPxILQQVCaEK3QSvjNi/B05zV65oQS+hln6bqXIG39
8ptCCPXMXbf/BtdrNf3HTRn2TbhvWo22M33PEBwJ7htZn4BdZxwt6glAesj4UfJF
pkN21T5/B1fF3vvqzuFvUEZSi2gJPL7UKhVJVnQkWemoeHOP+GZaPhLWRRvgFgzY
1urWkHY20qfuYGDYBFi/6k7gBd0WUIBNg53fcUjgvttYCqjdqqyfMkmAUa+4U6VU
1CCviL2zx57+3kzcEJYXH4Br6lSt56MZmXk0MSpvbwD2u1KZrYlmgpZu6uL/PS60
PDXP+DQG4B9dY0+ti2rgT7eQEv8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTtW7o+
CQEIXQ7qRrMzuCXV5O88yTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjdlNTdjOGEtM2Y2My00NzczLWEyMDUtZmVmMTdkMWNmMWQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB+II8IeeR4RgOhZqYV8JIut7ZmgCWz42SVcfzk
9ocJDJXWvy5hy4/LXRJzfaMLXYXhsLfO0mEUzWUfnpMMCVX6V1zUp1aNTvQAefPA
GlIG11Km2lsteqPRCs06nevI30ENqBDbo+c7VD5bTbpl7Hv9O8OB1f56mDHWrhZs
2P3JluLnPJriLS/j1/0rTu5afApWhnxgRD5q2eDYaaIluWJ3wHNOPnQ9I9P2iWfQ
UmW0v3GtE4uh7NZoUM3L219I/HbYz0tkBu0/a20FKsj4Zi8ydyr2VboyQOIvdIDC
CJdjaWgQMcU2/GTjOJWoN9iKn4SPab7JsYTPdIfGEfWQmRgB
-----END CERTIFICATE-----
Generated at Wed Oct 9 18:18:04 2024 by rpki-client on console-fra.rpki-client.org