Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/305a28e2-5105-4222-8a2a-f3c7201b482a.roa
File:                     305a28e2-5105-4222-8a2a-f3c7201b482a.roa (raw, json)
Hash identifier:          cdqnE748ZUwiqnl/UPb0uXAqV3a/6Qsz1PnaXJ7zQxc=
Subject key identifier:   BB:D2:91:20:04:F8:76:CB:77:D6:89:34:2B:06:21:B2:93:28:49:62
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       20543C746EB865615A7E3DF0A6B340FE8929DF03
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/305a28e2-5105-4222-8a2a-f3c7201b482a.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d079:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:54:3c:74:6e:b8:65:61:5a:7e:3d:f0:a6:b3:40:fe:89:29:df:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=07b0bd069acf9259a0bc460ae00c7aa31f367caad2ba7382e86bd3c0c961dcce, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:07:74:39:6b:d5:07:88:a2:ec:55:54:9a:a5:
                    64:8c:8f:82:22:cd:6f:b2:72:ed:18:ed:57:0d:9a:
                    83:03:c3:69:81:15:5a:96:68:de:8e:41:4f:9f:ba:
                    8f:23:04:bb:d7:06:37:8a:15:57:89:80:1a:04:03:
                    ef:0e:77:4e:5d:aa:4f:2e:fb:14:5f:37:f1:a7:7d:
                    fa:44:42:ce:94:fe:74:f8:84:4a:cd:0c:9e:ef:79:
                    28:b1:72:8f:d0:6c:b6:ba:d6:4d:24:f5:b7:ff:62:
                    ed:ad:6e:84:9b:05:d0:aa:83:40:4e:9c:bb:71:22:
                    ac:87:bb:2a:a0:0c:ba:4f:ce:13:80:75:65:79:83:
                    9c:be:ca:a0:a4:0c:fa:89:1c:b9:08:54:96:b1:9c:
                    7d:69:5e:ab:38:5a:f2:25:4e:36:66:ae:cd:88:95:
                    c2:a9:66:fa:12:f1:cf:54:7d:2b:88:1f:51:48:a2:
                    e7:80:7c:eb:dd:6e:90:56:00:de:00:1d:3f:79:3f:
                    83:36:ed:21:3a:6f:fd:45:38:f0:f0:5d:f5:2c:18:
                    f3:1b:ed:b4:c9:81:81:bc:1b:a4:27:d2:9e:59:8e:
                    6b:ab:f5:f2:05:cb:59:1e:d8:8b:fa:1e:e7:5e:79:
                    79:7e:07:4d:38:7e:b4:f7:db:1d:c3:45:b5:e9:cf:
                    7c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D2:91:20:04:F8:76:CB:77:D6:89:34:2B:06:21:B2:93:28:49:62
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/305a28e2-5105-4222-8a2a-f3c7201b482a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d079:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:b6:a0:51:1e:51:69:8d:0e:d8:a1:3b:53:f3:43:db:57:07:
         54:ab:c8:17:e3:c4:6a:23:9a:7a:15:73:bd:34:5e:d6:ad:3d:
         73:01:c9:bb:88:e2:20:e3:56:6e:59:cf:6a:a3:66:57:46:7b:
         96:5d:43:2a:0b:86:eb:82:51:80:01:d9:7d:1c:b3:b1:89:74:
         93:30:7b:da:47:f2:ce:fc:dc:9a:1b:34:f4:47:a0:24:81:ea:
         3a:45:72:29:6d:13:0e:d7:c2:d6:b0:b9:88:fa:4f:ea:eb:bd:
         6e:66:62:85:03:5d:e0:88:8b:67:a4:20:15:ca:f0:30:5e:73:
         f2:58:86:2f:a3:8e:dc:32:e8:4a:e5:35:c6:7f:76:8a:b6:94:
         81:b2:c0:23:ef:b6:87:04:cf:42:cc:7e:49:13:c1:89:12:1b:
         8e:aa:aa:e0:0f:9b:2d:96:2a:04:f3:73:e0:74:ee:fc:54:ef:
         77:27:bc:0e:d6:b2:d8:c4:e4:0b:65:b7:59:d8:39:d2:d7:6f:
         cf:3b:b0:10:57:f6:fa:85:47:ba:89:85:09:39:a5:74:06:00:
         75:68:9a:9a:fc:95:74:d7:04:e2:90:dc:ff:08:48:7a:2e:17:
         4d:3d:15:2a:91:3a:6d:50:08:ed:2f:29:4c:10:ae:06:91:39:
         b9:0e:01:e1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIFQ8dG64ZWFafj3wprNA/okp3wMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3YjBiZDA2OWFjZjkyNTlhMGJjNDYwYWUwMGM3YWEzMWYzNjdjYWFkMmJh
NzM4MmU4NmJkM2MwYzk2MWRjY2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4HdDlr1QeIouxVVJqlZIyPgiLNb7Jy7RjtVw2agwPDaYEVWpZo3o5BT5+6
jyMEu9cGN4oVV4mAGgQD7w53Tl2qTy77FF838ad9+kRCzpT+dPiESs0Mnu95KLFy
j9BstrrWTST1t/9i7a1uhJsF0KqDQE6cu3EirIe7KqAMuk/OE4B1ZXmDnL7KoKQM
+okcuQhUlrGcfWleqzha8iVONmauzYiVwqlm+hLxz1R9K4gfUUii54B8691ukFYA
3gAdP3k/gzbtITpv/UU48PBd9SwY8xvttMmBgbwbpCfSnlmOa6v18gXLWR7Yi/oe
5155eX4HTTh+tPfbHcNFtenPfAcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS70pEg
BPh2y3fWiTQrBiGykyhJYjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzA1YTI4ZTItNTEwNS00MjIyLThhMmEtZjNjNzIwMWI0ODJhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HmA
MA0GCSqGSIb3DQEBCwUAA4IBAQAJtqBRHlFpjQ7YoTtT80PbVwdUq8gX48RqI5p6
FXO9NF7WrT1zAcm7iOIg41ZuWc9qo2ZXRnuWXUMqC4brglGAAdl9HLOxiXSTMHva
R/LO/NyaGzT0R6Akgeo6RXIpbRMO18LWsLmI+k/q671uZmKFA13giItnpCAVyvAw
XnPyWIYvo47cMuhK5TXGf3aKtpSBssAj77aHBM9CzH5JE8GJEhuOqqrgD5stlioE
83PgdO78VO93J7wO1rLYxOQLZbdZ2DnS12/PO7AQV/b6hUe6iYUJOaV0BgB1aJqa
/JV01wTikNz/CEh6LhdNPRUqkTptUAjtLylMEK4GkTm5DgHh
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:43 2024 by rpki-client on console-ams.rpki-client.org