Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3711d18e-8589-4699-9cf4-2646a99f3614.roa
File:                     3711d18e-8589-4699-9cf4-2646a99f3614.roa (raw, json)
Hash identifier:          cQD9jIZROxWtHyk2LPCzFmrHMp1HmcofwVcrNoY9cVM=
Subject key identifier:   13:21:91:68:60:ED:3C:79:D4:80:E8:38:9F:15:69:E1:52:79:55:74
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2F047ABFF1501C2FDE8CC2640D9C1DDAD0E79B30
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3711d18e-8589-4699-9cf4-2646a99f3614.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:04:7a:bf:f1:50:1c:2f:de:8c:c2:64:0d:9c:1d:da:d0:e7:9b:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=12da2e08cd6272976a4423d7cfd5672b3e83d62eacb5fbc5be373dbe2f10c272, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:29:4b:7c:5e:59:3c:4b:66:1f:e4:34:c6:d2:
                    0d:fc:7d:e1:b9:5a:19:89:1c:b7:00:94:b8:27:52:
                    83:da:0c:96:21:7e:3d:bc:b7:c1:fa:33:a4:7d:e0:
                    ed:94:47:e1:2b:53:81:48:a4:03:8e:cd:a6:c4:72:
                    88:82:6c:58:85:77:06:b5:c7:95:5b:cb:fd:50:34:
                    91:91:cf:ab:81:e6:58:65:14:bf:91:be:cb:46:0b:
                    5a:42:e2:72:c9:50:c7:64:56:f5:45:d6:4b:e7:ca:
                    6f:a5:55:79:be:11:08:64:5f:8d:d2:83:74:60:12:
                    06:bc:2e:a1:e2:4b:a2:fc:1c:be:9d:d2:af:d1:67:
                    69:31:6f:17:08:e2:45:51:db:53:52:b9:4e:b5:38:
                    df:f7:b7:8a:31:a8:26:d8:ab:ed:ed:bf:55:81:e2:
                    a6:93:6f:f7:92:7c:29:a6:6b:4d:5b:2d:bd:3b:88:
                    a9:73:a3:50:63:c0:5b:61:a6:98:0a:40:de:51:c9:
                    f4:ce:aa:b4:9b:c4:12:fd:f7:66:5e:56:ec:61:00:
                    2e:be:53:08:94:55:d4:af:29:ac:83:3f:fc:ae:c1:
                    2a:ae:9b:3c:f9:e0:22:b9:89:50:e6:8c:ef:65:d1:
                    2c:5c:43:02:25:eb:6d:21:8e:1e:e5:c5:55:00:35:
                    cc:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:21:91:68:60:ED:3C:79:D4:80:E8:38:9F:15:69:E1:52:79:55:74
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3711d18e-8589-4699-9cf4-2646a99f3614.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         61:42:d4:d3:f8:f6:35:2c:7b:e0:c9:6e:b8:91:ff:f5:f8:1f:
         97:cf:06:f6:b8:ad:f4:2d:2b:a4:ea:8c:d4:85:6b:60:1d:0b:
         8c:5b:6e:64:ae:4c:b8:5c:88:fc:37:4c:0e:d8:f8:5b:c6:5b:
         60:39:a1:27:00:7f:4e:fc:a4:0b:27:e8:c3:c9:62:a6:08:62:
         c1:43:dd:25:36:16:18:2b:3c:20:87:1b:ff:d9:8e:54:9c:31:
         34:bf:25:cb:c1:6c:54:4e:f1:90:5f:f4:ea:eb:3e:5a:cb:9d:
         69:f6:5e:ca:5b:65:f7:19:11:d1:b3:42:47:51:c8:75:d1:6e:
         02:10:c2:eb:f5:6a:74:0e:4d:36:ec:27:be:63:6b:bf:d7:14:
         5e:12:5f:02:e8:7e:5d:d3:d4:a6:5c:fa:a1:e6:f8:d3:e6:f9:
         b1:6e:0f:4a:c5:e2:bf:8c:b1:5f:d7:3d:6c:c2:cb:01:fb:3d:
         67:b9:02:16:de:de:f7:5b:c8:9b:08:c5:8f:b6:7f:9f:a4:15:
         06:8d:7d:2c:f1:e9:5b:6f:c5:73:1c:4c:4f:5f:d7:5e:93:ff:
         62:64:2a:d0:0c:98:e4:b3:12:99:e1:04:88:b4:ee:fc:ab:77:
         35:3b:0e:56:8f:02:16:be:f5:0c:64:7f:93:76:1e:49:73:ad:
         84:9e:62:f5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULwR6v/FQHC/ejMJkDZwd2tDnmzAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDEyZGEyZTA4Y2Q2MjcyOTc2YTQ0MjNkN2NmZDU2NzJiM2U4M2Q2MmVhY2I1
ZmJjNWJlMzczZGJlMmYxMGMyNzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ0pS3xeWTxLZh/kNMbSDfx94blaGYkctwCUuCdSg9oMliF+Pby3wfozpH3g
7ZRH4StTgUikA47NpsRyiIJsWIV3BrXHlVvL/VA0kZHPq4HmWGUUv5G+y0YLWkLi
cslQx2RW9UXWS+fKb6VVeb4RCGRfjdKDdGASBrwuoeJLovwcvp3Sr9FnaTFvFwji
RVHbU1K5TrU43/e3ijGoJtir7e2/VYHippNv95J8KaZrTVstvTuIqXOjUGPAW2Gm
mApA3lHJ9M6qtJvEEv33Zl5W7GEALr5TCJRV1K8prIM//K7BKq6bPPngIrmJUOaM
72XRLFxDAiXrbSGOHuXFVQA1zDcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQTIZFo
YO08edSA6DifFWnhUnlVdDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzcxMWQxOGUtODU4OS00Njk5LTljZjQtMjY0NmE5OWYzNjE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H9A
MA0GCSqGSIb3DQEBCwUAA4IBAQBhQtTT+PY1LHvgyW64kf/1+B+Xzwb2uK30LSuk
6ozUhWtgHQuMW25krky4XIj8N0wO2PhbxltgOaEnAH9O/KQLJ+jDyWKmCGLBQ90l
NhYYKzwghxv/2Y5UnDE0vyXLwWxUTvGQX/Tq6z5ay51p9l7KW2X3GRHRs0JHUch1
0W4CEMLr9Wp0Dk027Ce+Y2u/1xReEl8C6H5d09SmXPqh5vjT5vmxbg9KxeK/jLFf
1z1swssB+z1nuQIW3t73W8ibCMWPtn+fpBUGjX0s8elbb8VzHExPX9dek/9iZCrQ
DJjksxKZ4QSItO78q3c1Ow5WjwIWvvUMZH+Tdh5Jc62EnmL1
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:43 2024 by rpki-client on console-ams.rpki-client.org