Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/373cce23-881c-4767-b758-59583f7c5cd3.roa
File:                     373cce23-881c-4767-b758-59583f7c5cd3.roa (raw, json)
Hash identifier:          2RtkwhNwo/l8M7YM34WSAhNIhNkSkxg/ucoxKWbqKOI=
Subject key identifier:   92:F9:DF:2E:A5:09:B7:F5:88:30:E7:88:F9:0F:91:1F:A3:94:F4:D2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       33EBDC4B6843E1D17EECD38D0C39195A4DFD60A8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/373cce23-881c-4767-b758-59583f7c5cd3.roa
Signing time:             Sat 23 Mar 2024 00:00:00 +0000
ROA not before:           Sat 23 Mar 2024 00:00:00 +0000
ROA not after:            Sat 27 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        178.236.0.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:eb:dc:4b:68:43:e1:d1:7e:ec:d3:8d:0c:39:19:5a:4d:fd:60:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 23 00:00:00 2024 GMT
            Not After : Apr 27 23:59:59 2024 GMT
        Subject: serialNumber=7e2599b68a47aa84d011bd01cc8f31bf278c9ff327b8bf8e7b2235d35fd2b3b2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:14:02:cd:de:3f:71:cd:40:b1:f9:69:78:65:
                    ac:21:f5:4c:13:08:3e:e7:d8:1e:4d:a0:63:b7:26:
                    be:43:38:6b:f5:ae:50:ff:05:6b:d5:b1:da:9c:83:
                    ed:dc:b2:ba:65:0e:18:8c:99:28:01:43:df:6a:ac:
                    3f:0f:48:29:57:e8:7f:93:60:4f:02:a2:af:01:79:
                    52:61:4a:a2:fa:84:be:d4:f5:05:3b:5e:25:21:f9:
                    0c:4f:dd:24:55:e4:45:ec:81:bd:8b:aa:9a:7a:af:
                    30:1c:06:ff:58:57:b0:58:2c:96:f9:03:7f:54:ca:
                    33:23:60:e3:87:ca:6c:b1:84:38:42:6d:6b:72:10:
                    ab:db:3a:e5:83:75:49:54:bd:98:df:b7:46:fd:1e:
                    79:93:85:60:25:05:88:d8:48:87:b9:f9:4d:ef:86:
                    df:0e:4b:ed:d6:6a:74:4e:75:5b:4a:95:80:4e:1f:
                    ab:3b:d6:61:5b:fb:d4:d0:2d:91:ec:e3:5d:02:9b:
                    90:37:ca:34:31:6f:d6:c9:f8:e9:3e:91:5f:fe:53:
                    bf:4c:af:f3:54:06:75:a7:f8:d1:8b:9e:ea:b2:ab:
                    36:15:01:e5:8e:61:99:af:be:ca:26:e6:0f:35:c2:
                    2c:e0:d5:9a:2f:a6:7f:ad:65:95:27:d0:b3:e1:19:
                    f7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:F9:DF:2E:A5:09:B7:F5:88:30:E7:88:F9:0F:91:1F:A3:94:F4:D2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/373cce23-881c-4767-b758-59583f7c5cd3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2d:2f:63:c1:fa:64:1c:6f:ed:33:aa:2a:41:8e:67:a9:3e:63:
         49:ad:0a:c9:06:0e:99:fc:60:84:11:52:87:4c:9f:f3:08:71:
         71:89:17:d4:72:c4:c9:34:16:e4:65:eb:c7:23:43:cc:5e:8e:
         a1:ab:21:dd:08:6f:2c:40:e7:5a:cb:b2:5b:f4:fc:d6:75:0e:
         78:fd:4a:82:1a:d2:85:5f:b1:ef:3b:dd:64:4e:d4:be:22:79:
         d8:18:51:c8:f4:26:25:c3:31:8a:3e:3a:56:d8:ab:7f:2b:0c:
         c5:ca:c0:7a:cb:b8:9d:bd:46:5c:d5:37:e9:3a:8a:cc:b7:1d:
         77:a6:30:6d:3b:2b:8f:b0:57:0e:5d:ea:a3:b5:fb:2d:d9:1d:
         e3:6f:cc:f3:15:a5:e9:80:da:90:30:fe:a9:a7:91:7b:c4:3d:
         66:1a:53:2e:44:20:5b:a0:80:f2:b5:e0:71:58:11:c9:4b:2e:
         5e:c7:06:09:f8:6f:75:74:d5:65:f7:c1:5c:8c:f1:e4:77:8d:
         24:45:1b:1f:d4:28:e4:73:21:e0:7a:ff:a3:df:58:f7:d6:c4:
         d0:0c:48:ca:3d:1c:7b:93:46:2e:6f:37:f5:12:02:d2:e2:c0:
         87:9d:58:b5:de:c5:3e:4f:cc:37:b2:5b:c6:68:61:24:0a:64:
         77:c0:a6:5a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUM+vcS2hD4dF+7NONDDkZWk39YKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMjMwMDAwMDBaFw0yNDA0MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlMjU5OWI2OGE0N2FhODRkMDExYmQwMWNjOGYzMWJmMjc4YzlmZjMyN2I4
YmY4ZTdiMjIzNWQzNWZkMmIzYjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKAUAs3eP3HNQLH5aXhlrCH1TBMIPufYHk2gY7cmvkM4a/WuUP8Fa9Wx2pyD
7dyyumUOGIyZKAFD32qsPw9IKVfof5NgTwKirwF5UmFKovqEvtT1BTteJSH5DE/d
JFXkReyBvYuqmnqvMBwG/1hXsFgslvkDf1TKMyNg44fKbLGEOEJta3IQq9s65YN1
SVS9mN+3Rv0eeZOFYCUFiNhIh7n5Te+G3w5L7dZqdE51W0qVgE4fqzvWYVv71NAt
kezjXQKbkDfKNDFv1sn46T6RX/5Tv0yv81QGdaf40Yue6rKrNhUB5Y5hma++yibm
DzXCLODVmi+mf61llSfQs+EZ9/8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSS+d8u
pQm39Ygw54j5D5Efo5T00jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzczY2NlMjMtODgxYy00NzY3LWI3NTgtNTk1ODNmN2M1Y2QzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLLsADAN
BgkqhkiG9w0BAQsFAAOCAQEALS9jwfpkHG/tM6oqQY5nqT5jSa0KyQYOmfxghBFS
h0yf8whxcYkX1HLEyTQW5GXrxyNDzF6Ooash3QhvLEDnWsuyW/T81nUOeP1KghrS
hV+x7zvdZE7UviJ52BhRyPQmJcMxij46VtirfysMxcrAesu4nb1GXNU36TqKzLcd
d6YwbTsrj7BXDl3qo7X7Ldkd42/M8xWl6YDakDD+qaeRe8Q9ZhpTLkQgW6CA8rXg
cVgRyUsuXscGCfhvdXTVZffBXIzx5HeNJEUbH9Qo5HMh4Hr/o99Y99bE0AxIyj0c
e5NGLm839RIC0uLAh51Ytd7FPk/MN7JbxmhhJApkd8CmWg==
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:25 2024 by rpki-client on console-fra.rpki-client.org