Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
File:                     3bde61a2-7506-48c2-8365-3447411d858e.roa (raw, json)
Hash identifier:          MOx3V4KmbQYC8VzScHRrWjXz0Ry7ZlsJqIhX6rhk8f4=
Subject key identifier:   81:C5:AA:01:14:B7:CD:93:F9:7A:CD:3C:5F:AB:F6:D3:95:B2:A1:8E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7FB91AE43DCB51758E02E67C517AA8FFA3261FE1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:5000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:b9:1a:e4:3d:cb:51:75:8e:02:e6:7c:51:7a:a8:ff:a3:26:1f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=d97cf474dbdf8955d59af3493a810273bb44f01729ecf0db296ff34a2d151f1a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:68:2b:af:65:98:bd:cd:5e:47:48:5a:a5:0d:
                    56:e1:8d:48:ea:96:05:f6:19:a7:65:08:3d:93:3b:
                    06:82:cc:52:90:87:e5:20:8d:29:f2:c9:31:9e:ae:
                    8d:28:c5:94:c3:82:be:9f:02:4e:f8:44:de:17:09:
                    6b:29:e3:0c:2d:c6:db:0c:6b:4a:c0:3b:fb:40:d3:
                    76:c4:37:b1:6c:37:82:80:57:f1:82:ce:06:e2:1c:
                    e6:e4:72:89:53:ef:0b:6b:54:6d:4c:a0:1b:79:53:
                    fb:4d:58:fe:5b:69:a8:e9:d4:59:21:f2:ab:0e:6d:
                    aa:2d:38:c2:ee:4f:63:9b:76:9e:29:1a:8d:6a:b7:
                    e6:10:f6:e8:b5:a5:a2:e8:0a:cc:51:ad:45:f8:53:
                    49:9f:61:a7:9f:a2:f1:5f:c9:2d:60:4e:5b:95:f6:
                    55:50:be:b6:5f:96:a6:da:5a:e5:86:07:6b:c1:d9:
                    56:cf:4a:95:ce:0c:10:2e:40:b4:a6:7a:50:64:e0:
                    c9:fd:48:7d:20:fe:de:3c:3c:3d:2d:51:96:f7:28:
                    89:5f:04:00:bc:5f:5a:c0:c2:f6:06:22:4a:56:6c:
                    41:57:4a:e8:6a:ea:51:37:36:48:7b:f7:79:9e:7e:
                    4e:4a:e8:10:6b:a0:9c:98:91:9e:05:46:4f:b7:00:
                    bf:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:C5:AA:01:14:B7:CD:93:F9:7A:CD:3C:5F:AB:F6:D3:95:B2:A1:8E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c4:b4:8d:63:2f:3f:1f:8c:27:04:fc:3c:5f:cd:64:56:ad:ed:
         75:58:ad:79:e0:67:c6:f3:78:05:98:b0:a8:32:41:83:0c:81:
         20:45:4a:2c:5d:35:25:57:a3:42:34:36:ce:da:47:5c:b6:1c:
         f5:c9:c9:31:93:20:65:62:4b:fc:af:d7:f3:81:13:0d:21:07:
         fe:42:f4:1e:a8:ba:b0:42:3c:cf:e5:00:b7:7d:87:68:60:6e:
         a5:6d:f5:f7:7b:59:c3:d3:a8:13:2a:17:4b:80:ef:05:fc:73:
         47:de:35:e6:09:f9:e7:31:c3:6e:bc:2e:1d:21:e3:a4:92:6d:
         b7:59:4a:64:4d:82:ae:c1:9a:f8:d0:93:8b:24:68:d4:c4:21:
         d9:1e:49:43:92:a5:99:a1:5e:66:99:d9:38:e1:bb:b2:69:c7:
         b6:a7:f8:c3:a8:a7:46:5e:6b:fa:42:bd:41:1c:36:29:2c:a6:
         d6:ea:3c:91:0f:3f:de:0b:a5:bb:15:3a:3b:64:7b:be:13:7e:
         0e:68:12:ba:75:e7:61:6d:17:32:24:00:b9:51:7d:93:ed:21:
         03:cb:d0:88:c5:d4:7a:92:9b:8a:eb:37:76:68:54:1e:47:67:
         33:1b:88:6a:e1:85:fa:82:72:17:62:01:32:9f:74:c2:d1:83:
         f8:d3:1c:14
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUf7ka5D3LUXWOAuZ8UXqo/6MmH+EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ5N2NmNDc0ZGJkZjg5NTVkNTlhZjM0OTNhODEwMjczYmI0NGYwMTcyOWVj
ZjBkYjI5NmZmMzRhMmQxNTFmMWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJVoK69lmL3NXkdIWqUNVuGNSOqWBfYZp2UIPZM7BoLMUpCH5SCNKfLJMZ6u
jSjFlMOCvp8CTvhE3hcJaynjDC3G2wxrSsA7+0DTdsQ3sWw3goBX8YLOBuIc5uRy
iVPvC2tUbUygG3lT+01Y/ltpqOnUWSHyqw5tqi04wu5PY5t2nikajWq35hD26LWl
ougKzFGtRfhTSZ9hp5+i8V/JLWBOW5X2VVC+tl+Wptpa5YYHa8HZVs9Klc4MEC5A
tKZ6UGTgyf1IfSD+3jw8PS1RlvcoiV8EALxfWsDC9gYiSlZsQVdK6GrqUTc2SHv3
eZ5+TkroEGugnJiRngVGT7cAvzcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSBxaoB
FLfNk/l6zTxfq/bTlbKhjjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2JkZTYxYTItNzUwNi00OGMyLTgzNjUtMzQ0NzQxMWQ4NThlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDEtI1jLz8fjCcE/DxfzWRWre11WK154GfG83gF
mLCoMkGDDIEgRUosXTUlV6NCNDbO2kdcthz1yckxkyBlYkv8r9fzgRMNIQf+QvQe
qLqwQjzP5QC3fYdoYG6lbfX3e1nD06gTKhdLgO8F/HNH3jXmCfnnMcNuvC4dIeOk
km23WUpkTYKuwZr40JOLJGjUxCHZHklDkqWZoV5mmdk44buyace2p/jDqKdGXmv6
Qr1BHDYpLKbW6jyRDz/eC6W7FTo7ZHu+E34OaBK6dedhbRcyJAC5UX2T7SEDy9CI
xdR6kpuK6zd2aFQeR2czG4hq4YX6gnIXYgEyn3TC0YP40xwU
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:25 2024 by rpki-client on console-fra.rpki-client.org