Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f6e3ef9-620e-492b-a475-8d26fd8e0020.roa
File:                     3f6e3ef9-620e-492b-a475-8d26fd8e0020.roa (raw, json)
Hash identifier:          3vY7fL/cfvZqFsiOtrTEAOk/eVZqR737xP1XJMK5Pes=
Subject key identifier:   F1:87:9B:38:52:8C:E2:36:1C:F8:31:EA:F7:FE:ED:A2:94:04:FE:1F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       60A8A22D0967D7C73C0072E62554D3DAED6A0161
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f6e3ef9-620e-492b-a475-8d26fd8e0020.roa
Signing time:             Sat 18 Mar 2023 00:00:00 +0000
ROA not before:           Sat 18 Mar 2023 00:00:00 +0000
ROA not after:            Sat 22 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d016::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Mar 2023 16:08:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:a8:a2:2d:09:67:d7:c7:3c:00:72:e6:25:54:d3:da:ed:6a:01:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 18 00:00:00 2023 GMT
            Not After : Apr 22 23:59:59 2023 GMT
        Subject: serialNumber=ffccc38c381c751b7dacf889a617cdeb49f7a634349309c93e2e29a3c6aa219f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:68:56:37:8e:03:59:1c:c9:7f:e0:d4:96:54:
                    14:fe:34:3a:5c:1d:fe:10:78:b9:9d:26:24:56:a0:
                    38:be:19:1e:ed:2b:03:d8:10:0d:b8:ee:cc:80:36:
                    57:6c:ef:07:fc:16:86:08:b1:1c:cf:d7:2e:3e:dd:
                    6f:b2:b3:a4:fa:5b:d3:bc:8e:23:60:3a:58:ce:15:
                    c1:a6:d5:6e:8a:6d:a8:90:f4:d5:54:13:3e:74:2c:
                    93:ea:90:ff:9a:fc:ab:60:f0:6e:30:ad:80:75:fc:
                    c2:51:3f:88:ff:9c:ee:70:a8:fe:f7:d9:99:a4:a8:
                    58:cb:3e:72:2f:21:f9:74:3f:ef:24:9a:73:5d:f7:
                    c6:8b:fd:0b:0a:a7:b3:7a:51:b3:2c:a3:ef:47:15:
                    ac:d8:c6:83:d8:41:ba:98:05:ec:7e:e9:dc:fc:9c:
                    e9:53:43:f2:e1:2d:f1:40:24:65:aa:fb:6f:a2:fb:
                    6f:87:c9:10:bf:7b:9b:41:15:b9:19:02:0a:67:4f:
                    83:95:10:f3:f1:90:cd:08:cf:9d:43:6e:36:ec:d9:
                    ce:b6:17:c4:9e:9b:14:88:69:2d:d8:4f:ab:4c:99:
                    84:c4:bc:dd:da:f3:53:29:f6:18:6f:64:c7:7f:d4:
                    4c:1d:28:8d:3d:82:b4:bf:24:e6:66:3d:ca:1e:89:
                    b4:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                F1:87:9B:38:52:8C:E2:36:1C:F8:31:EA:F7:FE:ED:A2:94:04:FE:1F
            X509v3 Authority Key Identifier: 
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f6e3ef9-620e-492b-a475-8d26fd8e0020.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d016::/36

    Signature Algorithm: sha256WithRSAEncryption
         65:6a:d7:45:59:f3:75:c9:75:ef:2e:19:03:fd:ed:95:d5:7e:
         a1:a2:74:02:8d:15:da:98:1a:e5:79:53:51:82:b5:9c:c9:0b:
         c3:55:79:a8:71:4a:a0:c9:8c:d8:57:5c:15:aa:d2:28:f0:0a:
         53:50:67:b3:ff:03:ce:a6:e0:97:9a:b5:84:45:5b:7a:59:7c:
         6a:af:93:ab:e5:4d:c8:fb:9b:a4:fd:28:ac:ab:e3:46:9d:1a:
         09:0e:65:89:22:23:2d:ca:1f:48:64:28:b2:f9:28:38:9a:fa:
         59:0c:8e:58:79:88:ba:6c:66:fb:fb:a0:e8:ed:7f:31:90:13:
         da:52:56:f4:dd:6b:61:a2:34:3c:6d:ef:bf:f0:fc:b9:80:5a:
         54:73:d7:fa:8c:24:da:e8:be:f0:3c:55:cd:41:85:97:08:b2:
         96:e6:94:74:3c:a5:5b:32:48:e1:1a:a2:23:35:8c:3e:15:aa:
         55:e3:68:27:01:19:7e:16:62:19:5d:48:fb:21:50:c6:a4:1b:
         7a:88:23:e4:81:e0:81:85:68:9e:2c:f9:91:2b:71:49:1f:ea:
         f6:27:6a:71:89:68:52:bf:4a:cd:1e:80:8c:0d:76:34:9c:28:
         64:69:07:3f:92:c6:3e:3a:1e:f2:29:f9:39:aa:87:43:1e:38:
         17:c4:a3:7c
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIUYKiiLQln18c8AHLmJVTT2u1qAWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzAzMTgwMDAwMDBaFw0yMzA0MjIyMzU5NTlaMIGlMUkwRwYD
VQQFE0BmZmNjYzM4YzM4MWM3NTFiN2RhY2Y4ODlhNjE3Y2RlYjQ5ZjdhNjM0MzQ5
MzA5YzkzZTJlMjlhM2M2YWEyMTlmMS0wKwYDVQQDEyQ2NjE1YTM4Yi0zYWQ3LTQ3
YjctOGZiMi02ODVjMzhkMDA5MTQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
tGhWN44DWRzJf+DUllQU/jQ6XB3+EHi5nSYkVqA4vhke7SsD2BANuO7MgDZXbO8H
/BaGCLEcz9cuPt1vsrOk+lvTvI4jYDpYzhXBptVuim2okPTVVBM+dCyT6pD/mvyr
YPBuMK2AdfzCUT+I/5zucKj+99mZpKhYyz5yLyH5dD/vJJpzXffGi/0LCqezelGz
LKPvRxWs2MaD2EG6mAXsfunc/JzpU0Py4S3xQCRlqvtvovtvh8kQv3ubQRW5GQIK
Z0+DlRDz8ZDNCM+dQ2427NnOthfEnpsUiGkt2E+rTJmExLzd2vNTKfYYb2THf9RM
HSiNPYK0vyTmZj3KHom0CwIDAQABo4ICIzCCAh8wHQYDVR0OBBYEFPGHmzhSjOI2
HPgx6vf+7aKUBP4fMB8GA1UdIwQYMBaAFItiY9vpeZ3WeT4OiCrSHLSEmXC8MA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvaTJKajItbDVuZFo1
UGc2SUt0SWN0SVNaY0x3LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lL2RiYThmMDFjLTk2NjktNDRhMy1hYzZlLWRiMmVkYjA5OWI4NC8zZjZl
M2VmOS02MjBlLTQ5MmItYTQ3NS04ZDI2ZmQ4ZTAwMjAucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
dU9EYXRkdFljMUhyaHRVUVZReXJESzA4R2VJLmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgXQFgAwDQYJ
KoZIhvcNAQELBQADggEBAGVq10VZ83XJde8uGQP97ZXVfqGidAKNFdqYGuV5U1GC
tZzJC8NVeahxSqDJjNhXXBWq0ijwClNQZ7P/A86m4JeatYRFW3pZfGqvk6vlTcj7
m6T9KKyr40adGgkOZYkiIy3KH0hkKLL5KDia+lkMjlh5iLpsZvv7oOjtfzGQE9pS
VvTda2GiNDxt77/w/LmAWlRz1/qMJNrovvA8Vc1BhZcIspbmlHQ8pVsySOEaoiM1
jD4VqlXjaCcBGX4WYhldSPshUMakG3qII+SB4IGFaJ4s+ZErcUkf6vYnanGJaFK/
Ss0egIwNdjScKGRpBz+Sxj46HvIp+Tmqh0MeOBfEo3w=
-----END CERTIFICATE-----
Generated at Sat Mar 18 00:25:51 2023 by rpki-client on console-fra.rpki-client.org