Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f6e3ef9-620e-492b-a475-8d26fd8e0020.roa
File:                     3f6e3ef9-620e-492b-a475-8d26fd8e0020.roa (raw, json)
Hash identifier:          KyghtX8arftxIRyy/CNfiYKq59YTzhdKl1z5MlZJQuk=
Subject key identifier:   70:03:38:C3:D6:80:8E:69:78:2E:EF:EE:F1:38:52:99:8A:93:35:31
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       514648AA0D71A7C6D46E78BEB81393A8FCB4D1A4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f6e3ef9-620e-492b-a475-8d26fd8e0020.roa
Signing time:             Sat 09 Sep 2023 00:00:00 +0000
ROA not before:           Sat 09 Sep 2023 00:00:00 +0000
ROA not after:            Sat 14 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d016::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 17:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:46:48:aa:0d:71:a7:c6:d4:6e:78:be:b8:13:93:a8:fc:b4:d1:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep  9 00:00:00 2023 GMT
            Not After : Oct 14 23:59:59 2023 GMT
        Subject: serialNumber=cf8073c9c3aaf0957038a84b27780c8ae100554f08df3744781640f15228895c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f5:81:d5:13:89:c7:68:eb:51:e4:48:d0:4a:
                    c7:3e:b8:7d:ba:f5:3f:f3:60:6f:7f:f1:bf:05:a1:
                    78:40:69:c7:35:22:b2:5a:9a:ab:11:03:8a:05:a8:
                    02:33:57:18:a6:78:6e:33:bb:ea:64:9e:48:cb:59:
                    ab:22:6b:22:42:75:ec:2a:b8:2a:13:b5:59:10:d0:
                    e9:df:67:9d:90:36:3e:2a:98:d2:b4:a0:03:d4:95:
                    38:c5:0d:34:a6:14:52:5e:7f:12:bb:53:2d:c1:6d:
                    92:c4:b0:52:ff:ca:59:51:db:55:e6:b9:fc:bc:8a:
                    5b:dc:db:e7:3c:51:70:43:58:87:36:48:2a:16:a4:
                    41:c8:54:85:43:09:d1:e3:ba:cd:ba:4f:3e:bb:18:
                    08:53:76:ee:2d:e4:ac:fd:31:cf:dd:a3:4a:08:f0:
                    2c:bd:c4:2e:22:20:23:08:25:30:72:73:47:a9:96:
                    46:34:16:87:b2:b1:74:07:c2:41:64:04:fe:98:35:
                    8d:55:04:c5:ec:64:96:29:27:e5:ab:4a:73:97:0e:
                    b6:6c:55:41:9a:94:0f:cf:93:62:ef:c5:ec:e6:c0:
                    9c:dc:fa:41:5c:17:ca:12:cd:1a:d3:ec:60:aa:e7:
                    44:f4:fb:9a:61:eb:d1:df:72:b9:bc:0e:44:84:38:
                    f6:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:03:38:C3:D6:80:8E:69:78:2E:EF:EE:F1:38:52:99:8A:93:35:31
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f6e3ef9-620e-492b-a475-8d26fd8e0020.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d016::/36

    Signature Algorithm: sha256WithRSAEncryption
         5a:a9:d6:0e:ef:b8:ec:74:a8:02:d1:81:ac:dc:0a:fd:5c:2e:
         9d:e5:b5:3f:b3:4f:3b:22:5e:21:da:1e:88:36:f8:30:27:2b:
         82:2c:10:ff:c3:fa:a1:90:a8:8d:c0:93:f5:d2:da:05:fe:22:
         02:9a:1b:d2:ee:ed:2f:a8:a3:ca:81:70:5b:da:5c:88:36:b5:
         82:65:7c:a9:0d:35:20:7d:10:42:5e:eb:3b:ec:6f:e0:41:c7:
         3d:7c:c8:56:90:f4:d3:df:87:e9:a6:e4:68:76:9a:14:15:02:
         40:fe:d2:5f:76:be:ff:da:2f:6d:5f:95:59:7b:9d:87:12:4c:
         22:36:38:7f:e3:d8:e6:52:99:e2:dc:f5:60:a2:60:bb:e5:23:
         cb:a8:0d:62:d3:9c:fc:05:8a:7d:0c:01:ca:18:6f:45:ba:1c:
         d6:04:8b:d6:68:32:90:ff:a9:b3:78:84:b8:b4:05:b5:61:84:
         f7:31:2c:3a:40:98:ca:3e:7d:48:6d:99:bc:b0:77:9b:a3:7e:
         99:a5:6d:57:b7:6a:17:26:0c:b7:53:3a:60:fa:eb:19:e3:05:
         4f:06:fe:d6:0f:6b:97:98:92:c1:78:00:88:ab:b0:b2:bc:8f:
         fd:3e:73:6f:fb:f6:34:3f:ad:df:90:75:4c:a0:8a:0d:fd:9e:
         e1:87:31:0f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUUZIqg1xp8bUbni+uBOTqPy00aQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzA5MDkwMDAwMDBaFw0yMzEwMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGNmODA3M2M5YzNhYWYwOTU3MDM4YTg0YjI3NzgwYzhhZTEwMDU1NGYwOGRm
Mzc0NDc4MTY0MGYxNTIyODg5NWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI31gdUTicdo61HkSNBKxz64fbr1P/Ngb3/xvwWheEBpxzUislqaqxEDigWo
AjNXGKZ4bjO76mSeSMtZqyJrIkJ17Cq4KhO1WRDQ6d9nnZA2PiqY0rSgA9SVOMUN
NKYUUl5/ErtTLcFtksSwUv/KWVHbVea5/LyKW9zb5zxRcENYhzZIKhakQchUhUMJ
0eO6zbpPPrsYCFN27i3krP0xz92jSgjwLL3ELiIgIwglMHJzR6mWRjQWh7KxdAfC
QWQE/pg1jVUExexklikn5atKc5cOtmxVQZqUD8+TYu/F7ObAnNz6QVwXyhLNGtPs
YKrnRPT7mmHr0d9yubwORIQ49tUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRwAzjD
1oCOaXgu7+7xOFKZipM1MTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2Y2ZTNlZjktNjIwZS00OTJiLWE0NzUtOGQyNmZkOGUwMDIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BYA
MA0GCSqGSIb3DQEBCwUAA4IBAQBaqdYO77jsdKgC0YGs3Ar9XC6d5bU/s087Il4h
2h6INvgwJyuCLBD/w/qhkKiNwJP10toF/iICmhvS7u0vqKPKgXBb2lyINrWCZXyp
DTUgfRBCXus77G/gQcc9fMhWkPTT34fppuRodpoUFQJA/tJfdr7/2i9tX5VZe52H
EkwiNjh/49jmUpni3PVgomC75SPLqA1i05z8BYp9DAHKGG9FuhzWBIvWaDKQ/6mz
eIS4tAW1YYT3MSw6QJjKPn1IbZm8sHebo36ZpW1Xt2oXJgy3Uzpg+usZ4wVPBv7W
D2uXmJLBeACIq7CyvI/9PnNv+/Y0P63fkHVMoIoN/Z7hhzEP
-----END CERTIFICATE-----
Generated at Sat Sep 9 00:26:29 2023 by rpki-client on console-fra.rpki-client.org