Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa
File:                     4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa (raw, json)
Hash identifier:          DL+BSf01wLxZclLcj/vGyICKeheQA8JFG374hF7KgCg=
Subject key identifier:   8E:E3:CB:B2:F8:8D:AA:10:7E:C1:6A:E2:3C:ED:74:B7:ED:A3:5B:52
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       208F4FDB74FCCE62403629AE6B1948BB7D3F780E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa
Signing time:             Mon 02 Sep 2024 00:00:00 +0000
ROA not before:           Mon 02 Sep 2024 00:00:00 +0000
ROA not after:            Mon 07 Oct 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d075:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Sep 2024 20:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:8f:4f:db:74:fc:ce:62:40:36:29:ae:6b:19:48:bb:7d:3f:78:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep  2 00:00:00 2024 GMT
            Not After : Oct  7 23:59:59 2024 GMT
        Subject: serialNumber=cf04cfccf4aee1ddc65e78ea47e98f30261ea5b0fb0c92b631229dcb6e5ccdf7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:52:7c:cd:57:ed:f6:66:98:31:19:0e:c5:ae:
                    0f:7c:3f:99:a2:84:20:92:5d:d1:6d:0b:ae:5f:64:
                    a4:88:5a:a2:85:d5:88:3b:e1:68:4b:f0:b0:28:ae:
                    8d:e8:13:f2:8e:f6:08:7a:72:e5:1b:cb:03:ff:ec:
                    41:87:31:3c:28:a9:76:b1:da:a7:1e:9c:11:59:44:
                    03:8a:49:9e:8a:62:34:62:db:89:98:64:e7:b5:50:
                    ec:e3:e2:7c:f7:7d:e0:28:95:78:65:ec:66:93:6c:
                    1f:56:d1:ef:0b:e9:dd:14:15:6a:75:1d:3e:6f:0d:
                    4d:28:d7:f3:3c:4d:34:86:9f:3b:4e:d2:eb:d9:5b:
                    5e:22:d2:7f:c3:04:d2:60:f3:57:ea:cd:2d:85:50:
                    9a:96:2c:ae:9a:b1:ce:6f:0f:7e:02:57:92:34:76:
                    b4:91:cd:d2:0a:6e:6a:6b:21:fc:23:5a:77:34:42:
                    be:97:49:53:99:4c:6b:34:b1:7b:39:bd:17:d5:d5:
                    8f:f5:04:d4:8f:86:86:f8:d6:a1:2e:f2:a5:ec:ac:
                    52:8c:59:3f:3b:e7:7f:02:b5:06:02:97:a2:e2:f6:
                    ca:9c:9c:9f:77:c6:a0:00:ca:df:a3:c7:ea:d5:f9:
                    9f:d5:f6:d0:2c:e6:91:01:05:bb:b4:6f:67:76:76:
                    51:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E3:CB:B2:F8:8D:AA:10:7E:C1:6A:E2:3C:ED:74:B7:ED:A3:5B:52
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d075:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         55:52:d0:38:13:6a:a2:43:e5:37:da:1c:0a:8e:36:e2:a3:7e:
         e5:a7:4a:83:cf:93:0a:b7:45:ec:a9:ef:71:4f:49:7d:76:e2:
         94:36:2d:d2:76:7f:fc:d0:cb:eb:72:8c:56:40:10:00:50:67:
         c0:66:ca:3b:46:d9:8c:0d:bd:cd:f2:4a:a9:e7:28:a2:03:50:
         29:19:5c:a5:44:5d:90:4f:fd:62:bc:c3:93:c3:fe:12:f1:00:
         a6:40:3e:da:61:9a:20:92:e8:19:ae:2d:8d:b2:2b:78:df:e3:
         15:93:31:d8:5a:e5:eb:f0:f0:05:5d:88:b9:08:88:11:ad:c8:
         de:0a:36:84:50:6a:8d:c2:2d:43:c2:f6:b1:67:33:8d:06:b8:
         3b:a1:eb:da:ca:ee:c9:69:f4:1b:f7:b6:6d:0e:6a:09:fd:30:
         77:c1:13:c6:a1:8d:f1:9a:be:d4:9b:89:f4:29:76:07:79:0a:
         ee:78:83:eb:85:90:05:d2:2f:cf:ba:86:9f:c0:d2:68:bb:cd:
         a2:f2:69:95:49:73:a0:68:5a:68:31:1c:ec:e0:51:d3:8e:1d:
         17:03:fe:2b:00:8c:96:fb:6f:07:db:14:c2:82:5b:7e:3e:4b:
         d0:08:59:2d:5e:da:ed:ee:57:fc:aa:f8:c5:3c:b9:a2:ac:83:
         9b:f4:67:08
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUII9P23T8zmJANimuaxlIu30/eA4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDA5MDIwMDAwMDBaFw0yNDEwMDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGNmMDRjZmNjZjRhZWUxZGRjNjVlNzhlYTQ3ZTk4ZjMwMjYxZWE1YjBmYjBj
OTJiNjMxMjI5ZGNiNmU1Y2NkZjcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMpSfM1X7fZmmDEZDsWuD3w/maKEIJJd0W0Lrl9kpIhaooXViDvhaEvwsCiu
jegT8o72CHpy5RvLA//sQYcxPCipdrHapx6cEVlEA4pJnopiNGLbiZhk57VQ7OPi
fPd94CiVeGXsZpNsH1bR7wvp3RQVanUdPm8NTSjX8zxNNIafO07S69lbXiLSf8ME
0mDzV+rNLYVQmpYsrpqxzm8PfgJXkjR2tJHN0gpuamsh/CNadzRCvpdJU5lMazSx
ezm9F9XVj/UE1I+GhvjWoS7ypeysUoxZPzvnfwK1BgKXouL2ypycn3fGoADK36PH
6tX5n9X20CzmkQEFu7RvZ3Z2UdkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSO48uy
+I2qEH7BauI87XS37aNbUjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGI2ZGRjYTctMTcyZi00ZjBlLTlhODMtOWEzNTlmNjJjNDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HVA
MA0GCSqGSIb3DQEBCwUAA4IBAQBVUtA4E2qiQ+U32hwKjjbio37lp0qDz5MKt0Xs
qe9xT0l9duKUNi3Sdn/80MvrcoxWQBAAUGfAZso7RtmMDb3N8kqp5yiiA1ApGVyl
RF2QT/1ivMOTw/4S8QCmQD7aYZogkugZri2Nsit43+MVkzHYWuXr8PAFXYi5CIgR
rcjeCjaEUGqNwi1DwvaxZzONBrg7oevayu7JafQb97ZtDmoJ/TB3wRPGoY3xmr7U
m4n0KXYHeQrueIPrhZAF0i/PuoafwNJou82i8mmVSXOgaFpoMRzs4FHTjh0XA/4r
AIyW+28H2xTCglt+PkvQCFktXtrt7lf8qvjFPLmirIOb9GcI
-----END CERTIFICATE-----
Generated at Sat Sep 7 02:13:45 2024 by rpki-client on console-fra.rpki-client.org