Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa
File:                     538037c5-70a6-4b45-b84c-b4af8015af39.roa (raw, json)
Hash identifier:          HHcOyF0CYLLCZFRFEFCMje0blKjp3TXGq0ITN7Q4oXo=
Subject key identifier:   B1:AC:90:E6:1F:D3:29:F2:74:35:67:2C:3F:E2:83:E4:C0:E6:66:36
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5D8C3A8BC5EF92F1311E3AEF486D1ECF0DFF330C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d029::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Sep 2023 14:37:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:8c:3a:8b:c5:ef:92:f1:31:1e:3a:ef:48:6d:1e:cf:0d:ff:33:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=2b11ba9dcc564a3a0090b0fa1ff4207158b96daae35c1f735281c405563cff5b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fc:9a:2e:26:34:84:7c:db:51:46:5f:91:6b:
                    8f:11:4d:3c:f0:e4:57:78:0c:51:b4:d9:b9:9b:bb:
                    78:74:68:4c:60:eb:29:c2:67:ae:63:93:a0:0a:05:
                    f9:6f:f9:69:41:ba:f3:4a:7f:68:bc:1a:84:da:b6:
                    24:b6:78:b7:c1:3a:ad:2b:67:32:c4:a6:03:2a:9b:
                    b5:a3:83:c8:9c:69:01:eb:86:f5:67:b5:ff:0e:1c:
                    53:e7:73:fe:5b:4e:40:87:85:73:0c:66:5c:08:c8:
                    a5:21:a1:a8:32:f4:75:d7:7a:87:5d:c7:52:e4:b7:
                    1c:e7:8b:fb:23:fb:11:40:11:6c:aa:d2:50:d9:30:
                    91:dd:3d:b0:49:2c:04:da:c6:1a:91:72:7a:91:1c:
                    d4:22:9e:93:88:73:67:cf:96:7a:64:9f:d4:fd:c7:
                    1f:e2:57:b9:93:25:3c:39:85:53:2a:95:9b:cc:bf:
                    88:86:1b:95:fd:27:73:96:7b:a9:78:92:16:2b:31:
                    39:da:3e:a4:3c:62:6f:e8:a1:14:f9:ee:a0:a8:bc:
                    cd:57:af:94:8c:cb:96:40:f9:53:9b:9e:14:03:b9:
                    b0:bc:b7:63:6a:ec:cb:2c:f9:05:ba:6d:73:75:1f:
                    34:32:9b:d7:da:74:1a:01:4e:48:87:4e:7c:5d:49:
                    24:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:AC:90:E6:1F:D3:29:F2:74:35:67:2C:3F:E2:83:E4:C0:E6:66:36
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d029::/36

    Signature Algorithm: sha256WithRSAEncryption
         a8:38:95:50:05:9a:c8:89:76:b4:d1:82:d1:20:5c:59:26:45:
         52:25:73:6b:85:b3:10:ad:ed:09:98:e0:09:a8:27:a0:48:5b:
         e4:f1:41:e6:21:8e:2d:b5:14:d9:df:61:99:c1:05:df:b9:6c:
         65:57:9d:8b:55:30:0e:05:bb:40:42:72:9b:42:64:fd:e1:41:
         8c:4b:40:71:2e:60:5c:62:09:3b:31:a9:5a:86:d2:ea:64:b6:
         d4:b2:42:66:23:21:1f:87:b6:ec:61:74:10:07:8c:1a:c3:24:
         01:35:ee:e0:44:fd:3a:d7:b6:35:45:94:c9:81:aa:bb:87:37:
         76:b4:25:80:11:d0:ec:36:84:31:fc:8f:d5:18:93:55:a1:16:
         49:30:22:04:bb:70:e7:88:c3:f2:b0:43:a7:0c:f0:c5:1f:d0:
         18:38:f6:5e:87:1f:43:48:f7:2f:00:5e:65:75:0e:5c:c6:a7:
         71:4f:35:64:27:22:9c:a5:be:5c:64:f5:2f:62:d4:6c:3f:66:
         ac:23:71:47:79:dc:65:a3:23:45:66:f9:4a:5d:d4:41:9e:c7:
         be:cc:a7:c4:05:02:5e:04:21:ba:e3:d9:80:d7:fc:f9:1c:11:
         1a:94:98:f0:ad:3a:b6:c9:f3:d3:13:08:ca:d9:82:5d:fd:de:
         b7:4a:59:13
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXYw6i8XvkvExHjrvSG0ezw3/MwwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzA5MTEwMDAwMDBaFw0yMzEwMTYyMzU5NTlaMHoxSTBHBgNV
BAUTQDJiMTFiYTlkY2M1NjRhM2EwMDkwYjBmYTFmZjQyMDcxNThiOTZkYWFlMzVj
MWY3MzUyODFjNDA1NTYzY2ZmNWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKL8mi4mNIR821FGX5FrjxFNPPDkV3gMUbTZuZu7eHRoTGDrKcJnrmOToAoF
+W/5aUG680p/aLwahNq2JLZ4t8E6rStnMsSmAyqbtaODyJxpAeuG9We1/w4cU+dz
/ltOQIeFcwxmXAjIpSGhqDL0ddd6h13HUuS3HOeL+yP7EUARbKrSUNkwkd09sEks
BNrGGpFyepEc1CKek4hzZ8+WemSf1P3HH+JXuZMlPDmFUyqVm8y/iIYblf0nc5Z7
qXiSFisxOdo+pDxib+ihFPnuoKi8zVevlIzLlkD5U5ueFAO5sLy3Y2rsyyz5Bbpt
c3UfNDKb19p0GgFOSIdOfF1JJL0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSxrJDm
H9Mp8nQ1Zyw/4oPkwOZmNjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTM4MDM3YzUtNzBhNi00YjQ1LWI4NGMtYjRhZjgwMTVhZjM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CkA
MA0GCSqGSIb3DQEBCwUAA4IBAQCoOJVQBZrIiXa00YLRIFxZJkVSJXNrhbMQre0J
mOAJqCegSFvk8UHmIY4ttRTZ32GZwQXfuWxlV52LVTAOBbtAQnKbQmT94UGMS0Bx
LmBcYgk7MalahtLqZLbUskJmIyEfh7bsYXQQB4wawyQBNe7gRP0617Y1RZTJgaq7
hzd2tCWAEdDsNoQx/I/VGJNVoRZJMCIEu3DniMPysEOnDPDFH9AYOPZehx9DSPcv
AF5ldQ5cxqdxTzVkJyKcpb5cZPUvYtRsP2asI3FHedxloyNFZvlKXdRBnse+zKfE
BQJeBCG649mA1/z5HBEalJjwrTq2yfPTEwjK2YJd/d63SlkT
-----END CERTIFICATE-----
Generated at Mon Sep 11 16:32:02 2023 by rpki-client on console-fra.rpki-client.org