Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa
File:                     538037c5-70a6-4b45-b84c-b4af8015af39.roa (raw, json)
Hash identifier:          XtfyK3W7U+etzhqHJfLvNLks3lzDhTYp/qfFU007Fkc=
Subject key identifier:   56:52:96:78:22:BB:A2:AC:72:D0:F4:45:1F:93:82:51:A7:28:A1:2A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       109DA2DE3C5DDD65B4CBDCA7E8FC3716F7C1837D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa
Signing time:             Sun 19 Mar 2023 00:00:00 +0000
ROA not before:           Sun 19 Mar 2023 00:00:00 +0000
ROA not after:            Sun 23 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d029::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Mar 2023 08:58:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:9d:a2:de:3c:5d:dd:65:b4:cb:dc:a7:e8:fc:37:16:f7:c1:83:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 19 00:00:00 2023 GMT
            Not After : Apr 23 23:59:59 2023 GMT
        Subject: serialNumber=6d9ed46a3926987e2d4067065dd6527efea4afd3f32bbbfa93e841fc1aab883f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5b:20:07:35:bd:c5:6d:8f:ac:dc:e9:e7:47:
                    fa:44:0f:37:e8:a6:69:6f:21:d5:b4:cf:91:1b:7d:
                    ef:6b:65:3a:f2:ed:4b:ec:dd:f1:aa:72:30:37:bf:
                    ae:2e:14:58:fe:98:1c:8d:c8:52:00:fa:40:c3:af:
                    96:e7:4b:24:25:e1:8d:d6:23:95:a7:3e:0e:f0:92:
                    bc:e0:90:2d:02:5f:3d:1c:46:a2:0f:e2:a1:01:0d:
                    51:a0:f8:be:7d:e2:25:4f:4f:a3:06:dc:dd:07:83:
                    85:ef:ec:a1:72:1e:68:03:53:09:69:31:a0:93:c0:
                    06:41:bf:6f:e1:6c:f7:7f:6e:7b:13:7b:88:5a:2a:
                    de:6d:61:b4:ba:75:a1:9e:0c:15:af:51:7d:61:f0:
                    8e:50:4f:22:91:62:8b:f5:77:6d:3f:31:c3:db:09:
                    34:b7:2c:47:79:b4:bb:be:28:ec:ab:89:33:f6:ea:
                    44:95:a7:c7:e2:06:0f:60:1e:cb:a3:00:98:01:45:
                    f5:05:50:1b:e3:75:a4:c2:49:5a:2c:96:d9:10:4a:
                    59:68:eb:ce:1b:96:0b:c4:a6:95:6a:23:2a:28:e9:
                    20:3a:43:30:fb:11:93:cf:9c:5c:a8:7f:8c:df:36:
                    a0:34:1c:fb:88:51:e1:16:56:9b:6b:f3:c4:5b:ca:
                    ac:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                56:52:96:78:22:BB:A2:AC:72:D0:F4:45:1F:93:82:51:A7:28:A1:2A
            X509v3 Authority Key Identifier: 
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d029::/36

    Signature Algorithm: sha256WithRSAEncryption
         ad:d3:49:0b:65:cf:06:7d:a4:d3:1e:a7:ee:7e:fc:c1:32:c7:
         78:73:d2:c4:b2:c9:c0:82:85:20:de:ef:29:c3:b5:53:68:e4:
         16:e9:30:f1:11:2c:5f:fc:22:8a:59:03:fb:7c:76:05:cd:93:
         08:d2:09:38:b2:0f:6d:65:ba:af:c2:21:7e:8d:8c:8d:c6:e7:
         c8:ad:20:f9:65:40:8e:92:e7:ba:22:58:f1:3e:49:18:61:1d:
         1a:5b:5a:c5:60:1d:f6:91:94:33:7f:22:ab:1a:cb:c9:bf:73:
         5e:85:45:39:0e:84:77:ad:18:93:17:74:15:e0:67:84:a2:0c:
         8b:f0:84:08:60:55:f1:8d:bd:59:7c:8f:a2:d3:ba:cf:58:da:
         fc:83:a7:e3:ed:39:0f:65:c1:07:e4:ef:1a:ec:29:35:9d:22:
         10:2c:89:77:0a:bd:db:a3:90:a2:0d:3e:40:2c:7a:4f:8a:4e:
         04:3a:95:44:c9:79:dd:43:91:9f:68:94:36:5b:7a:c3:7e:cd:
         3a:06:bf:83:79:97:c0:a9:70:d4:f5:d5:09:ec:b6:ad:41:f1:
         4a:af:23:4b:fd:bd:9e:cf:09:a5:69:dc:fe:ee:8c:a7:de:6b:
         3f:0e:63:be:dd:77:89:dd:1f:d5:df:19:b1:fe:03:7e:ae:c0:
         11:a7:d5:18
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIUEJ2i3jxd3WW0y9yn6Pw3FvfBg30wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzAzMTkwMDAwMDBaFw0yMzA0MjMyMzU5NTlaMIGlMUkwRwYD
VQQFE0A2ZDllZDQ2YTM5MjY5ODdlMmQ0MDY3MDY1ZGQ2NTI3ZWZlYTRhZmQzZjMy
YmJiZmE5M2U4NDFmYzFhYWI4ODNmMS0wKwYDVQQDEyQ2NjE1YTM4Yi0zYWQ3LTQ3
YjctOGZiMi02ODVjMzhkMDA5MTQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
yVsgBzW9xW2PrNzp50f6RA836KZpbyHVtM+RG33va2U68u1L7N3xqnIwN7+uLhRY
/pgcjchSAPpAw6+W50skJeGN1iOVpz4O8JK84JAtAl89HEaiD+KhAQ1RoPi+feIl
T0+jBtzdB4OF7+yhch5oA1MJaTGgk8AGQb9v4Wz3f257E3uIWirebWG0unWhngwV
r1F9YfCOUE8ikWKL9XdtPzHD2wk0tyxHebS7vijsq4kz9upElafH4gYPYB7LowCY
AUX1BVAb43WkwklaLJbZEEpZaOvOG5YLxKaVaiMqKOkgOkMw+xGTz5xcqH+M3zag
NBz7iFHhFlaba/PEW8qsRQIDAQABo4ICIzCCAh8wHQYDVR0OBBYEFFZSlngiu6Ks
ctD0RR+TglGnKKEqMB8GA1UdIwQYMBaAFItiY9vpeZ3WeT4OiCrSHLSEmXC8MA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvaTJKajItbDVuZFo1
UGc2SUt0SWN0SVNaY0x3LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lL2RiYThmMDFjLTk2NjktNDRhMy1hYzZlLWRiMmVkYjA5OWI4NC81Mzgw
MzdjNS03MGE2LTRiNDUtYjg0Yy1iNGFmODAxNWFmMzkucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
dU9EYXRkdFljMUhyaHRVUVZReXJESzA4R2VJLmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgXQKQAwDQYJ
KoZIhvcNAQELBQADggEBAK3TSQtlzwZ9pNMep+5+/MEyx3hz0sSyycCChSDe7ynD
tVNo5BbpMPERLF/8IopZA/t8dgXNkwjSCTiyD21luq/CIX6NjI3G58itIPllQI6S
57oiWPE+SRhhHRpbWsVgHfaRlDN/Iqsay8m/c16FRTkOhHetGJMXdBXgZ4SiDIvw
hAhgVfGNvVl8j6LTus9Y2vyDp+PtOQ9lwQfk7xrsKTWdIhAsiXcKvdujkKINPkAs
ek+KTgQ6lUTJed1DkZ9olDZbesN+zToGv4N5l8CpcNT11Qnstq1B8UqvI0v9vZ7P
CaVp3P7ujKfeaz8OY77dd4ndH9XfGbH+A36uwBGn1Rg=
-----END CERTIFICATE-----
Generated at Sun Mar 19 16:34:20 2023 by rpki-client on console-ams.rpki-client.org