Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/636fd47b-89eb-4828-873d-2c6e06a89e85.roa
File:                     636fd47b-89eb-4828-873d-2c6e06a89e85.roa (raw, json)
Hash identifier:          oZhGPgi+rQCtj2gssdTqHLmNf8ker6OtjwsF7kH8tXg=
Subject key identifier:   8C:3A:DF:91:CE:D3:28:A6:41:40:7F:59:B4:D0:BA:CF:C1:8B:63:0E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2F8FF8BC44C24BD8DDEF34FB8A4F461D34B70B95
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/636fd47b-89eb-4828-873d-2c6e06a89e85.roa
Signing time:             Mon 01 Apr 2024 00:00:00 +0000
ROA not before:           Mon 01 Apr 2024 00:00:00 +0000
ROA not after:            Mon 06 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d011::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Apr 2024 19:21:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:8f:f8:bc:44:c2:4b:d8:dd:ef:34:fb:8a:4f:46:1d:34:b7:0b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  1 00:00:00 2024 GMT
            Not After : May  6 23:59:59 2024 GMT
        Subject: serialNumber=c14c0f1193500a0e1e70128f6181cc22d875db440ba07c8ca4f9304329981e58, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:04:ad:67:3c:40:b5:8a:72:ed:bd:0f:a9:e7:
                    d7:2d:b9:13:43:cf:cc:63:f6:45:01:5a:9e:64:d4:
                    36:ab:44:f8:be:fc:0e:d2:c9:27:20:58:7c:8a:b0:
                    67:65:25:01:3d:a8:e2:03:ef:4d:35:42:d1:bf:ff:
                    1e:83:c9:f8:ab:55:6f:b5:2d:9d:9f:41:d4:5c:bc:
                    9d:ec:bb:a4:f4:86:92:41:8c:81:e2:b0:59:c3:c3:
                    b8:f8:56:51:01:75:91:29:9d:28:a4:6c:e6:fa:49:
                    e2:5d:fa:5a:9b:b8:f0:28:00:87:60:2d:e4:f7:e9:
                    18:cd:3b:46:cb:b5:b1:a3:c7:2f:49:79:19:36:c8:
                    87:1a:1f:23:16:d3:42:3d:25:5e:78:7b:e6:bd:66:
                    2b:f4:1e:77:db:53:93:11:63:32:1b:34:85:71:af:
                    cf:e8:70:24:d4:fd:e3:f8:bd:41:41:fa:86:52:57:
                    6a:9e:9e:86:06:c8:9d:04:c4:2e:7e:51:a6:39:0b:
                    1a:54:40:b8:58:a5:09:4a:2a:58:f0:d8:17:37:79:
                    ee:1b:9e:1a:f1:39:e3:69:c8:0d:04:58:42:5b:3e:
                    24:ab:6f:23:90:55:ec:e9:54:6c:41:b0:e8:94:cb:
                    b8:5b:dd:c2:65:b1:6f:35:02:fc:e3:8c:5a:0e:39:
                    53:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:3A:DF:91:CE:D3:28:A6:41:40:7F:59:B4:D0:BA:CF:C1:8B:63:0E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/636fd47b-89eb-4828-873d-2c6e06a89e85.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d011::/36

    Signature Algorithm: sha256WithRSAEncryption
         9c:bd:cd:68:ba:61:8b:1f:a9:96:cf:8a:ed:97:1c:6f:bd:e4:
         82:9e:df:f1:a9:d1:1a:fb:8e:bd:d7:3c:d6:65:c2:88:35:25:
         1a:d6:ae:3b:be:2b:ad:90:05:7f:7f:b6:21:b4:1d:59:fd:db:
         6a:5f:7f:62:c5:2c:43:37:bf:9a:6b:ca:af:61:60:cd:a6:6b:
         33:17:9f:1a:63:da:ad:f5:57:cc:60:71:17:13:37:39:7a:86:
         8c:15:33:08:b5:04:e8:cf:cb:fa:e1:d9:49:7a:8e:bb:d9:0f:
         23:80:f2:b2:15:6f:24:f0:de:f9:45:9f:c1:93:45:8f:d8:7f:
         13:3f:12:8a:8c:5c:b0:7d:e6:af:4c:1c:43:0e:43:18:0e:7c:
         f1:96:24:f7:5d:f3:72:48:d3:81:4c:a9:e3:57:2f:76:2e:59:
         38:eb:97:c5:30:19:84:9d:f4:4d:f0:9e:64:70:03:f3:b6:05:
         d7:32:73:64:a7:50:a4:25:70:b4:71:ca:8c:1a:bc:6a:05:f1:
         44:74:b8:e9:4e:5c:59:ae:17:71:82:fa:ab:08:25:72:bd:37:
         cb:de:d7:d4:cb:61:81:98:8a:84:52:33:33:b6:18:f9:71:5f:
         c5:4e:7e:98:46:08:eb:21:d9:21:66:43:27:ff:d5:c7:e9:81:
         ea:c7:83:67
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUL4/4vETCS9jd7zT7ik9GHTS3C5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDA0MDEwMDAwMDBaFw0yNDA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGMxNGMwZjExOTM1MDBhMGUxZTcwMTI4ZjYxODFjYzIyZDg3NWRiNDQwYmEw
N2M4Y2E0ZjkzMDQzMjk5ODFlNTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4ErWc8QLWKcu29D6nn1y25E0PPzGP2RQFanmTUNqtE+L78DtLJJyBYfIqw
Z2UlAT2o4gPvTTVC0b//HoPJ+KtVb7UtnZ9B1Fy8ney7pPSGkkGMgeKwWcPDuPhW
UQF1kSmdKKRs5vpJ4l36Wpu48CgAh2At5PfpGM07Rsu1saPHL0l5GTbIhxofIxbT
Qj0lXnh75r1mK/Qed9tTkxFjMhs0hXGvz+hwJNT94/i9QUH6hlJXap6ehgbInQTE
Ln5RpjkLGlRAuFilCUoqWPDYFzd57hueGvE542nIDQRYQls+JKtvI5BV7OlUbEGw
6JTLuFvdwmWxbzUC/OOMWg45U4ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSMOt+R
ztMopkFAf1m00LrPwYtjDjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjM2ZmQ0N2ItODllYi00ODI4LTg3M2QtMmM2ZTA2YTg5ZTg1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BEA
MA0GCSqGSIb3DQEBCwUAA4IBAQCcvc1oumGLH6mWz4rtlxxvveSCnt/xqdEa+469
1zzWZcKINSUa1q47viutkAV/f7YhtB1Z/dtqX39ixSxDN7+aa8qvYWDNpmszF58a
Y9qt9VfMYHEXEzc5eoaMFTMItQToz8v64dlJeo672Q8jgPKyFW8k8N75RZ/Bk0WP
2H8TPxKKjFywfeavTBxDDkMYDnzxliT3XfNySNOBTKnjVy92Llk465fFMBmEnfRN
8J5kcAPztgXXMnNkp1CkJXC0ccqMGrxqBfFEdLjpTlxZrhdxgvqrCCVyvTfL3tfU
y2GBmIqEUjMzthj5cV/FTn6YRgjrIdkhZkMn/9XH6YHqx4Nn
-----END CERTIFICATE-----
Generated at Tue Apr 16 01:21:48 2024 by rpki-client on console-ams.rpki-client.org