Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/651dabbc-ea96-4696-a874-5fa7163b0e4f.roa
File:                     651dabbc-ea96-4696-a874-5fa7163b0e4f.roa (raw, json)
Hash identifier:          WE3Iqov05ziRMRi1zEy6UBFO5hcfol8x4aPDiWlMq/4=
Subject key identifier:   00:40:A4:A0:C6:64:EF:B7:37:AD:23:71:16:78:69:A0:C7:01:14:E7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       22274D15EC3D586130E32BECFAB9214E5DF3E299
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/651dabbc-ea96-4696-a874-5fa7163b0e4f.roa
Signing time:             Mon 04 Mar 2024 00:00:00 +0000
ROA not before:           Mon 04 Mar 2024 00:00:00 +0000
ROA not after:            Mon 08 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:27:4d:15:ec:3d:58:61:30:e3:2b:ec:fa:b9:21:4e:5d:f3:e2:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  4 00:00:00 2024 GMT
            Not After : Apr  8 23:59:59 2024 GMT
        Subject: serialNumber=d62ac5c936c87c7a1d1eaf802112a55f3f7f2845765b4e846d159f97b40a9dd2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f8:c7:29:76:1a:9a:3d:95:e7:e6:18:92:0a:
                    0c:31:ad:b5:e4:8e:bb:92:98:00:8d:b9:19:96:4c:
                    8c:d3:e2:09:6f:7c:ba:13:b4:cb:a3:43:47:85:7a:
                    34:52:59:15:b2:51:74:a7:eb:d5:9f:df:c3:5b:5e:
                    ac:90:bb:31:fd:3b:b3:01:cf:4b:78:fa:af:52:d9:
                    f0:f7:bb:b8:fa:b0:75:77:27:6f:41:5d:f0:9b:dd:
                    45:99:9e:a4:bb:7a:a7:9d:8d:4f:3f:77:a1:fb:93:
                    0e:eb:47:9d:26:cf:1a:81:98:58:8f:89:bb:1f:8c:
                    2f:4b:9d:9b:51:16:13:23:c4:d9:2d:d4:a2:d9:ce:
                    8f:ee:5a:d3:fe:f0:a7:e3:25:1b:28:8d:78:48:98:
                    c1:0b:6f:8d:8f:0f:58:c9:e0:96:b7:b8:f6:52:40:
                    7e:f4:02:89:ac:0b:68:c2:3b:95:75:7e:fa:21:9a:
                    0c:00:b0:98:d5:0f:57:84:98:56:2e:37:a8:8a:6a:
                    bd:5d:cd:74:1e:45:74:86:a0:81:3e:d8:18:2d:cf:
                    18:51:a1:76:39:83:04:67:ba:f9:f1:8c:0c:3f:e7:
                    06:93:7d:b5:c5:2f:df:6d:75:7e:03:b3:67:a1:b6:
                    94:d5:bb:9c:9a:15:f2:30:19:18:89:51:76:0a:ae:
                    a6:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:40:A4:A0:C6:64:EF:B7:37:AD:23:71:16:78:69:A0:C7:01:14:E7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/651dabbc-ea96-4696-a874-5fa7163b0e4f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         78:d9:f2:63:59:b8:08:58:ca:58:8b:44:3c:eb:4e:bc:ee:90:
         a1:a8:05:ab:09:ff:1a:53:fb:56:63:43:18:05:65:83:cb:65:
         48:ab:31:ee:5b:c0:94:e7:cc:4e:2e:a1:69:1d:23:e9:60:e2:
         a2:61:1a:17:b6:29:c7:de:7d:e5:5f:33:56:d9:48:b5:9b:9b:
         40:ec:3b:96:c1:5e:7f:87:df:7a:ae:78:19:75:cb:1f:42:cb:
         3c:e1:e2:a9:fe:86:fd:47:c5:f4:d7:8b:cc:6b:12:e0:84:61:
         aa:6f:f9:ff:62:44:04:f6:33:d0:f5:3a:f6:f6:39:a0:68:9b:
         28:15:f8:b6:db:06:bc:51:e3:66:a1:55:e7:28:f3:9f:77:1d:
         91:52:0e:81:e9:77:42:a8:54:b0:bf:25:e1:31:e9:cd:40:99:
         b2:ef:eb:80:e0:c8:25:66:9e:3b:96:14:e3:0b:09:0a:96:93:
         4b:15:f9:2d:8b:6f:ff:81:5a:db:dc:ad:16:3e:e6:5b:d8:82:
         80:60:87:83:7d:fe:69:d4:15:c8:a1:45:88:c7:55:b3:4d:c9:
         d0:b8:16:e7:e1:fe:fa:9e:d0:0f:4e:eb:9c:40:4b:54:dd:11:
         25:93:9f:57:3b:69:f0:d1:3a:81:67:f9:00:15:8f:2d:ff:a8:
         f8:bf:39:57
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIidNFew9WGEw4yvs+rkhTl3z4pkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDQwMDAwMDBaFw0yNDA0MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ2MmFjNWM5MzZjODdjN2ExZDFlYWY4MDIxMTJhNTVmM2Y3ZjI4NDU3NjVi
NGU4NDZkMTU5Zjk3YjQwYTlkZDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKf4xyl2Gpo9lefmGJIKDDGtteSOu5KYAI25GZZMjNPiCW98uhO0y6NDR4V6
NFJZFbJRdKfr1Z/fw1terJC7Mf07swHPS3j6r1LZ8Pe7uPqwdXcnb0Fd8JvdRZme
pLt6p52NTz93ofuTDutHnSbPGoGYWI+Jux+ML0udm1EWEyPE2S3UotnOj+5a0/7w
p+MlGyiNeEiYwQtvjY8PWMnglre49lJAfvQCiawLaMI7lXV++iGaDACwmNUPV4SY
Vi43qIpqvV3NdB5FdIaggT7YGC3PGFGhdjmDBGe6+fGMDD/nBpN9tcUv3211fgOz
Z6G2lNW7nJoV8jAZGIlRdgqupokCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQAQKSg
xmTvtzetI3EWeGmgxwEU5zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjUxZGFiYmMtZWE5Ni00Njk2LWE4NzQtNWZhNzE2M2IwZTRmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HKQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB42fJjWbgIWMpYi0Q860687pChqAWrCf8aU/tW
Y0MYBWWDy2VIqzHuW8CU58xOLqFpHSPpYOKiYRoXtinH3n3lXzNW2Ui1m5tA7DuW
wV5/h996rngZdcsfQss84eKp/ob9R8X014vMaxLghGGqb/n/YkQE9jPQ9Tr29jmg
aJsoFfi22wa8UeNmoVXnKPOfdx2RUg6B6XdCqFSwvyXhMenNQJmy7+uA4MglZp47
lhTjCwkKlpNLFfkti2//gVrb3K0WPuZb2IKAYIeDff5p1BXIoUWIx1WzTcnQuBbn
4f76ntAPTuucQEtU3RElk59XO2nw0TqBZ/kAFY8t/6j4vzlX
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:26 2024 by rpki-client on console-fra.rpki-client.org