Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a5c899e-1564-4329-8939-7004d7b754c8.roa
File:                     7a5c899e-1564-4329-8939-7004d7b754c8.roa (raw, json)
Hash identifier:          uxAUMYz3sA756itygnEvvs75VuzWAXu4xyAxpJuvaO8=
Subject key identifier:   A4:1B:2F:30:C2:B3:B4:53:C3:15:1E:0C:2C:C4:E1:B4:28:97:64:15
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       47EA0340FA8513262579429A3A07630A58687302
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a5c899e-1564-4329-8939-7004d7b754c8.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d071:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:ea:03:40:fa:85:13:26:25:79:42:9a:3a:07:63:0a:58:68:73:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=305649374ae8feae4dbec9559956e34162d278f16692c552da79c8395ecf3f7b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8a:03:ab:ec:57:84:b2:38:d7:27:8f:51:67:
                    f6:c7:71:4a:76:de:61:90:41:d5:9e:a4:26:a7:36:
                    91:9f:2d:1a:71:2a:17:ba:60:59:2c:fc:d9:f1:25:
                    8d:db:03:70:04:77:34:ed:88:55:6f:62:bd:09:8b:
                    0e:32:64:1d:91:64:8b:df:27:d8:c1:21:97:0c:cc:
                    cc:b2:9d:0e:2f:ad:09:62:d5:b3:60:17:9f:44:94:
                    e4:89:0b:85:ee:e7:10:f5:63:1e:5a:0b:42:44:44:
                    b2:72:3b:27:1f:5d:98:0f:a0:74:d3:69:7b:7a:2e:
                    2d:8e:5a:1d:90:fe:da:37:0e:fa:1a:85:c8:67:72:
                    b6:05:2b:5e:65:9a:82:31:55:31:d1:1e:1b:86:66:
                    0d:72:31:71:a4:83:a5:2f:cf:bd:bb:05:7e:b4:b9:
                    37:6a:16:1c:05:47:98:1d:2e:8e:e3:c2:4b:1f:e6:
                    d3:d2:ca:e4:0d:15:3d:43:a5:a5:97:75:f0:aa:c0:
                    61:11:52:27:b1:d5:07:43:83:c5:9b:75:aa:44:8d:
                    6e:c5:5e:ae:f9:b3:d1:25:e0:8c:15:41:56:53:ff:
                    82:e0:2f:14:c8:e7:91:32:5b:b4:fc:e7:d4:83:9e:
                    cb:8e:39:eb:e7:6f:a7:bb:dc:42:f3:63:eb:ed:98:
                    67:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:1B:2F:30:C2:B3:B4:53:C3:15:1E:0C:2C:C4:E1:B4:28:97:64:15
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a5c899e-1564-4329-8939-7004d7b754c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d071:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7c:ae:b6:69:3c:99:af:68:09:9e:8e:b8:80:a3:bd:d1:85:98:
         47:34:c9:a5:ea:c1:fb:90:98:58:68:e4:72:85:e0:5e:71:78:
         07:2f:fe:77:2d:48:a0:40:c8:55:f1:48:cf:33:14:50:70:9a:
         b1:ae:3f:a1:e6:5f:7f:7d:bf:37:cb:20:57:88:16:2d:43:57:
         95:ad:d1:04:0e:2d:8b:bc:2f:6c:fa:89:44:5e:cc:23:0a:15:
         ab:12:ab:6a:e4:50:44:21:a2:54:a0:38:26:f5:3f:fd:9b:c4:
         c1:bc:dd:19:6f:db:08:39:56:b5:05:da:ad:ec:02:82:a7:08:
         78:9d:01:3d:da:94:68:6a:96:57:e2:64:10:36:5f:c7:ec:3c:
         01:58:be:57:9f:30:21:9a:6b:52:2e:a7:01:d6:06:84:95:a6:
         8c:51:99:01:dc:a1:b6:14:dd:19:55:95:d0:4e:20:7f:a8:8c:
         89:95:6f:50:16:cc:82:4d:fb:35:91:cd:90:9b:f2:f6:a4:16:
         99:c9:3a:cf:40:76:56:49:8d:c8:01:bd:bc:e3:38:0f:e2:37:
         09:0b:46:41:0d:1e:8a:df:81:c1:c5:06:4c:df:7f:2d:84:23:
         65:a1:a7:92:24:4c:9a:b9:39:28:64:d3:a3:4f:b7:9c:de:80:
         e4:45:fc:a2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUR+oDQPqFEyYleUKaOgdjClhocwIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDMwNTY0OTM3NGFlOGZlYWU0ZGJlYzk1NTk5NTZlMzQxNjJkMjc4ZjE2Njky
YzU1MmRhNzljODM5NWVjZjNmN2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKuKA6vsV4SyONcnj1Fn9sdxSnbeYZBB1Z6kJqc2kZ8tGnEqF7pgWSz82fEl
jdsDcAR3NO2IVW9ivQmLDjJkHZFki98n2MEhlwzMzLKdDi+tCWLVs2AXn0SU5IkL
he7nEPVjHloLQkREsnI7Jx9dmA+gdNNpe3ouLY5aHZD+2jcO+hqFyGdytgUrXmWa
gjFVMdEeG4ZmDXIxcaSDpS/PvbsFfrS5N2oWHAVHmB0ujuPCSx/m09LK5A0VPUOl
pZd18KrAYRFSJ7HVB0ODxZt1qkSNbsVervmz0SXgjBVBVlP/guAvFMjnkTJbtPzn
1IOey4456+dvp7vcQvNj6+2YZ0ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSkGy8w
wrO0U8MVHgwsxOG0KJdkFTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2E1Yzg5OWUtMTU2NC00MzI5LTg5MzktNzAwNGQ3Yjc1NGM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB8rrZpPJmvaAmejriAo73RhZhHNMml6sH7kJhY
aORyheBecXgHL/53LUigQMhV8UjPMxRQcJqxrj+h5l9/fb83yyBXiBYtQ1eVrdEE
Di2LvC9s+olEXswjChWrEqtq5FBEIaJUoDgm9T/9m8TBvN0Zb9sIOVa1Bdqt7AKC
pwh4nQE92pRoapZX4mQQNl/H7DwBWL5XnzAhmmtSLqcB1gaElaaMUZkB3KG2FN0Z
VZXQTiB/qIyJlW9QFsyCTfs1kc2Qm/L2pBaZyTrPQHZWSY3IAb284zgP4jcJC0ZB
DR6K34HBxQZM338thCNloaeSJEyauTkoZNOjT7ec3oDkRfyi
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:26 2024 by rpki-client on console-fra.rpki-client.org