Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8015fdc4-e79d-4400-a786-c70ab3f10d2d.roa
File:                     8015fdc4-e79d-4400-a786-c70ab3f10d2d.roa (raw, json)
Hash identifier:          vYjAw1pJxQtNpAL6SYnie4KJd3ZeqXvz0T8e5+YslRM=
Subject key identifier:   74:F6:FE:98:E1:5E:B1:49:90:56:35:DE:41:DB:9D:47:0B:81:D3:37
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0975D95DD015E968727E36E3AE017E35BAF51C19
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8015fdc4-e79d-4400-a786-c70ab3f10d2d.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d028::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Sep 2023 14:37:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:75:d9:5d:d0:15:e9:68:72:7e:36:e3:ae:01:7e:35:ba:f5:1c:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=44af09e4182b0bbfd134e9c442c8443967ef5bf2f61057a6bade2fdf6ca60ffc, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:17:5e:b7:aa:db:92:26:d4:ad:be:13:86:a6:
                    77:64:8d:d0:b7:5d:31:5b:49:a4:00:9b:bd:64:a4:
                    b9:c6:15:95:92:4c:f6:19:7a:59:44:cf:2a:d3:e7:
                    23:21:62:e1:d9:08:e9:a1:18:04:7c:42:a0:91:86:
                    69:d6:8f:8e:39:71:4b:ff:5d:66:b5:44:74:d2:8c:
                    9f:dd:7a:8c:54:1e:e4:91:3e:2c:67:78:b9:0e:23:
                    51:39:ed:e0:b9:5a:d1:41:75:bf:52:29:94:d1:d5:
                    88:e2:41:7e:b4:21:f1:28:4c:ab:d3:2b:15:20:66:
                    bc:e4:5a:4a:c1:85:6d:99:75:e6:14:49:f9:fd:03:
                    85:a5:96:64:f8:d2:81:36:ab:33:3b:75:fd:97:03:
                    e5:74:fa:d7:d6:78:3e:7c:72:84:e8:83:20:e4:45:
                    3a:ab:47:c2:a3:3e:be:f3:72:2e:32:41:33:82:54:
                    30:0c:50:11:28:b8:01:84:11:f4:f2:c8:8e:b1:3d:
                    3d:e8:ae:fb:d5:8b:5d:7d:6b:54:bd:71:8c:91:5e:
                    9d:54:76:34:d2:a4:9a:94:2b:ad:33:fe:78:56:6f:
                    e3:26:ae:4b:58:eb:a2:93:ad:d6:db:d1:f5:c2:79:
                    08:88:b2:69:4c:11:31:4b:89:44:2c:9e:89:07:e4:
                    f3:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F6:FE:98:E1:5E:B1:49:90:56:35:DE:41:DB:9D:47:0B:81:D3:37
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8015fdc4-e79d-4400-a786-c70ab3f10d2d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d028::/36

    Signature Algorithm: sha256WithRSAEncryption
         95:12:5d:9d:2c:57:6c:4b:cd:82:72:d1:93:f8:bc:94:08:c4:
         43:8e:ef:07:3e:c8:dd:5f:75:2b:21:fa:20:fd:03:fc:7d:75:
         ec:5a:ac:9b:5d:22:4d:9d:c4:13:07:d4:63:63:8a:9e:70:0c:
         3b:2c:34:79:b4:f1:17:06:4a:5b:b3:d2:f7:13:39:30:7f:fc:
         31:ec:07:40:91:7f:31:7a:5a:1b:f9:d2:d4:1c:cc:5a:a6:8d:
         e5:ad:ed:b5:78:06:cc:fc:1f:b3:d7:48:4d:15:a6:9a:c6:2f:
         87:18:d0:35:26:7f:86:28:bf:9d:ae:0a:d1:e4:87:a4:75:a0:
         19:70:49:fe:cf:d5:6b:c6:28:36:bc:68:29:6a:0e:c5:29:f4:
         dd:39:03:90:19:ba:48:7b:06:d4:e4:74:19:ae:9e:a5:61:61:
         8f:c9:44:ad:37:3a:b0:0c:43:68:45:28:71:f5:f4:fa:7c:58:
         e4:be:d4:00:75:cf:07:8f:2b:0e:a9:cd:4a:60:32:ae:25:88:
         f1:3a:a7:cd:9b:11:0a:5e:25:e4:ec:8a:82:4e:46:88:19:56:
         c1:5c:fa:16:fd:c4:7d:32:14:f3:38:7b:eb:5b:1e:16:a8:85:
         3a:69:56:59:11:03:c1:7c:17:4a:13:32:c6:e9:b8:9d:71:ab:
         7b:6c:8a:e8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCXXZXdAV6WhyfjbjrgF+Nbr1HBkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzA5MTEwMDAwMDBaFw0yMzEwMTYyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0YWYwOWU0MTgyYjBiYmZkMTM0ZTljNDQyYzg0NDM5NjdlZjViZjJmNjEw
NTdhNmJhZGUyZmRmNmNhNjBmZmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALkXXreq25Im1K2+E4amd2SN0LddMVtJpACbvWSkucYVlZJM9hl6WUTPKtPn
IyFi4dkI6aEYBHxCoJGGadaPjjlxS/9dZrVEdNKMn916jFQe5JE+LGd4uQ4jUTnt
4Lla0UF1v1IplNHViOJBfrQh8ShMq9MrFSBmvORaSsGFbZl15hRJ+f0DhaWWZPjS
gTarMzt1/ZcD5XT619Z4PnxyhOiDIORFOqtHwqM+vvNyLjJBM4JUMAxQESi4AYQR
9PLIjrE9Peiu+9WLXX1rVL1xjJFenVR2NNKkmpQrrTP+eFZv4yauS1jropOt1tvR
9cJ5CIiyaUwRMUuJRCyeiQfk8/0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR09v6Y
4V6xSZBWNd5B251HC4HTNzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODAxNWZkYzQtZTc5ZC00NDAwLWE3ODYtYzcwYWIzZjEwZDJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CgA
MA0GCSqGSIb3DQEBCwUAA4IBAQCVEl2dLFdsS82CctGT+LyUCMRDju8HPsjdX3Ur
Ifog/QP8fXXsWqybXSJNncQTB9RjY4qecAw7LDR5tPEXBkpbs9L3Ezkwf/wx7AdA
kX8xelob+dLUHMxapo3lre21eAbM/B+z10hNFaaaxi+HGNA1Jn+GKL+drgrR5Iek
daAZcEn+z9Vrxig2vGgpag7FKfTdOQOQGbpIewbU5HQZrp6lYWGPyUStNzqwDENo
RShx9fT6fFjkvtQAdc8HjysOqc1KYDKuJYjxOqfNmxEKXiXk7IqCTkaIGVbBXPoW
/cR9MhTzOHvrWx4WqIU6aVZZEQPBfBdKEzLG6bidcat7bIro
-----END CERTIFICATE-----
Generated at Mon Sep 11 16:40:26 2023 by rpki-client on console-ams.rpki-client.org