Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8015fdc4-e79d-4400-a786-c70ab3f10d2d.roa
File:                     8015fdc4-e79d-4400-a786-c70ab3f10d2d.roa (raw, json)
Hash identifier:          ANEsCgvSGrz5tVdga6EDzq2Oa5VDNFG1h3alLzglOHY=
Subject key identifier:   DF:42:C1:D9:97:6C:41:26:46:38:20:ED:5F:07:0D:0D:8A:EE:71:62
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       720388EAECCC0173AA1FB6D60210343157A5D045
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8015fdc4-e79d-4400-a786-c70ab3f10d2d.roa
Signing time:             Sun 19 Mar 2023 00:00:00 +0000
ROA not before:           Sun 19 Mar 2023 00:00:00 +0000
ROA not after:            Sun 23 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d028::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Mar 2023 08:58:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:03:88:ea:ec:cc:01:73:aa:1f:b6:d6:02:10:34:31:57:a5:d0:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 19 00:00:00 2023 GMT
            Not After : Apr 23 23:59:59 2023 GMT
        Subject: serialNumber=7bf5fbfb6f960e6a0c89fa606cbd11dbce2f506c430ca448cd9016c92fea2dcd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c6:84:19:10:35:f1:b9:87:3d:82:60:ae:a1:
                    44:a1:0b:98:d9:c4:62:2e:a2:62:76:20:4d:d9:36:
                    89:04:1d:50:a2:82:60:97:3f:25:23:4d:86:55:0a:
                    fe:c5:b0:46:64:8c:cb:71:0b:04:b7:12:fe:b3:e6:
                    63:61:e7:ca:85:63:0f:99:db:d9:c8:14:3c:f9:c5:
                    33:b2:f5:16:51:ec:05:87:6a:2c:5b:84:fe:c1:2e:
                    c7:54:15:1a:85:96:fc:59:25:38:33:f2:63:5b:6d:
                    89:a8:e4:49:8e:eb:05:c4:51:ef:c9:3c:bf:9a:34:
                    5a:48:7a:f7:a0:19:53:bc:bd:8b:17:37:94:52:25:
                    ea:5d:a5:3f:6d:dc:cb:b9:e8:48:f7:c4:b6:9a:00:
                    0d:84:81:36:b9:62:bd:bf:f6:bd:6f:9d:96:4c:68:
                    e1:cc:2a:fe:3d:0a:be:c5:87:87:38:e0:9b:a3:f7:
                    ed:7f:83:72:62:68:2f:1d:40:6d:32:f3:22:91:a3:
                    70:a8:da:9b:9c:de:77:fa:a7:95:fb:e4:f2:34:ec:
                    8b:de:21:77:57:bb:b6:55:48:ee:64:74:ec:0b:58:
                    86:aa:19:18:64:36:f2:3b:55:27:ea:a2:4a:d0:a2:
                    42:35:36:a8:be:10:82:03:55:79:d5:8c:1c:27:7c:
                    b9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                DF:42:C1:D9:97:6C:41:26:46:38:20:ED:5F:07:0D:0D:8A:EE:71:62
            X509v3 Authority Key Identifier: 
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8015fdc4-e79d-4400-a786-c70ab3f10d2d.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d028::/36

    Signature Algorithm: sha256WithRSAEncryption
         60:d9:93:a6:8b:95:de:79:f2:7b:63:0b:39:af:7a:a8:cd:52:
         51:85:bb:3c:3d:0e:6f:bf:49:fd:6d:ab:51:6c:2a:ff:67:79:
         b2:08:04:19:1b:29:71:c1:67:a6:97:5e:8b:d7:29:16:67:ba:
         58:d8:5e:20:9b:58:fa:59:06:94:51:fd:ed:1a:7b:b8:27:b8:
         07:d7:91:22:f6:53:db:c8:11:1a:6b:f1:7c:33:4a:9d:e4:11:
         b0:17:50:cc:55:f7:a7:70:c2:57:c6:68:ec:6b:6b:b7:c6:25:
         87:51:ec:63:f2:0e:9e:22:2e:e0:ed:88:04:bf:ff:ae:7a:cd:
         ef:45:b5:7f:32:c4:fc:c4:0e:49:3d:df:a0:f7:c1:16:8d:65:
         75:d3:1b:9d:1f:7e:8f:7b:1d:e8:05:45:fd:71:aa:52:04:8c:
         98:62:d2:d5:d1:b6:6a:2a:1f:2e:9c:cf:2d:00:36:1a:a7:79:
         8e:fe:13:38:68:d6:21:7c:33:dd:42:c1:6e:f0:bf:f5:ab:8c:
         df:81:20:a1:f8:dc:af:78:a4:5f:30:e4:75:fe:0d:a2:ad:48:
         29:9e:b2:90:e6:f2:0b:92:d2:ae:32:aa:79:d6:43:e5:38:c7:
         16:c1:c8:0f:79:33:23:83:36:74:9d:79:c1:d6:e4:d7:e5:59:
         cb:6b:d8:d1
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIUcgOI6uzMAXOqH7bWAhA0MVel0EUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzAzMTkwMDAwMDBaFw0yMzA0MjMyMzU5NTlaMIGlMUkwRwYD
VQQFE0A3YmY1ZmJmYjZmOTYwZTZhMGM4OWZhNjA2Y2JkMTFkYmNlMmY1MDZjNDMw
Y2E0NDhjZDkwMTZjOTJmZWEyZGNkMS0wKwYDVQQDEyQ2NjE1YTM4Yi0zYWQ3LTQ3
YjctOGZiMi02ODVjMzhkMDA5MTQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
nsaEGRA18bmHPYJgrqFEoQuY2cRiLqJidiBN2TaJBB1QooJglz8lI02GVQr+xbBG
ZIzLcQsEtxL+s+ZjYefKhWMPmdvZyBQ8+cUzsvUWUewFh2osW4T+wS7HVBUahZb8
WSU4M/JjW22JqORJjusFxFHvyTy/mjRaSHr3oBlTvL2LFzeUUiXqXaU/bdzLuehI
98S2mgANhIE2uWK9v/a9b52WTGjhzCr+PQq+xYeHOOCbo/ftf4NyYmgvHUBtMvMi
kaNwqNqbnN53+qeV++TyNOyL3iF3V7u2VUjuZHTsC1iGqhkYZDbyO1Un6qJK0KJC
NTaovhCCA1V51YwcJ3y5kQIDAQABo4ICIzCCAh8wHQYDVR0OBBYEFN9CwdmXbEEm
Rjgg7V8HDQ2K7nFiMB8GA1UdIwQYMBaAFItiY9vpeZ3WeT4OiCrSHLSEmXC8MA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvaTJKajItbDVuZFo1
UGc2SUt0SWN0SVNaY0x3LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lL2RiYThmMDFjLTk2NjktNDRhMy1hYzZlLWRiMmVkYjA5OWI4NC84MDE1
ZmRjNC1lNzlkLTQ0MDAtYTc4Ni1jNzBhYjNmMTBkMmQucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
dU9EYXRkdFljMUhyaHRVUVZReXJESzA4R2VJLmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgXQKAAwDQYJ
KoZIhvcNAQELBQADggEBAGDZk6aLld558ntjCzmveqjNUlGFuzw9Dm+/Sf1tq1Fs
Kv9nebIIBBkbKXHBZ6aXXovXKRZnuljYXiCbWPpZBpRR/e0ae7gnuAfXkSL2U9vI
ERpr8XwzSp3kEbAXUMxV96dwwlfGaOxra7fGJYdR7GPyDp4iLuDtiAS//656ze9F
tX8yxPzEDkk936D3wRaNZXXTG50ffo97HegFRf1xqlIEjJhi0tXRtmoqHy6czy0A
NhqneY7+Ezho1iF8M91CwW7wv/WrjN+BIKH43K94pF8w5HX+DaKtSCmespDm8guS
0q4yqnnWQ+U4xxbByA95MyODNnSdecHW5NflWctr2NE=
-----END CERTIFICATE-----
Generated at Sun Mar 19 16:19:40 2023 by rpki-client on console-fra.rpki-client.org