Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8cff39e2-e2f0-442f-b54d-fb69deeea22b.roa
File:                     8cff39e2-e2f0-442f-b54d-fb69deeea22b.roa (raw, json)
Hash identifier:          XZJS4YYEb47pP0QjAZ70sH379VIn0Ci012rgYTzGggM=
Subject key identifier:   9D:AC:3F:85:A2:AE:36:49:13:C1:96:2E:E8:75:56:15:7E:72:4C:8A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       08294E35197CC63AEEFE3E8739CCA9255B456EFF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8cff39e2-e2f0-442f-b54d-fb69deeea22b.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d079:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:29:4e:35:19:7c:c6:3a:ee:fe:3e:87:39:cc:a9:25:5b:45:6e:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=9850029173b315b54aedeaba93c9e2919c1d2ce317dc7fcd80680b7077b0e27b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2e:31:7b:c9:53:4b:9e:17:96:4f:51:1f:71:
                    95:4d:ad:1a:be:23:f3:09:48:7c:f9:5d:0b:16:94:
                    6b:10:88:1c:0b:eb:84:78:ab:19:e6:3f:b6:8f:c1:
                    b0:5f:3a:bd:63:fc:2f:b8:08:62:b1:ed:9f:09:c0:
                    df:ea:c0:f1:7d:12:87:19:ff:e9:e1:26:41:a1:8c:
                    c6:a5:d7:81:3c:ea:52:81:6c:eb:42:e1:ca:09:3a:
                    a8:96:df:1a:fa:55:86:c6:c7:e2:a5:cb:59:27:d5:
                    f4:93:76:d6:09:14:48:d3:64:4c:16:0d:1c:f8:fe:
                    b7:85:88:f7:a9:f4:10:b7:24:8c:41:a2:99:a6:12:
                    e1:df:b5:12:08:e9:4b:39:3e:ae:34:6e:de:8d:10:
                    d9:93:a5:af:8c:20:4a:fc:3a:98:31:89:13:58:cb:
                    45:43:37:16:2f:ca:54:76:a5:33:fb:02:74:46:b6:
                    ad:3a:97:c9:d3:3c:72:11:a0:d3:38:04:d4:37:ce:
                    cc:e2:1f:d9:f1:3f:03:33:23:e6:88:e8:88:d0:91:
                    7c:a2:25:cd:33:77:2b:7c:f4:18:79:b0:b6:32:c0:
                    05:f0:60:78:03:f1:96:1a:71:2e:d9:e6:0a:ae:74:
                    b1:31:21:dc:4f:8a:3a:42:94:6c:4d:61:ac:93:ea:
                    37:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:AC:3F:85:A2:AE:36:49:13:C1:96:2E:E8:75:56:15:7E:72:4C:8A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8cff39e2-e2f0-442f-b54d-fb69deeea22b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d079:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b4:64:eb:00:b7:f0:48:24:ea:02:06:14:3f:cc:7f:fd:ec:91:
         98:e1:5d:0b:d1:d7:90:7d:44:eb:e4:f1:18:a7:18:71:34:8f:
         a6:69:56:68:35:90:cd:00:1e:57:c6:3c:b3:db:5e:45:ad:c7:
         74:c1:7e:ac:2a:8a:e2:aa:e1:d8:c2:91:dc:b6:26:7b:3e:c7:
         61:52:99:1b:f8:a8:4e:cc:11:d0:bb:15:b1:c0:ac:ff:1a:8d:
         76:80:4d:88:a5:30:b5:47:3e:8a:13:be:2d:85:c7:b2:8e:37:
         cc:c3:ef:6d:55:03:63:a4:c6:bb:95:44:5e:42:62:5f:d5:4d:
         f0:0d:a1:cb:64:96:a9:03:2c:5f:50:d0:ee:a3:9e:49:1f:52:
         aa:2a:c3:f0:61:65:e9:c1:c4:04:19:5a:54:44:b1:91:88:1a:
         1d:ce:85:35:0b:e4:90:a6:43:4d:89:d3:8f:4c:38:71:ef:02:
         c0:eb:2c:78:72:1e:98:63:ec:67:1d:25:69:fe:08:a2:a1:16:
         90:40:f7:cb:f9:15:dc:a1:38:11:1e:8b:33:7f:36:d9:76:e1:
         d4:4c:68:43:9c:7d:21:52:10:e2:7e:df:e5:bf:c5:55:49:be:
         5e:a3:88:d1:f2:32:05:2e:4a:49:a1:5f:a5:1e:13:a3:2e:65:
         5a:7c:32:c3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCClONRl8xjru/j6HOcypJVtFbv8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDk4NTAwMjkxNzNiMzE1YjU0YWVkZWFiYTkzYzllMjkxOWMxZDJjZTMxN2Rj
N2ZjZDgwNjgwYjcwNzdiMGUyN2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMAuMXvJU0ueF5ZPUR9xlU2tGr4j8wlIfPldCxaUaxCIHAvrhHirGeY/to/B
sF86vWP8L7gIYrHtnwnA3+rA8X0Shxn/6eEmQaGMxqXXgTzqUoFs60Lhygk6qJbf
GvpVhsbH4qXLWSfV9JN21gkUSNNkTBYNHPj+t4WI96n0ELckjEGimaYS4d+1Egjp
Szk+rjRu3o0Q2ZOlr4wgSvw6mDGJE1jLRUM3Fi/KVHalM/sCdEa2rTqXydM8chGg
0zgE1DfOzOIf2fE/AzMj5ojoiNCRfKIlzTN3K3z0GHmwtjLABfBgeAPxlhpxLtnm
Cq50sTEh3E+KOkKUbE1hrJPqN8sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSdrD+F
oq42SRPBli7odVYVfnJMijAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGNmZjM5ZTItZTJmMC00NDJmLWI1NGQtZmI2OWRlZWVhMjJiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hkg
MA0GCSqGSIb3DQEBCwUAA4IBAQC0ZOsAt/BIJOoCBhQ/zH/97JGY4V0L0deQfUTr
5PEYpxhxNI+maVZoNZDNAB5Xxjyz215Frcd0wX6sKoriquHYwpHctiZ7PsdhUpkb
+KhOzBHQuxWxwKz/Go12gE2IpTC1Rz6KE74thceyjjfMw+9tVQNjpMa7lUReQmJf
1U3wDaHLZJapAyxfUNDuo55JH1KqKsPwYWXpwcQEGVpURLGRiBodzoU1C+SQpkNN
idOPTDhx7wLA6yx4ch6YY+xnHSVp/giioRaQQPfL+RXcoTgRHoszfzbZduHUTGhD
nH0hUhDift/lv8VVSb5eo4jR8jIFLkpJoV+lHhOjLmVafDLD
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:30 2024 by rpki-client on console-ams.rpki-client.org