Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e492412-994d-4c48-a29e-9082ebce3349.roa
File:                     8e492412-994d-4c48-a29e-9082ebce3349.roa (raw, json)
Hash identifier:          Kkdorpqp1iyPRS4fySaxGkw/w1swnuekX8ZFH0leWNc=
Subject key identifier:   FE:26:2D:C3:67:8C:33:3E:7E:BF:B3:A2:8A:DC:FA:F6:60:F4:68:5E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       441AD60E0CB12A6184D19D2D381B0272C77DBCEF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e492412-994d-4c48-a29e-9082ebce3349.roa
Signing time:             Fri 15 Nov 2024 00:00:00 +0000
ROA not before:           Fri 15 Nov 2024 00:00:00 +0000
ROA not after:            Fri 20 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07a:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Dec 2024 15:18:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:1a:d6:0e:0c:b1:2a:61:84:d1:9d:2d:38:1b:02:72:c7:7d:bc:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Nov 15 00:00:00 2024 GMT
            Not After : Dec 20 23:59:59 2024 GMT
        Subject: serialNumber=311ab24477a62cc4104a81ee6466a9f18aed6c27fdda424da6043cd07e549e50, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ee:96:6b:bd:4a:6d:0f:3c:ed:62:15:7c:45:
                    d6:c8:de:4b:32:41:e2:0b:78:46:4e:7b:07:63:71:
                    2b:3e:19:d3:db:53:42:96:b3:3d:b7:38:15:c0:e7:
                    00:de:bf:3d:00:c8:90:1c:c1:e5:85:70:e7:ae:55:
                    16:17:44:a6:18:81:62:aa:00:3b:16:35:de:7e:19:
                    a1:f1:66:a8:ce:20:be:59:dd:b6:e2:cf:72:7d:6f:
                    d7:99:2e:3d:03:f1:46:cc:00:0d:60:0a:5e:bb:36:
                    4b:47:ab:35:7c:c4:4b:de:ea:7c:b5:9b:3b:f7:11:
                    7b:5a:15:75:88:66:0e:df:7e:7d:a2:26:0a:06:38:
                    53:9b:5e:a9:f9:e0:45:21:10:30:a1:01:1b:39:1a:
                    2a:91:07:6e:0b:2c:47:13:36:fa:1d:c4:c9:f7:11:
                    72:ab:1a:9d:a4:10:e4:a1:02:c2:8b:c7:0b:e9:07:
                    1f:91:d2:80:78:ac:6b:ad:cc:e9:40:33:5b:77:48:
                    24:af:7c:8a:37:1c:11:f0:76:ea:82:d5:3f:70:b7:
                    f6:36:ec:c5:ed:64:f0:9f:19:27:be:ba:c6:79:d9:
                    eb:ff:86:9d:a4:4b:4f:17:f6:17:6e:8c:d0:37:0d:
                    a6:6a:43:90:8c:72:0d:17:9e:95:7c:a2:d6:29:6d:
                    77:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:26:2D:C3:67:8C:33:3E:7E:BF:B3:A2:8A:DC:FA:F6:60:F4:68:5E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e492412-994d-4c48-a29e-9082ebce3349.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07a:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b1:5c:af:9e:93:44:eb:52:4f:87:95:cf:89:8b:96:6d:fc:7c:
         85:0a:27:f9:e0:12:6e:b9:74:1f:2a:a1:78:83:fa:cf:c8:42:
         ff:70:ed:e9:d0:5d:3f:d2:71:61:00:a6:45:cc:53:24:f5:34:
         98:94:02:e2:06:5e:f3:c9:57:2c:67:7f:cf:18:b6:b6:a4:66:
         5e:7f:1e:ff:35:ed:2e:70:62:f7:2f:2b:c4:b5:26:11:34:4c:
         0a:4f:49:05:79:ed:aa:0a:44:53:6a:c5:49:d8:11:34:7b:47:
         aa:4e:b4:e0:31:4a:3b:b0:da:b0:f0:a6:25:5d:39:0f:cd:1e:
         f0:e2:d5:1c:1f:d2:60:00:59:d0:cf:ad:16:73:ac:77:c6:22:
         f3:3b:e5:8d:ef:d5:ae:42:75:f1:7a:a9:35:d4:04:73:2b:d2:
         e7:8d:90:d3:c3:3c:9b:17:10:6a:c8:29:fe:38:48:91:af:74:
         9a:95:df:e6:c5:e1:f9:08:61:0f:09:b5:e2:47:6f:53:27:64:
         eb:24:07:b5:78:c3:ec:22:cd:ac:cd:75:6e:0e:8d:49:e5:9c:
         4d:5f:21:6a:43:51:f3:e4:54:2a:31:2b:2c:72:c1:88:47:eb:
         cd:80:42:ec:37:07:28:1f:65:50:fc:a5:16:e1:5c:91:18:2c:
         4f:13:fb:93
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURBrWDgyxKmGE0Z0tOBsCcsd9vO8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDExMTUwMDAwMDBaFw0yNDEyMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDMxMWFiMjQ0NzdhNjJjYzQxMDRhODFlZTY0NjZhOWYxOGFlZDZjMjdmZGRh
NDI0ZGE2MDQzY2QwN2U1NDllNTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJTulmu9Sm0PPO1iFXxF1sjeSzJB4gt4Rk57B2NxKz4Z09tTQpazPbc4FcDn
AN6/PQDIkBzB5YVw565VFhdEphiBYqoAOxY13n4ZofFmqM4gvlndtuLPcn1v15ku
PQPxRswADWAKXrs2S0erNXzES97qfLWbO/cRe1oVdYhmDt9+faImCgY4U5teqfng
RSEQMKEBGzkaKpEHbgssRxM2+h3EyfcRcqsanaQQ5KECwovHC+kHH5HSgHisa63M
6UAzW3dIJK98ijccEfB26oLVP3C39jbsxe1k8J8ZJ766xnnZ6/+GnaRLTxf2F26M
0DcNpmpDkIxyDReelXyi1iltdxMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT+Ji3D
Z4wzPn6/s6KK3Pr2YPRoXjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGU0OTI0MTItOTk0ZC00YzQ4LWEyOWUtOTA4MmViY2UzMzQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HqA
MA0GCSqGSIb3DQEBCwUAA4IBAQCxXK+ek0TrUk+Hlc+Ji5Zt/HyFCif54BJuuXQf
KqF4g/rPyEL/cO3p0F0/0nFhAKZFzFMk9TSYlALiBl7zyVcsZ3/PGLa2pGZefx7/
Ne0ucGL3LyvEtSYRNEwKT0kFee2qCkRTasVJ2BE0e0eqTrTgMUo7sNqw8KYlXTkP
zR7w4tUcH9JgAFnQz60Wc6x3xiLzO+WN79WuQnXxeqk11ARzK9LnjZDTwzybFxBq
yCn+OEiRr3Sald/mxeH5CGEPCbXiR29TJ2TrJAe1eMPsIs2szXVuDo1J5ZxNXyFq
Q1Hz5FQqMSsscsGIR+vNgELsNwcoH2VQ/KUW4VyRGCxPE/uT
-----END CERTIFICATE-----
Generated at Mon Dec 9 19:56:33 2024 by rpki-client on console-fra.rpki-client.org