Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/904a13d7-baa1-4bc7-b805-601d0b998680.roa
File:                     904a13d7-baa1-4bc7-b805-601d0b998680.roa (raw, json)
Hash identifier:          YzWLOLvftDXAGCASCrWcZ4Z/AdaKjXEVvu8U9qrx9H0=
Subject key identifier:   27:45:93:15:04:0C:9E:89:31:92:00:2D:69:08:DC:47:D1:19:21:53
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       34F975E917DE0471995CDE7881B1AE753EE5D169
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/904a13d7-baa1-4bc7-b805-601d0b998680.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:f9:75:e9:17:de:04:71:99:5c:de:78:81:b1:ae:75:3e:e5:d1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=008b709ccb7a868fd99cea591e7b749180136aa3afc5e5448e2a1236a3379d2d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0a:5c:00:6a:a1:8c:ef:a0:29:fb:d7:44:74:
                    b0:9c:61:54:91:72:c1:4f:58:3d:1e:f5:0c:1e:52:
                    13:cd:6b:6d:1f:65:3a:f1:d9:b4:df:25:f2:2c:dc:
                    73:31:60:e8:bb:cb:6e:5b:0e:8b:07:35:90:f5:80:
                    e6:fa:02:c3:55:c2:a8:e8:34:25:60:4d:c9:ea:21:
                    85:cc:af:1a:41:1e:f5:0e:7d:78:d2:f8:09:c8:05:
                    68:8d:27:6b:2d:2c:b4:6d:26:62:db:ad:46:a0:d5:
                    5b:fb:78:15:88:d2:d9:7c:0f:c4:ae:34:e1:74:4e:
                    77:cd:0b:1d:f2:52:e0:4f:ab:46:82:19:3e:a5:d3:
                    fe:4d:80:bc:d5:7c:d7:3b:30:18:5e:18:df:4c:c6:
                    c5:4d:3a:af:b6:99:47:68:19:0f:ff:a8:ae:44:f8:
                    c1:8f:44:77:36:e7:62:cb:8b:76:c5:0f:e9:f7:54:
                    f4:bc:5e:6a:3e:39:45:31:54:72:18:bd:9f:28:71:
                    88:dc:3e:14:39:b3:64:62:ac:89:a9:3d:2d:f1:d0:
                    2b:5f:6f:2b:64:cc:94:44:c0:82:ec:fc:88:a7:ae:
                    f2:71:09:35:8d:10:8c:2f:ba:38:a2:9d:cc:d7:62:
                    90:8d:47:63:6a:86:70:7e:1a:c0:80:fa:52:81:91:
                    f8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:45:93:15:04:0C:9E:89:31:92:00:2D:69:08:DC:47:D1:19:21:53
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/904a13d7-baa1-4bc7-b805-601d0b998680.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         6b:98:ce:7f:4b:87:d3:cc:8d:25:43:85:d1:16:15:8b:e2:7c:
         d0:ba:8b:64:82:05:3c:d9:3b:4b:5f:25:40:fe:2b:da:3c:61:
         c0:67:c9:03:ca:46:74:bf:f2:47:1b:01:96:b4:15:d4:c9:1c:
         b0:18:61:7e:25:9e:ee:74:db:d9:c2:ed:9a:28:62:53:18:a6:
         48:a9:aa:a3:b0:93:1c:8d:7c:51:9e:7c:57:43:73:49:b4:ca:
         f5:00:43:2c:1a:1c:42:ec:ba:54:07:2d:60:d3:a9:30:9c:88:
         6a:bf:fb:92:f1:33:0d:ac:cd:65:38:db:02:68:65:a2:7d:48:
         d1:dd:c4:98:82:7e:30:00:4f:e1:fb:71:94:8c:fe:ef:3a:ae:
         30:7f:89:fa:2c:e3:f8:18:10:db:63:e6:44:40:9b:91:7f:8b:
         98:29:0d:36:2b:d9:fb:aa:9a:ed:e1:78:0d:d4:e6:3d:37:b3:
         ad:07:df:b2:c4:a9:fb:9e:38:4d:f8:ed:4f:d0:21:fe:86:28:
         5b:8e:e8:33:29:9f:fc:d1:d4:09:1b:a5:ee:1c:f5:49:d8:fc:
         66:83:92:0d:c6:2d:a2:e2:59:e7:6d:f6:a4:bb:4b:12:4b:17:
         fb:e1:fd:41:47:a5:3f:b3:a0:72:26:bb:89:96:7e:9d:e4:de:
         73:76:da:94
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNPl16RfeBHGZXN54gbGudT7l0WkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDAwOGI3MDljY2I3YTg2OGZkOTljZWE1OTFlN2I3NDkxODAxMzZhYTNhZmM1
ZTU0NDhlMmExMjM2YTMzNzlkMmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK8KXABqoYzvoCn710R0sJxhVJFywU9YPR71DB5SE81rbR9lOvHZtN8l8izc
czFg6LvLblsOiwc1kPWA5voCw1XCqOg0JWBNyeohhcyvGkEe9Q59eNL4CcgFaI0n
ay0stG0mYtutRqDVW/t4FYjS2XwPxK404XROd80LHfJS4E+rRoIZPqXT/k2AvNV8
1zswGF4Y30zGxU06r7aZR2gZD/+orkT4wY9EdzbnYsuLdsUP6fdU9Lxeaj45RTFU
chi9nyhxiNw+FDmzZGKsiak9LfHQK19vK2TMlETAguz8iKeu8nEJNY0QjC+6OKKd
zNdikI1HY2qGcH4awID6UoGR+LMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQnRZMV
BAyeiTGSAC1pCNxH0RkhUzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTA0YTEzZDctYmFhMS00YmM3LWI4MDUtNjAxZDBiOTk4NjgwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FCA
MA0GCSqGSIb3DQEBCwUAA4IBAQBrmM5/S4fTzI0lQ4XRFhWL4nzQuotkggU82TtL
XyVA/ivaPGHAZ8kDykZ0v/JHGwGWtBXUyRywGGF+JZ7udNvZwu2aKGJTGKZIqaqj
sJMcjXxRnnxXQ3NJtMr1AEMsGhxC7LpUBy1g06kwnIhqv/uS8TMNrM1lONsCaGWi
fUjR3cSYgn4wAE/h+3GUjP7vOq4wf4n6LOP4GBDbY+ZEQJuRf4uYKQ02K9n7qprt
4XgN1OY9N7OtB9+yxKn7njhN+O1P0CH+hihbjugzKZ/80dQJG6XuHPVJ2Pxmg5IN
xi2i4lnnbfaku0sSSxf74f1BR6U/s6ByJruJln6d5N5zdtqU
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:26 2024 by rpki-client on console-fra.rpki-client.org