Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
File:                     90bd72ba-b30d-4433-a47e-e0543a4ea451.roa (raw, json)
Hash identifier:          CaVHskIEASeuxjqPaO7ZdWoGi4UzpGqB0LS/yonq2jI=
Subject key identifier:   6B:5B:7B:B9:9D:E5:3A:85:0D:0A:77:25:90:EC:B6:17:3D:9B:7C:12
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       37893F5D99CCB0A30FE98159F1BDEAAA8481FBFA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
Signing time:             Fri 29 Mar 2024 00:00:00 +0000
ROA not before:           Fri 29 Mar 2024 00:00:00 +0000
ROA not after:            Fri 03 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:89:3f:5d:99:cc:b0:a3:0f:e9:81:59:f1:bd:ea:aa:84:81:fb:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 29 00:00:00 2024 GMT
            Not After : May  3 23:59:59 2024 GMT
        Subject: serialNumber=b28032b7c2c6457260b7afed54bcc787adcf7a16a0d5636a4a128ee83ae2740e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9e:a1:68:26:9e:81:d6:01:f6:bc:19:ee:9f:
                    d8:55:87:96:a3:d2:f9:5e:fd:a8:84:2b:5c:b6:e7:
                    33:ce:59:bb:68:47:d9:0a:f1:eb:47:c7:17:b1:f6:
                    d7:0c:61:1a:17:cb:a1:b6:5e:47:5e:85:da:df:3a:
                    d0:bf:52:7e:64:43:46:bf:16:34:89:f2:38:6d:fc:
                    de:1b:d4:09:15:b1:e1:42:94:93:cc:43:d7:74:f6:
                    1d:22:8e:a2:5e:da:ff:82:e1:9a:55:df:c1:fc:1f:
                    10:3a:b7:fd:b7:81:d4:d7:bd:11:c3:67:57:4c:14:
                    22:56:73:83:6a:2f:e8:47:0c:9f:7f:7d:7e:71:22:
                    42:7f:7f:a1:d3:d6:78:48:cd:88:60:b7:e4:45:17:
                    70:8a:87:a2:45:72:51:03:db:b9:0b:53:70:64:b9:
                    97:53:ff:31:7c:e2:6e:dc:71:8e:17:1b:2b:dc:51:
                    a3:97:96:5a:b3:80:94:7c:35:05:f1:f1:d2:c2:f1:
                    01:04:a9:46:17:cd:34:5b:cc:fd:09:7d:ef:46:48:
                    3d:5d:cb:7a:ad:98:5e:f1:d5:3e:58:6d:f7:80:70:
                    2a:ce:92:b5:58:43:74:f6:33:f5:5a:f8:0e:2c:44:
                    a3:20:06:e3:71:f6:32:e1:55:b7:2f:d1:95:06:81:
                    27:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:5B:7B:B9:9D:E5:3A:85:0D:0A:77:25:90:EC:B6:17:3D:9B:7C:12
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:b6:e6:cb:9f:32:a2:8e:20:ed:bf:94:5f:b6:25:32:7e:72:
         d7:e9:18:e7:3e:99:f5:23:71:19:0f:73:59:2e:c1:38:22:6b:
         1d:cf:08:cb:7d:4c:20:d0:cb:0e:49:96:de:d0:39:ac:08:a7:
         29:03:16:e0:4a:7b:f6:c8:bf:28:52:64:77:e2:00:4c:fd:57:
         27:6c:f5:33:8b:2c:8b:22:e7:fb:8f:24:c5:dd:10:74:ec:97:
         54:7f:0f:07:36:6c:67:ed:4f:3f:cc:5e:87:4c:39:35:9f:cb:
         3d:b7:fa:a3:16:b8:dd:c1:12:03:4b:5b:1e:7b:89:ac:62:4c:
         b5:2f:7d:20:ae:c6:52:f0:2f:0d:b7:34:d7:98:79:44:3a:3c:
         95:f5:02:6e:c7:79:a3:17:a1:95:d7:56:81:80:af:2c:d3:50:
         59:f7:fb:60:30:98:b3:6e:3e:81:e6:2b:f1:1d:60:aa:cb:f1:
         9b:da:2b:7e:4a:d8:3b:f3:ea:36:cc:b3:4a:4b:51:35:7c:e4:
         93:46:d6:cc:43:21:02:7a:95:d8:30:ea:72:4c:23:bb:23:e9:
         84:6c:d6:c8:b6:f2:df:30:42:2a:8f:9f:0c:be:c1:de:e4:37:
         fe:9c:2e:db:48:c7:96:f2:6c:09:ff:57:89:39:0f:09:0c:fa:
         2d:b5:14:57
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUN4k/XZnMsKMP6YFZ8b3qqoSB+/owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMjkwMDAwMDBaFw0yNDA1MDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGIyODAzMmI3YzJjNjQ1NzI2MGI3YWZlZDU0YmNjNzg3YWRjZjdhMTZhMGQ1
NjM2YTRhMTI4ZWU4M2FlMjc0MGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMSeoWgmnoHWAfa8Ge6f2FWHlqPS+V79qIQrXLbnM85Zu2hH2Qrx60fHF7H2
1wxhGhfLobZeR16F2t860L9SfmRDRr8WNInyOG383hvUCRWx4UKUk8xD13T2HSKO
ol7a/4LhmlXfwfwfEDq3/beB1Ne9EcNnV0wUIlZzg2ov6EcMn399fnEiQn9/odPW
eEjNiGC35EUXcIqHokVyUQPbuQtTcGS5l1P/MXzibtxxjhcbK9xRo5eWWrOAlHw1
BfHx0sLxAQSpRhfNNFvM/Ql970ZIPV3Leq2YXvHVPlht94BwKs6StVhDdPYz9Vr4
DixEoyAG43H2MuFVty/RlQaBJ28CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRrW3u5
neU6hQ0KdyWQ7LYXPZt8EjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTBiZDcyYmEtYjMwZC00NDMzLWE0N2UtZTA1NDNhNGVhNDUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTg
MA0GCSqGSIb3DQEBCwUAA4IBAQANtubLnzKijiDtv5RftiUyfnLX6RjnPpn1I3EZ
D3NZLsE4ImsdzwjLfUwg0MsOSZbe0DmsCKcpAxbgSnv2yL8oUmR34gBM/VcnbPUz
iyyLIuf7jyTF3RB07JdUfw8HNmxn7U8/zF6HTDk1n8s9t/qjFrjdwRIDS1see4ms
Yky1L30grsZS8C8NtzTXmHlEOjyV9QJux3mjF6GV11aBgK8s01BZ9/tgMJizbj6B
5ivxHWCqy/Gb2it+Stg78+o2zLNKS1E1fOSTRtbMQyECepXYMOpyTCO7I+mEbNbI
tvLfMEIqj58MvsHe5Df+nC7bSMeW8mwJ/1eJOQ8JDPottRRX
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:23 2024 by rpki-client on console-fra.rpki-client.org