Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
File:                     99ffa238-9133-4fa5-ad84-49e67d34854a.roa (raw, json)
Hash identifier:          pmRqutgWGCmfxvD9KXp6aOxL/0nhHUb/a9Yro9hrvTo=
Subject key identifier:   A8:1C:1B:1A:CC:3A:97:29:B9:1A:0B:57:53:E1:5A:9D:11:C2:23:9C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       64EAE0553164927D4ADBD1B0ACA0A48742F8783A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
Signing time:             Sat 13 Jul 2024 00:00:00 +0000
ROA not before:           Sat 13 Jul 2024 00:00:00 +0000
ROA not after:            Sat 17 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d02a::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Jul 2024 15:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:ea:e0:55:31:64:92:7d:4a:db:d1:b0:ac:a0:a4:87:42:f8:78:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul 13 00:00:00 2024 GMT
            Not After : Aug 17 23:59:59 2024 GMT
        Subject: serialNumber=724c356eb67fca4b700ecbb4c43c800c298cea0ce70fc5333761bba3767a9891, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:11:ff:91:a4:f4:01:f5:73:e5:32:49:cf:af:
                    f8:21:eb:63:e1:04:49:02:7d:9d:c3:e9:42:52:32:
                    e2:40:91:84:9d:b3:f9:99:06:ce:a9:de:c5:8c:93:
                    d9:2f:c0:4f:c3:27:cc:46:03:59:31:59:34:15:d3:
                    79:5f:52:e7:1f:78:3d:76:71:4f:43:5c:bb:ac:44:
                    2b:2b:d3:ec:a6:22:4a:fa:43:7a:8f:35:34:dd:ef:
                    78:58:c3:4f:1c:7a:dc:8d:c2:5a:29:24:32:13:99:
                    c8:b1:53:98:7c:68:d3:26:70:42:7c:96:77:d5:3f:
                    1c:09:ed:e4:97:97:d7:22:de:d3:b2:da:a2:28:0a:
                    36:3d:a5:18:de:4e:29:d5:aa:80:58:fa:3b:3a:5b:
                    6e:b1:c0:b4:a5:40:47:bc:3b:ea:8f:83:bd:03:6e:
                    4f:c5:83:05:67:c0:fa:3c:12:e7:ad:0d:4f:1a:5a:
                    04:80:5b:b6:ee:bd:e3:f7:77:c1:a6:f2:f6:63:cd:
                    5f:33:41:72:6a:d3:74:38:8e:cc:87:55:8e:f5:28:
                    87:f8:51:10:8a:24:36:a7:bc:c6:24:a8:23:cf:fc:
                    06:3d:42:fc:05:8f:fb:89:9a:34:9c:15:d5:d5:3e:
                    8a:27:5a:d4:6f:80:9d:97:60:e2:b4:ae:c7:1a:12:
                    9d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:1C:1B:1A:CC:3A:97:29:B9:1A:0B:57:53:E1:5A:9D:11:C2:23:9C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d02a::/36

    Signature Algorithm: sha256WithRSAEncryption
         4e:2d:c8:84:58:d3:a7:e4:3d:b5:13:cb:fc:b3:26:b2:bf:d9:
         9d:aa:33:0c:78:cc:17:15:f8:83:e4:57:33:42:9a:fd:24:8c:
         bd:d2:f9:60:59:79:a4:3a:17:44:72:73:a9:0b:07:1c:25:25:
         98:07:f6:80:0d:12:09:7f:ee:09:0c:fe:ca:04:69:64:c3:11:
         a1:f5:32:66:5b:4d:fa:f9:3a:0c:0c:71:80:ed:29:53:7f:54:
         cf:ac:2e:5f:45:eb:e9:14:d5:25:5a:0e:97:25:48:aa:47:ab:
         59:12:ee:d6:02:50:71:26:22:4c:fa:be:59:45:8c:11:4e:bf:
         c5:f4:b4:38:6f:0a:1e:bf:10:e0:91:59:cf:8f:a8:e9:9e:77:
         9a:88:28:fd:15:ad:04:8b:6d:0e:64:0f:fb:da:f7:d4:f9:dd:
         67:fe:66:9c:0a:f0:bd:47:2e:77:4e:a5:70:d0:ac:b9:89:24:
         66:37:eb:9a:a2:74:57:29:39:37:9a:4d:24:61:03:d4:45:82:
         fb:9c:a8:f8:69:1e:dd:2d:41:12:a7:a1:fc:6e:5d:3a:2a:7e:
         17:d0:23:45:b2:95:d9:4d:c8:72:ce:71:7f:ea:d4:bd:3e:7d:
         6d:1d:e9:e8:f4:32:5e:6e:74:bf:02:c3:eb:2f:e7:15:c4:e9:
         7c:be:bc:d3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZOrgVTFkkn1K29GwrKCkh0L4eDowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDA3MTMwMDAwMDBaFw0yNDA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyNGMzNTZlYjY3ZmNhNGI3MDBlY2JiNGM0M2M4MDBjMjk4Y2VhMGNlNzBm
YzUzMzM3NjFiYmEzNzY3YTk4OTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgR/5Gk9AH1c+UySc+v+CHrY+EESQJ9ncPpQlIy4kCRhJ2z+ZkGzqnexYyT
2S/AT8MnzEYDWTFZNBXTeV9S5x94PXZxT0Ncu6xEKyvT7KYiSvpDeo81NN3veFjD
Txx63I3CWikkMhOZyLFTmHxo0yZwQnyWd9U/HAnt5JeX1yLe07LaoigKNj2lGN5O
KdWqgFj6OzpbbrHAtKVAR7w76o+DvQNuT8WDBWfA+jwS560NTxpaBIBbtu694/d3
waby9mPNXzNBcmrTdDiOzIdVjvUoh/hREIokNqe8xiSoI8/8Bj1C/AWP+4maNJwV
1dU+iida1G+AnZdg4rSuxxoSnecCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSoHBsa
zDqXKbkaC1dT4VqdEcIjnDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTlmZmEyMzgtOTEzMy00ZmE1LWFkODQtNDllNjdkMzQ4NTRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CoA
MA0GCSqGSIb3DQEBCwUAA4IBAQBOLciEWNOn5D21E8v8syayv9mdqjMMeMwXFfiD
5FczQpr9JIy90vlgWXmkOhdEcnOpCwccJSWYB/aADRIJf+4JDP7KBGlkwxGh9TJm
W036+ToMDHGA7SlTf1TPrC5fRevpFNUlWg6XJUiqR6tZEu7WAlBxJiJM+r5ZRYwR
Tr/F9LQ4bwoevxDgkVnPj6jpnneaiCj9Fa0Ei20OZA/72vfU+d1n/macCvC9Ry53
TqVw0Ky5iSRmN+uaonRXKTk3mk0kYQPURYL7nKj4aR7dLUESp6H8bl06Kn4X0CNF
spXZTchyznF/6tS9Pn1tHeno9DJebnS/AsPrL+cVxOl8vrzT
-----END CERTIFICATE-----
Generated at Mon Jul 15 20:17:41 2024 by rpki-client on console-fra.rpki-client.org