Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
File:                     9a732efb-e23f-49a4-ad51-1a43431e07c9.roa (raw, json)
Hash identifier:          3BT23VIqQ/zfolzMqJ9aHAkPlj40BE3XWpN9GOZK2ag=
Subject key identifier:   5F:BC:03:95:BE:1D:07:61:2E:04:DF:E0:7F:69:84:EE:A4:0C:83:66
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1444D98B1135F7383D80D343F447CD1E1919D0A7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Sep 2023 14:37:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:44:d9:8b:11:35:f7:38:3d:80:d3:43:f4:47:cd:1e:19:19:d0:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=132051ff6a0405705af4c2bc57585ae56ed6811fedb39cea00a96aa4e27d5557, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6a:19:cd:18:36:9e:eb:f7:e1:16:c7:71:9d:
                    58:52:a7:23:e0:c5:ce:30:a8:25:b5:7d:0c:f9:f9:
                    ac:5a:e8:32:77:73:03:e1:c8:d8:f9:3e:da:dd:0e:
                    24:94:a3:72:5a:91:36:10:37:75:d3:29:72:64:92:
                    7c:8f:df:38:00:11:2c:59:ea:ac:63:b1:b1:c6:de:
                    44:b4:63:9f:5d:cc:e1:23:35:70:27:f7:1f:c1:74:
                    53:83:a1:dc:e6:eb:29:3c:81:35:ff:8a:fe:53:ca:
                    74:64:29:1b:b1:51:d6:67:84:25:49:21:11:61:89:
                    ec:da:e1:9c:f4:62:6f:ef:12:85:03:c9:da:24:f2:
                    37:e8:4e:3b:d7:5d:fc:24:9a:32:8e:0c:06:b6:aa:
                    13:70:14:23:4e:06:f5:70:3c:00:53:3a:2c:41:70:
                    9d:f3:24:7f:58:3f:21:a1:be:d1:ea:24:7f:df:fc:
                    2e:e3:e3:6a:f2:50:3d:d5:e1:a1:b3:66:8d:cd:80:
                    4e:31:0f:51:40:1d:1f:62:db:5c:8f:2d:91:e1:d6:
                    fd:b2:37:2b:62:d1:9d:1f:ea:f7:51:c4:29:73:96:
                    bc:94:40:99:58:4a:e0:bf:12:b9:7c:76:23:7e:44:
                    30:af:4a:ad:28:97:e4:78:90:8d:80:07:2b:a9:77:
                    bb:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:BC:03:95:BE:1D:07:61:2E:04:DF:E0:7F:69:84:EE:A4:0C:83:66
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         60:60:e3:b8:01:da:d3:04:28:af:48:cb:82:90:0f:f8:ed:fa:
         95:71:00:85:d2:01:35:24:d3:7c:66:76:2a:85:0e:19:50:a2:
         a7:0e:e4:18:6f:00:1c:82:2c:52:21:85:37:f1:00:a8:e4:b3:
         63:57:cd:ff:6f:16:d2:ff:27:c1:21:df:95:37:ab:df:20:8d:
         f5:f6:b1:ff:51:a7:19:25:22:a0:ab:68:fc:fd:db:96:54:cb:
         3e:a5:26:fc:b6:64:c6:a6:ae:99:b2:90:65:c9:f2:dc:f9:91:
         ee:cc:9c:66:ad:ed:7d:94:b6:5d:e6:b2:db:27:bf:e9:81:02:
         29:e2:f9:11:d8:a7:42:76:af:d8:09:c3:4e:7d:c2:8d:7f:8d:
         ef:26:f6:1a:61:eb:10:e3:00:f9:cb:83:3c:55:f0:15:0a:2a:
         75:dd:bb:b8:57:9a:94:0e:d8:1a:14:50:54:e1:5c:3d:c2:32:
         57:ce:1f:9c:ae:6a:7b:b5:da:00:d1:b4:e0:ee:1e:e5:25:5c:
         1f:1b:02:c0:0c:99:f9:ac:59:a7:ab:8f:a6:1f:6c:3d:42:78:
         a2:1d:97:13:29:85:f6:2b:50:05:2e:48:18:71:63:d9:54:96:
         c4:24:7e:c1:f2:e1:bf:a9:df:8b:b9:e6:25:88:e4:c3:f5:81:
         95:e5:69:b0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFETZixE19zg9gNND9EfNHhkZ0KcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzA5MTEwMDAwMDBaFw0yMzEwMTYyMzU5NTlaMHoxSTBHBgNV
BAUTQDEzMjA1MWZmNmEwNDA1NzA1YWY0YzJiYzU3NTg1YWU1NmVkNjgxMWZlZGIz
OWNlYTAwYTk2YWE0ZTI3ZDU1NTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMRqGc0YNp7r9+EWx3GdWFKnI+DFzjCoJbV9DPn5rFroMndzA+HI2Pk+2t0O
JJSjclqRNhA3ddMpcmSSfI/fOAARLFnqrGOxscbeRLRjn13M4SM1cCf3H8F0U4Oh
3ObrKTyBNf+K/lPKdGQpG7FR1meEJUkhEWGJ7NrhnPRib+8ShQPJ2iTyN+hOO9dd
/CSaMo4MBraqE3AUI04G9XA8AFM6LEFwnfMkf1g/IaG+0eokf9/8LuPjavJQPdXh
obNmjc2ATjEPUUAdH2LbXI8tkeHW/bI3K2LRnR/q91HEKXOWvJRAmVhK4L8SuXx2
I35EMK9KrSiX5HiQjYAHK6l3u9MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRfvAOV
vh0HYS4E3+B/aYTupAyDZjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWE3MzJlZmItZTIzZi00OWE0LWFkNTEtMWE0MzQzMWUwN2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DSQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBgYOO4AdrTBCivSMuCkA/47fqVcQCF0gE1JNN8
ZnYqhQ4ZUKKnDuQYbwAcgixSIYU38QCo5LNjV83/bxbS/yfBId+VN6vfII319rH/
UacZJSKgq2j8/duWVMs+pSb8tmTGpq6ZspBlyfLc+ZHuzJxmre19lLZd5rLbJ7/p
gQIp4vkR2KdCdq/YCcNOfcKNf43vJvYaYesQ4wD5y4M8VfAVCip13bu4V5qUDtga
FFBU4Vw9wjJXzh+crmp7tdoA0bTg7h7lJVwfGwLADJn5rFmnq4+mH2w9QniiHZcT
KYX2K1AFLkgYcWPZVJbEJH7B8uG/qd+LueYliOTD9YGV5Wmw
-----END CERTIFICATE-----
Generated at Mon Sep 11 16:32:02 2023 by rpki-client on console-fra.rpki-client.org