Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2cb3d7-ba4b-4b69-8603-f7aa5683c7ba.roa
File:                     9d2cb3d7-ba4b-4b69-8603-f7aa5683c7ba.roa (raw, json)
Hash identifier:          5Q3ZRzlxldccpylW5HWYbg73BNx7ncswqpd5OZ+xyuI=
Subject key identifier:   3D:DF:6F:25:FE:99:40:34:75:7D:EC:00:B2:66:0F:2E:1D:F1:9D:8E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0F24824F4FFFCEE9A7A02DBB985920DFBADC3B47
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2cb3d7-ba4b-4b69-8603-f7aa5683c7ba.roa
Signing time:             Tue 17 Sep 2024 00:00:00 +0000
ROA not before:           Tue 17 Sep 2024 00:00:00 +0000
ROA not after:            Tue 22 Oct 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Oct 2024 14:16:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:24:82:4f:4f:ff:ce:e9:a7:a0:2d:bb:98:59:20:df:ba:dc:3b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 17 00:00:00 2024 GMT
            Not After : Oct 22 23:59:59 2024 GMT
        Subject: serialNumber=2137bcdfa8713bb27f436bce7fe2bb64c77c78f3a3cb703bab559f43ee5080d4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:86:a3:37:3a:1b:29:0f:95:04:a0:49:b6:ef:
                    d6:53:8d:a0:9a:38:1f:ff:a7:da:04:54:04:2b:32:
                    8a:c4:c6:d5:97:00:c8:0a:9f:79:e6:04:aa:93:29:
                    0c:58:ef:8d:10:4c:ab:b3:a9:07:43:1f:4d:f7:02:
                    36:3a:73:9c:33:ed:a3:8d:84:7f:c6:5c:90:85:d0:
                    36:a3:33:6e:cb:ec:15:20:c8:1e:9e:c5:09:59:be:
                    e4:da:03:81:2c:c0:88:72:06:94:b0:5a:ad:c6:3b:
                    51:8e:ff:8c:64:7c:8a:19:02:a0:90:70:2c:43:62:
                    a8:3a:49:d6:d8:64:4a:74:27:61:4a:9a:95:63:6f:
                    9a:bc:49:49:01:f0:ee:d0:eb:07:be:5b:f8:1b:ed:
                    3b:f2:78:41:16:ba:80:a0:b0:b7:8e:67:9f:05:6f:
                    66:5c:b2:59:24:0a:20:8b:61:fc:28:7d:f0:40:c1:
                    68:ac:71:c9:9c:dc:81:90:9f:25:8f:5d:69:80:91:
                    84:68:07:dc:e0:de:65:1f:b6:27:9d:45:46:fa:69:
                    21:f7:60:9a:7c:76:5e:dc:ed:37:fb:41:29:50:cd:
                    38:fd:5a:bd:37:d0:1e:72:75:7d:27:65:74:b3:c4:
                    18:aa:6c:f6:d9:ed:02:c9:e7:e4:e2:ba:bf:4b:5a:
                    ed:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:DF:6F:25:FE:99:40:34:75:7D:EC:00:B2:66:0F:2E:1D:F1:9D:8E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2cb3d7-ba4b-4b69-8603-f7aa5683c7ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         7e:a5:0f:fe:04:dd:f5:96:a7:7c:dd:d5:9b:d2:b5:2f:7a:f3:
         45:c4:88:e3:31:49:13:c4:e9:4e:d8:90:ea:a0:dd:65:25:51:
         b1:74:6d:1c:b5:7e:d0:ee:be:53:f0:45:e1:b5:2a:3b:32:2b:
         54:3e:ad:41:d4:e9:4a:3e:e7:e6:3a:5e:15:ed:7a:9a:b5:1d:
         db:fe:4f:cd:e8:5b:69:68:08:2e:b5:1f:49:c1:89:d5:59:98:
         0f:a1:12:cc:48:e7:17:3b:87:08:b4:6f:74:89:93:fe:d4:c6:
         f6:86:d4:90:97:42:dc:fb:ce:94:96:d5:ce:0c:19:01:e7:c8:
         42:b6:06:2f:e6:40:2d:ec:66:8b:5c:fa:41:82:da:be:ff:44:
         42:23:9c:3b:5b:c5:01:db:70:7a:e4:36:6a:29:9b:a3:ec:2a:
         6f:ef:30:8b:fa:9f:ea:99:cf:fb:e5:03:30:be:9d:4f:9c:90:
         c7:13:ea:d9:00:18:0f:17:2d:03:6e:18:91:22:f3:32:0a:a3:
         05:3d:be:cc:c2:2a:39:dd:a3:a1:c8:dd:43:98:de:bb:34:eb:
         f6:af:1c:c3:e1:e8:8b:45:89:e2:42:b3:a7:98:90:8f:f6:fd:
         16:9b:4b:88:7e:56:50:8c:c8:9b:41:c3:4a:47:01:d7:2e:a6:
         8a:3a:8d:b9
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUDySCT0//zumnoC27mFkg37rcO0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDA5MTcwMDAwMDBaFw0yNDEwMjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDIxMzdiY2RmYTg3MTNiYjI3ZjQzNmJjZTdmZTJiYjY0Yzc3Yzc4ZjNhM2Ni
NzAzYmFiNTU5ZjQzZWU1MDgwZDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANCGozc6GykPlQSgSbbv1lONoJo4H/+n2gRUBCsyisTG1ZcAyAqfeeYEqpMp
DFjvjRBMq7OpB0MfTfcCNjpznDPto42Ef8ZckIXQNqMzbsvsFSDIHp7FCVm+5NoD
gSzAiHIGlLBarcY7UY7/jGR8ihkCoJBwLENiqDpJ1thkSnQnYUqalWNvmrxJSQHw
7tDrB75b+BvtO/J4QRa6gKCwt45nnwVvZlyyWSQKIIth/Ch98EDBaKxxyZzcgZCf
JY9daYCRhGgH3ODeZR+2J51FRvppIfdgmnx2XtztN/tBKVDNOP1avTfQHnJ1fSdl
dLPEGKps9tntAsnn5OK6v0ta7ekCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ9328l
/plANHV97ACyZg8uHfGdjjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWQyY2IzZDctYmE0Yi00YjY5LTg2MDMtZjdhYTU2ODNjN2JhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBrAgQDAN
BgkqhkiG9w0BAQsFAAOCAQEAfqUP/gTd9ZanfN3Vm9K1L3rzRcSI4zFJE8TpTtiQ
6qDdZSVRsXRtHLV+0O6+U/BF4bUqOzIrVD6tQdTpSj7n5jpeFe16mrUd2/5Pzehb
aWgILrUfScGJ1VmYD6ESzEjnFzuHCLRvdImT/tTG9obUkJdC3PvOlJbVzgwZAefI
QrYGL+ZALexmi1z6QYLavv9EQiOcO1vFAdtweuQ2aimbo+wqb+8wi/qf6pnP++UD
ML6dT5yQxxPq2QAYDxctA24YkSLzMgqjBT2+zMIqOd2jocjdQ5jeuzTr9q8cw+Ho
i0WJ4kKzp5iQj/b9FptLiH5WUIzIm0HDSkcB1y6mijqNuQ==
-----END CERTIFICATE-----
Generated at Wed Oct 9 18:18:05 2024 by rpki-client on console-fra.rpki-client.org