Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa
File:                     9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa (raw, json)
Hash identifier:          ZvztgNJKjqXYu6bIC24qloh9NV0j3G5Zz2CsSymAcFk=
Subject key identifier:   2C:9C:04:04:01:1D:E7:CF:D4:99:FA:2E:FA:A8:FE:28:AA:04:9E:51
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       79FE86BF30626F8E8453C72F321E17391DBCF21A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d071:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:fe:86:bf:30:62:6f:8e:84:53:c7:2f:32:1e:17:39:1d:bc:f2:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=414222c23ec396dd1b47b0d792c510d1263e9ed67bc044305c9c98898cb9d552, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0d:68:31:59:44:d6:4a:ab:2d:69:48:de:a4:
                    cb:56:3c:b8:b9:8c:7a:f3:38:0e:c1:34:a3:d9:91:
                    5f:d0:82:5d:99:7a:fd:9d:48:2f:78:e4:e6:c3:4f:
                    7f:9a:dc:d7:ff:ab:56:bc:81:f4:13:08:65:c8:a4:
                    24:86:0c:ef:22:6d:69:36:6b:3c:89:d6:18:5c:4f:
                    3d:2a:40:0a:0e:d5:e8:8d:55:fe:db:94:35:a5:38:
                    c2:8f:15:00:11:57:0a:49:05:71:cd:9e:32:89:18:
                    98:36:02:86:67:9c:19:8a:40:2e:a3:4b:2a:1f:a4:
                    d8:1b:f6:36:40:5a:69:4a:d2:b6:02:dc:fd:2d:fc:
                    6e:3c:a1:67:fb:c9:17:56:b5:b4:7b:68:c4:13:db:
                    0e:d7:b8:bd:3c:50:1a:a0:72:1e:09:f7:0f:17:cd:
                    2d:ae:f1:18:81:4d:28:16:44:7b:eb:92:53:4f:9b:
                    ca:86:8e:77:76:20:16:b5:2f:67:ef:f5:4d:ee:7a:
                    47:7a:44:77:76:c9:e4:09:5e:7d:ce:45:94:59:72:
                    ef:bd:be:93:c0:aa:09:6b:bf:47:c0:df:b3:40:58:
                    d8:f0:2d:1e:0f:6e:7b:5d:f8:93:b0:d6:76:8b:45:
                    c7:34:10:b3:0f:93:6f:80:a5:b5:2e:bc:a8:3b:c9:
                    90:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:9C:04:04:01:1D:E7:CF:D4:99:FA:2E:FA:A8:FE:28:AA:04:9E:51
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d071:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1c:c1:3b:e4:1c:0e:34:0b:5a:36:a7:b0:7f:19:a6:aa:6c:c6:
         b8:8e:b2:04:d5:86:cc:73:b5:c5:cf:bc:46:b7:60:34:5c:73:
         87:1c:4d:6d:2e:41:3c:8a:e3:4f:1d:2f:53:d2:df:bc:fa:8d:
         8c:0e:e4:e3:9a:c3:fe:78:ed:db:1a:c9:1c:18:b1:86:68:22:
         41:05:15:a7:40:12:b8:32:a3:4c:22:ce:fc:69:58:48:41:25:
         cb:06:2d:be:4a:8e:24:8a:a5:e4:b0:c4:59:79:48:e5:c5:5f:
         8c:a3:4a:2d:cd:fe:e3:ee:6f:42:2e:1d:ee:26:16:84:78:51:
         b2:c3:11:79:03:e6:64:1f:d2:27:b1:01:31:85:4b:75:fe:1d:
         4d:bc:13:01:2d:e5:d6:3a:74:40:fd:52:8e:9d:aa:15:03:b1:
         f8:c5:42:db:11:34:ad:1e:b3:90:3e:3a:5a:6a:60:20:5f:94:
         84:58:db:bb:91:1f:5f:c1:5d:00:ce:90:ab:4f:5f:e0:c7:fa:
         e6:49:bb:94:34:b7:ea:99:76:07:12:1d:59:86:8e:67:a6:b1:
         c1:fa:5d:e4:da:90:34:62:aa:27:7d:33:bd:a1:64:ec:c5:33:
         cf:49:68:5b:82:e2:8a:bc:88:0f:e0:65:39:48:c6:31:bc:1b:
         c7:07:87:18
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUef6GvzBib46EU8cvMh4XOR288howDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQxNDIyMmMyM2VjMzk2ZGQxYjQ3YjBkNzkyYzUxMGQxMjYzZTllZDY3YmMw
NDQzMDVjOWM5ODg5OGNiOWQ1NTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALANaDFZRNZKqy1pSN6ky1Y8uLmMevM4DsE0o9mRX9CCXZl6/Z1IL3jk5sNP
f5rc1/+rVryB9BMIZcikJIYM7yJtaTZrPInWGFxPPSpACg7V6I1V/tuUNaU4wo8V
ABFXCkkFcc2eMokYmDYChmecGYpALqNLKh+k2Bv2NkBaaUrStgLc/S38bjyhZ/vJ
F1a1tHtoxBPbDte4vTxQGqByHgn3DxfNLa7xGIFNKBZEe+uSU0+byoaOd3YgFrUv
Z+/1Te56R3pEd3bJ5Alefc5FlFly772+k8CqCWu/R8Dfs0BY2PAtHg9ue134k7DW
dotFxzQQsw+Tb4CltS68qDvJkLMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQsnAQE
AR3nz9SZ+i76qP4oqgSeUTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWQyZWEyYWEtZDQwYS00OWE3LWFiMDAtNDRmZjVkYmY3MjliLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGg
MA0GCSqGSIb3DQEBCwUAA4IBAQAcwTvkHA40C1o2p7B/GaaqbMa4jrIE1YbMc7XF
z7xGt2A0XHOHHE1tLkE8iuNPHS9T0t+8+o2MDuTjmsP+eO3bGskcGLGGaCJBBRWn
QBK4MqNMIs78aVhIQSXLBi2+So4kiqXksMRZeUjlxV+Mo0otzf7j7m9CLh3uJhaE
eFGywxF5A+ZkH9InsQExhUt1/h1NvBMBLeXWOnRA/VKOnaoVA7H4xULbETStHrOQ
PjpaamAgX5SEWNu7kR9fwV0AzpCrT1/gx/rmSbuUNLfqmXYHEh1Zho5nprHB+l3k
2pA0YqonfTO9oWTsxTPPSWhbguKKvIgP4GU5SMYxvBvHB4cY
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:26 2024 by rpki-client on console-fra.rpki-client.org