Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a039a10b-545b-441d-bef2-b67325de50a1.roa
File:                     a039a10b-545b-441d-bef2-b67325de50a1.roa (raw, json)
Hash identifier:          8fPioYdiFvwumLZTor3ytASbCo1QKkIt57dFUnINVgc=
Subject key identifier:   63:37:4C:43:DE:67:CA:5E:63:DE:87:0C:F5:F9:0E:81:1A:F4:E2:6B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1890E680237F9FFFD60700765DEB601FE8C701B2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a039a10b-545b-441d-bef2-b67325de50a1.roa
Signing time:             Fri 29 Mar 2024 00:00:00 +0000
ROA not before:           Fri 29 Mar 2024 00:00:00 +0000
ROA not after:            Fri 03 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:90:e6:80:23:7f:9f:ff:d6:07:00:76:5d:eb:60:1f:e8:c7:01:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 29 00:00:00 2024 GMT
            Not After : May  3 23:59:59 2024 GMT
        Subject: serialNumber=95600cf312dd37c8c6af4c9aaf29114767eb56d379ec91efd5f97dabe02bfc4f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d5:09:64:0b:87:95:19:52:d0:39:c6:5c:96:
                    db:e7:6f:96:c0:18:20:e8:d0:99:92:e2:d1:3a:d6:
                    84:b4:20:7d:65:49:b5:7a:a4:fb:1a:89:90:75:cb:
                    2c:56:93:45:fa:d8:62:03:5f:34:6f:cd:ff:96:65:
                    50:33:cb:99:95:7f:ff:bc:60:14:26:25:0e:4a:69:
                    88:3f:dd:31:d0:e2:69:5c:53:f7:0c:be:79:2b:df:
                    75:2e:ce:12:47:a8:19:02:9e:6b:d5:6d:27:92:ab:
                    c0:b0:4d:28:d8:91:7a:90:48:54:b8:6c:9d:9e:27:
                    a5:f3:82:3c:8b:ad:eb:e3:38:1e:24:ef:00:f3:ff:
                    c1:96:da:20:e7:85:6d:85:ef:9f:d8:a6:c8:41:ec:
                    87:0d:0f:5d:e3:4e:d0:b1:2d:ff:22:f6:9c:61:b5:
                    f1:df:ef:f5:bb:c5:a7:03:a5:67:f8:0a:4f:1d:9f:
                    49:97:8f:1c:34:14:c8:f8:5d:db:63:ac:a0:43:ed:
                    26:20:22:7f:51:dc:50:f3:3a:99:78:a3:60:00:58:
                    2f:c1:2a:65:cc:58:4f:f6:c1:b5:f4:b8:f8:66:68:
                    8d:bb:11:fc:f2:3d:de:50:1d:76:80:27:a7:d5:a0:
                    93:8e:cf:d8:43:53:d5:3d:82:b5:12:fc:95:a4:26:
                    2a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:37:4C:43:DE:67:CA:5E:63:DE:87:0C:F5:F9:0E:81:1A:F4:E2:6B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a039a10b-545b-441d-bef2-b67325de50a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3c:fb:37:0b:1a:3b:27:3b:18:53:08:1a:28:7f:cb:bc:49:be:
         9d:7e:f3:24:71:4d:73:84:9c:e9:a2:86:7c:da:78:d7:a6:dc:
         0e:4b:ff:05:58:64:86:fb:fe:f4:08:80:4b:76:dc:ba:0c:32:
         fc:ec:40:7d:d8:89:b2:4a:88:99:bc:13:e3:b6:11:38:01:2a:
         8d:da:f7:52:66:89:2e:cc:0a:e3:59:2b:3d:7a:d6:40:38:56:
         76:df:02:26:a3:2e:38:40:d3:5d:6f:f3:c9:32:6e:c9:7e:03:
         8a:92:f2:5c:a7:0c:31:f8:3b:3c:60:64:2e:c3:f3:64:8e:2d:
         b8:eb:65:fe:2f:c3:d0:a3:51:9f:13:50:d4:bf:d8:15:56:b8:
         56:80:b0:06:6b:02:91:a0:f3:a3:d6:32:d4:8c:af:ff:3d:95:
         9d:90:06:c9:04:71:90:14:55:1e:75:0e:55:13:e3:8e:ef:3f:
         65:81:30:30:2f:99:96:ee:51:eb:99:d2:96:c4:95:bb:54:ad:
         f6:1d:10:27:59:26:85:f7:8c:d1:c9:93:ed:14:6a:80:c6:3e:
         6f:ed:81:13:ed:a0:2b:0a:90:bb:b5:46:98:c0:3c:f7:5b:52:
         ca:32:d7:55:7f:98:fa:d1:0a:fd:f8:44:52:7a:97:be:ec:cd:
         ef:dd:84:ca
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGJDmgCN/n//WBwB2XetgH+jHAbIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMjkwMDAwMDBaFw0yNDA1MDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDk1NjAwY2YzMTJkZDM3YzhjNmFmNGM5YWFmMjkxMTQ3NjdlYjU2ZDM3OWVj
OTFlZmQ1Zjk3ZGFiZTAyYmZjNGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALLVCWQLh5UZUtA5xlyW2+dvlsAYIOjQmZLi0TrWhLQgfWVJtXqk+xqJkHXL
LFaTRfrYYgNfNG/N/5ZlUDPLmZV//7xgFCYlDkppiD/dMdDiaVxT9wy+eSvfdS7O
EkeoGQKea9VtJ5KrwLBNKNiRepBIVLhsnZ4npfOCPIut6+M4HiTvAPP/wZbaIOeF
bYXvn9imyEHshw0PXeNO0LEt/yL2nGG18d/v9bvFpwOlZ/gKTx2fSZePHDQUyPhd
22OsoEPtJiAif1HcUPM6mXijYABYL8EqZcxYT/bBtfS4+GZojbsR/PI93lAddoAn
p9Wgk47P2ENT1T2CtRL8laQmKsUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRjN0xD
3mfKXmPehwz1+Q6BGvTiazAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTAzOWExMGItNTQ1Yi00NDFkLWJlZjItYjY3MzI1ZGU1MGExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBg
MA0GCSqGSIb3DQEBCwUAA4IBAQA8+zcLGjsnOxhTCBoof8u8Sb6dfvMkcU1zhJzp
ooZ82njXptwOS/8FWGSG+/70CIBLdty6DDL87EB92ImySoiZvBPjthE4ASqN2vdS
ZokuzArjWSs9etZAOFZ23wImoy44QNNdb/PJMm7JfgOKkvJcpwwx+Ds8YGQuw/Nk
ji2462X+L8PQo1GfE1DUv9gVVrhWgLAGawKRoPOj1jLUjK//PZWdkAbJBHGQFFUe
dQ5VE+OO7z9lgTAwL5mW7lHrmdKWxJW7VK32HRAnWSaF94zRyZPtFGqAxj5v7YET
7aArCpC7tUaYwDz3W1LKMtdVf5j60Qr9+ERSepe+7M3v3YTK
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:30 2024 by rpki-client on console-ams.rpki-client.org