Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a62f4423-d8c8-4470-b8ba-d394307f27b1.roa
File:                     a62f4423-d8c8-4470-b8ba-d394307f27b1.roa (raw, json)
Hash identifier:          s7Yl9Wc4W6kNoaiz3AofCIcAZVHTNkoBe1Rp1lHYnA8=
Subject key identifier:   FB:CC:45:62:62:4C:29:61:D8:8B:8F:1F:30:03:C7:03:49:2E:5A:51
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2E9F1956061DEA8C83E76C4601B0ACDF302962CC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a62f4423-d8c8-4470-b8ba-d394307f27b1.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Sep 2023 14:37:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:9f:19:56:06:1d:ea:8c:83:e7:6c:46:01:b0:ac:df:30:29:62:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=1767a50492f7f977a27363ddf6214ab82cfbd0063737866d6379f107471e4aca, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:93:a6:b4:03:44:6a:76:93:28:43:97:ad:c4:
                    bb:65:b0:f7:83:65:89:8f:1d:19:46:56:28:61:47:
                    0a:2d:a0:9e:4a:2c:60:de:60:ae:22:fa:f8:4c:72:
                    44:01:46:77:5f:7b:ea:d6:45:23:d5:f2:31:90:4f:
                    17:0c:0f:92:f0:76:26:74:4f:a2:2a:f8:28:7c:92:
                    d8:22:81:a4:7d:4b:b0:1e:84:f0:f5:71:94:f9:57:
                    0d:36:c3:f4:44:f1:a6:00:95:4f:10:64:00:21:85:
                    f0:2c:9b:af:38:46:0c:15:9c:dd:25:b6:68:ee:47:
                    63:33:6e:15:52:c6:0f:4c:90:c4:e7:d7:3b:25:69:
                    10:27:4e:57:e1:f5:da:f3:82:a0:37:85:13:4e:1a:
                    34:0b:fb:95:b0:e9:26:fc:78:d7:6e:02:01:43:b7:
                    bc:6d:a6:c1:6d:2a:e6:b9:76:86:41:eb:ee:8b:6f:
                    5f:90:e5:b0:17:e8:91:d7:67:58:16:c6:6f:72:b5:
                    03:c0:80:0e:9b:91:be:ee:55:12:96:64:1a:34:bb:
                    05:9c:ae:15:30:e3:cd:1f:75:4a:56:f4:2c:03:11:
                    94:f1:51:7c:80:78:9e:34:78:9b:a7:9c:b0:08:19:
                    8a:07:39:6e:f6:23:cb:11:ff:92:01:42:38:58:ce:
                    ea:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:CC:45:62:62:4C:29:61:D8:8B:8F:1F:30:03:C7:03:49:2E:5A:51
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a62f4423-d8c8-4470-b8ba-d394307f27b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0c:85:22:03:ae:07:44:62:55:cb:13:ab:d8:d3:70:2a:54:38:
         01:cc:79:8a:f0:c4:8a:3d:72:70:3e:22:d2:18:9f:cd:f5:05:
         26:40:a2:f1:7b:f5:03:d0:76:e3:67:9b:d3:dd:b3:5b:78:f9:
         59:eb:72:ff:2a:e7:1f:8c:1e:42:ed:70:6d:c6:3c:6d:cc:ca:
         28:87:2c:b4:4a:4f:99:6c:5f:98:dc:16:58:4e:b5:58:e1:cd:
         67:85:e1:4f:65:a8:0d:41:25:52:cb:c6:7a:ea:f3:16:fb:1b:
         00:18:cd:42:1b:1e:ca:ab:a6:fa:38:6b:d9:e3:f0:c5:98:d7:
         23:77:ed:79:e2:52:eb:ae:ad:07:dc:f6:78:bc:79:77:5a:a0:
         aa:d2:f5:02:33:ee:d3:d5:ff:f1:ef:be:d4:23:05:bb:90:44:
         90:17:2c:d8:e5:75:7c:c9:27:89:0b:dd:75:71:6b:5f:64:9e:
         d5:14:cf:98:e2:6a:ac:50:33:b1:04:0b:5c:60:33:c2:9f:e5:
         06:8e:0d:97:82:91:e8:b3:fd:c7:ba:0e:e5:2b:48:62:c2:d3:
         dd:61:7b:bf:e6:00:f3:32:38:8f:d8:92:13:48:4b:9e:ed:2c:
         46:91:83:6f:32:dd:8a:b8:cf:9f:dd:6c:ec:09:8c:07:d5:90:
         bc:72:41:14
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULp8ZVgYd6oyD52xGAbCs3zApYswwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzA5MTEwMDAwMDBaFw0yMzEwMTYyMzU5NTlaMHoxSTBHBgNV
BAUTQDE3NjdhNTA0OTJmN2Y5NzdhMjczNjNkZGY2MjE0YWI4MmNmYmQwMDYzNzM3
ODY2ZDYzNzlmMTA3NDcxZTRhY2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL6TprQDRGp2kyhDl63Eu2Ww94NliY8dGUZWKGFHCi2gnkosYN5griL6+Exy
RAFGd1976tZFI9XyMZBPFwwPkvB2JnRPoir4KHyS2CKBpH1LsB6E8PVxlPlXDTbD
9ETxpgCVTxBkACGF8CybrzhGDBWc3SW2aO5HYzNuFVLGD0yQxOfXOyVpECdOV+H1
2vOCoDeFE04aNAv7lbDpJvx4124CAUO3vG2mwW0q5rl2hkHr7otvX5DlsBfokddn
WBbGb3K1A8CADpuRvu5VEpZkGjS7BZyuFTDjzR91Slb0LAMRlPFRfIB4njR4m6ec
sAgZigc5bvYjyxH/kgFCOFjO6hMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT7zEVi
YkwpYdiLjx8wA8cDSS5aUTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTYyZjQ0MjMtZDhjOC00NDcwLWI4YmEtZDM5NDMwN2YyN2IxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H8g
MA0GCSqGSIb3DQEBCwUAA4IBAQAMhSIDrgdEYlXLE6vY03AqVDgBzHmK8MSKPXJw
PiLSGJ/N9QUmQKLxe/UD0HbjZ5vT3bNbePlZ63L/KucfjB5C7XBtxjxtzMoohyy0
Sk+ZbF+Y3BZYTrVY4c1nheFPZagNQSVSy8Z66vMW+xsAGM1CGx7Kq6b6OGvZ4/DF
mNcjd+154lLrrq0H3PZ4vHl3WqCq0vUCM+7T1f/x777UIwW7kESQFyzY5XV8ySeJ
C911cWtfZJ7VFM+Y4mqsUDOxBAtcYDPCn+UGjg2XgpHos/3Hug7lK0hiwtPdYXu/
5gDzMjiP2JITSEue7SxGkYNvMt2KuM+f3WzsCYwH1ZC8ckEU
-----END CERTIFICATE-----
Generated at Mon Sep 11 16:40:27 2023 by rpki-client on console-ams.rpki-client.org