Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad8623fa-dde5-4517-9b7e-52f4b0b1f32c.roa
File:                     ad8623fa-dde5-4517-9b7e-52f4b0b1f32c.roa (raw, json)
Hash identifier:          z4aHjdcQanqPFHIlXomonHkVgJRUmCQSt/+E1pXQd9s=
Subject key identifier:   00:0A:9A:BD:AB:8A:F0:11:85:74:38:81:7E:BD:44:9D:24:96:F6:65
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4616ACFDA43EEC6500DD794D706FFEF66B4F3293
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad8623fa-dde5-4517-9b7e-52f4b0b1f32c.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d079:c000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:16:ac:fd:a4:3e:ec:65:00:dd:79:4d:70:6f:fe:f6:6b:4f:32:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=a4a590224a710b9635e47636477f8aafcec2502bdd36e52d2e8e2e4e3fd88c1c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:2b:39:0a:4f:25:59:5a:6f:9c:0e:47:1f:af:
                    3f:b5:bb:ce:22:b7:9f:49:ce:13:1d:f1:37:49:69:
                    2e:57:10:dd:40:5e:bf:19:5b:f5:d3:0f:ac:9b:99:
                    5a:18:e0:c6:97:27:c2:0f:02:58:da:9f:78:05:7f:
                    d3:10:d7:45:f7:02:6a:a2:63:0c:a0:9a:24:ea:5d:
                    9c:c9:60:c2:fb:6b:32:d7:29:96:26:a3:d0:a8:a4:
                    65:f4:b6:36:4c:a6:20:64:75:ea:d6:66:32:74:4d:
                    c6:92:9a:16:31:68:cd:4b:f8:be:8a:db:6e:76:cc:
                    fe:5e:75:29:18:b7:20:3c:cc:7f:3b:4a:e2:28:e1:
                    52:d2:78:85:98:2e:30:fb:2f:32:4b:02:61:37:e2:
                    d8:67:34:1e:ed:f9:5a:3e:63:b6:aa:d5:9b:e2:79:
                    9d:c6:79:f9:23:c2:43:46:26:e1:97:b8:61:10:7a:
                    c6:0c:77:6c:c3:ab:ea:40:2f:32:75:a2:d8:20:d0:
                    c5:b2:8c:75:f0:fe:65:24:bb:73:a8:d1:10:81:a6:
                    17:9d:c4:49:95:ec:bb:e1:eb:32:8a:06:44:3b:67:
                    e7:13:b5:ad:c0:7a:cc:eb:e0:0e:f9:26:8b:98:1b:
                    00:8d:2e:a4:fa:82:14:60:9d:65:8a:32:aa:f5:66:
                    23:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:0A:9A:BD:AB:8A:F0:11:85:74:38:81:7E:BD:44:9D:24:96:F6:65
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad8623fa-dde5-4517-9b7e-52f4b0b1f32c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d079:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         bd:24:b9:8d:f3:d4:ce:68:90:a8:07:14:40:5f:a0:5e:2a:0b:
         6d:a9:e2:59:a3:4f:f2:35:59:02:c5:db:4e:26:c8:06:2e:e6:
         54:0a:69:65:39:a6:d3:6f:5d:f2:d3:4e:44:1b:09:f7:71:fb:
         84:8a:8a:95:2c:a3:ad:96:66:c4:c4:b7:f0:ea:fe:33:4b:45:
         ad:1f:3b:3b:3f:88:32:cd:48:89:fd:23:65:35:fd:63:76:ec:
         1b:8f:ad:10:cc:a1:6a:42:a2:93:74:81:fe:f4:07:37:74:1c:
         b1:ce:6d:94:9b:83:df:9e:21:e4:2f:b0:1c:f6:9c:c2:cb:c2:
         c1:74:dc:db:e3:21:55:b0:4f:74:6b:ce:97:67:57:dd:00:b5:
         a7:0e:2f:17:fb:1e:57:c3:e3:60:71:1d:dd:ec:5e:ac:07:b8:
         bd:d6:26:23:89:aa:16:45:d2:ba:b5:83:cf:bf:54:ed:a0:9f:
         4e:f6:7b:04:2f:8e:5c:ad:9c:44:ba:fd:fb:5a:e6:f3:43:59:
         c1:ad:a2:b5:66:64:d8:01:4a:66:ae:3f:7a:c0:30:9e:aa:a3:
         ca:1d:34:31:1a:2b:e3:e3:ee:3a:4c:a4:de:5f:44:0e:fc:10:
         e2:a1:e3:e2:c5:31:ce:cd:84:37:49:26:aa:e0:f6:18:c1:ad:
         fa:55:c2:07
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURhas/aQ+7GUA3XlNcG/+9mtPMpMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0YTU5MDIyNGE3MTBiOTYzNWU0NzYzNjQ3N2Y4YWFmY2VjMjUwMmJkZDM2
ZTUyZDJlOGUyZTRlM2ZkODhjMWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOQrOQpPJVlab5wORx+vP7W7ziK3n0nOEx3xN0lpLlcQ3UBevxlb9dMPrJuZ
Whjgxpcnwg8CWNqfeAV/0xDXRfcCaqJjDKCaJOpdnMlgwvtrMtcpliaj0KikZfS2
NkymIGR16tZmMnRNxpKaFjFozUv4vorbbnbM/l51KRi3IDzMfztK4ijhUtJ4hZgu
MPsvMksCYTfi2Gc0Hu35Wj5jtqrVm+J5ncZ5+SPCQ0Ym4Ze4YRB6xgx3bMOr6kAv
MnWi2CDQxbKMdfD+ZSS7c6jREIGmF53ESZXsu+HrMooGRDtn5xO1rcB6zOvgDvkm
i5gbAI0upPqCFGCdZYoyqvVmIxkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQACpq9
q4rwEYV0OIF+vUSdJJb2ZTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWQ4NjIzZmEtZGRlNS00NTE3LTliN2UtNTJmNGIwYjFmMzJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HnA
MA0GCSqGSIb3DQEBCwUAA4IBAQC9JLmN89TOaJCoBxRAX6BeKgttqeJZo0/yNVkC
xdtOJsgGLuZUCmllOabTb13y005EGwn3cfuEioqVLKOtlmbExLfw6v4zS0WtHzs7
P4gyzUiJ/SNlNf1jduwbj60QzKFqQqKTdIH+9Ac3dByxzm2Um4PfniHkL7Ac9pzC
y8LBdNzb4yFVsE90a86XZ1fdALWnDi8X+x5Xw+NgcR3d7F6sB7i91iYjiaoWRdK6
tYPPv1TtoJ9O9nsEL45crZxEuv37WubzQ1nBraK1ZmTYAUpmrj96wDCeqqPKHTQx
Givj4+46TKTeX0QO/BDioePixTHOzYQ3SSaq4PYYwa36VcIH
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:30 2024 by rpki-client on console-ams.rpki-client.org