Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bdd33562-2653-4549-84dc-25f96aa10a83.roa
File:                     bdd33562-2653-4549-84dc-25f96aa10a83.roa (raw, json)
Hash identifier:          9JHAdlYay/7hveCxIJtbPoiw43U9Kecjdgkc3Rv3miM=
Subject key identifier:   AC:15:7B:51:E8:22:2C:6B:FF:A6:C6:1A:08:D0:80:46:03:DD:DA:C3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1226BBBD979BFB4D1B8294BACC6EF1E7A8A4294E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bdd33562-2653-4549-84dc-25f96aa10a83.roa
Signing time:             Mon 15 Jul 2024 00:00:00 +0000
ROA not before:           Mon 15 Jul 2024 00:00:00 +0000
ROA not after:            Mon 19 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d021::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 21:10:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:26:bb:bd:97:9b:fb:4d:1b:82:94:ba:cc:6e:f1:e7:a8:a4:29:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul 15 00:00:00 2024 GMT
            Not After : Aug 19 23:59:59 2024 GMT
        Subject: serialNumber=5444dfcebe7e6ddb8c17400d288bbc3ce0d57bc7cfc89443430930352952330d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a6:86:68:45:0a:34:90:57:f3:92:37:dd:a7:
                    c3:2d:20:ba:86:ea:b1:f2:c5:e2:ae:d3:8a:0b:a7:
                    73:db:40:ac:94:7c:e1:c2:c1:21:04:b9:2c:4e:55:
                    87:9f:f0:44:2e:ed:ef:cf:85:f4:53:60:32:12:11:
                    b4:9e:3c:99:53:d9:96:97:58:1c:00:a0:69:d3:a0:
                    f1:92:b9:b1:e5:f3:1a:86:d0:4f:30:1e:75:bf:54:
                    86:d5:1c:f4:f1:ac:dc:74:dc:29:bb:ad:99:ee:af:
                    aa:13:d2:70:a1:35:b1:97:41:f7:0a:54:41:ac:e9:
                    b4:fb:9e:ab:ce:06:d3:6c:df:93:9d:e9:a8:bc:2f:
                    5a:7a:5f:62:db:25:33:dd:3a:0f:c9:71:f4:5f:69:
                    70:b0:e1:8f:71:da:a6:3e:c8:d8:db:7f:9f:94:1d:
                    7f:6c:20:d3:38:d7:cf:19:1d:e4:0f:92:79:1d:f6:
                    fb:71:f8:16:25:ad:ea:a5:1d:e5:ab:e8:3e:01:9e:
                    f5:16:b7:6a:e8:24:32:99:01:b6:4b:9c:c4:13:3c:
                    8c:a2:f7:93:ed:cd:9c:17:84:80:5f:5f:fd:8a:84:
                    a8:3e:fc:16:f5:be:f5:b7:6d:3b:8e:6c:11:9d:ff:
                    ba:2f:d3:01:e1:8d:2d:68:a1:41:2e:f8:d9:4a:9c:
                    7b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:15:7B:51:E8:22:2C:6B:FF:A6:C6:1A:08:D0:80:46:03:DD:DA:C3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bdd33562-2653-4549-84dc-25f96aa10a83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d021::/36

    Signature Algorithm: sha256WithRSAEncryption
         46:d8:ea:b2:28:1f:50:ad:58:fa:ce:b3:97:4f:1f:4d:fd:eb:
         45:2c:81:50:42:77:70:d6:4e:bd:a7:a2:55:31:f7:95:41:7e:
         2e:c8:19:c8:48:94:e2:cf:bd:4e:97:96:9e:92:a1:08:a2:49:
         66:fd:08:2f:6b:b6:b6:87:c5:0c:c8:5a:4d:a3:7d:d5:01:da:
         92:19:55:ec:8b:25:fb:d4:d6:1a:65:a5:88:72:94:52:b8:26:
         25:43:5d:4c:1a:6b:0f:7c:4a:d5:5d:05:0f:10:da:7a:c7:82:
         87:6f:0a:f2:54:ad:38:13:e1:12:37:56:4c:9f:10:56:d0:4e:
         12:84:9b:79:fa:b1:9e:4d:53:e0:7e:a4:59:14:f7:51:f8:69:
         25:79:dd:f6:78:d2:a9:3a:d0:ed:45:ca:e1:8b:11:b2:49:83:
         92:54:83:14:88:e2:04:cf:bb:3f:b0:0f:e7:a7:4b:b4:b1:22:
         17:65:5c:05:f5:4c:e1:39:8d:5c:4f:c0:c4:b7:5e:ca:f7:af:
         48:11:f7:8c:21:ab:31:d5:b0:24:8c:b7:d4:87:e2:81:fd:43:
         c2:49:4f:29:03:12:04:00:5b:86:58:63:97:f2:40:d8:49:ee:
         ca:bd:96:ef:14:7a:c6:65:1a:75:47:6c:b8:ef:ea:9b:91:0f:
         57:d9:76:64
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEia7vZeb+00bgpS6zG7x56ikKU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDA3MTUwMDAwMDBaFw0yNDA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQDU0NDRkZmNlYmU3ZTZkZGI4YzE3NDAwZDI4OGJiYzNjZTBkNTdiYzdjZmM4
OTQ0MzQzMDkzMDM1Mjk1MjMzMGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKimhmhFCjSQV/OSN92nwy0guobqsfLF4q7Tigunc9tArJR84cLBIQS5LE5V
h5/wRC7t78+F9FNgMhIRtJ48mVPZlpdYHACgadOg8ZK5seXzGobQTzAedb9UhtUc
9PGs3HTcKbutme6vqhPScKE1sZdB9wpUQazptPueq84G02zfk53pqLwvWnpfYtsl
M906D8lx9F9pcLDhj3Hapj7I2Nt/n5Qdf2wg0zjXzxkd5A+SeR32+3H4FiWt6qUd
5avoPgGe9Ra3augkMpkBtkucxBM8jKL3k+3NnBeEgF9f/YqEqD78FvW+9bdtO45s
EZ3/ui/TAeGNLWihQS742Uqce18CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSsFXtR
6CIsa/+mxhoI0IBGA93awzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmRkMzM1NjItMjY1My00NTQ5LTg0ZGMtMjVmOTZhYTEwYTgzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CEA
MA0GCSqGSIb3DQEBCwUAA4IBAQBG2OqyKB9QrVj6zrOXTx9N/etFLIFQQndw1k69
p6JVMfeVQX4uyBnISJTiz71Ol5aekqEIoklm/Qgva7a2h8UMyFpNo33VAdqSGVXs
iyX71NYaZaWIcpRSuCYlQ11MGmsPfErVXQUPENp6x4KHbwryVK04E+ESN1ZMnxBW
0E4ShJt5+rGeTVPgfqRZFPdR+Gkled32eNKpOtDtRcrhixGySYOSVIMUiOIEz7s/
sA/np0u0sSIXZVwF9UzhOY1cT8DEt17K969IEfeMIasx1bAkjLfUh+KB/UPCSU8p
AxIEAFuGWGOX8kDYSe7KvZbvFHrGZRp1R2y47+qbkQ9X2XZk
-----END CERTIFICATE-----
Generated at Thu Jul 18 02:12:24 2024 by rpki-client on console-fra.rpki-client.org