Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2f218f6-1edd-4d3d-a03c-7d9a289fe4a8.roa
File:                     c2f218f6-1edd-4d3d-a03c-7d9a289fe4a8.roa (raw, json)
Hash identifier:          K5MW+QJ6hXeMCjEsqnsVVX/ocfS9TXt6epuZdokD7UA=
Subject key identifier:   31:99:CF:E3:4C:F5:06:6D:76:5E:4E:E9:67:EE:DB:D8:B3:73:2F:1B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4C9AC0CD0CE1BD314CFAC4FC07081E8548834E32
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2f218f6-1edd-4d3d-a03c-7d9a289fe4a8.roa
Signing time:             Tue 19 Nov 2024 00:00:00 +0000
ROA not before:           Tue 19 Nov 2024 00:00:00 +0000
ROA not after:            Tue 24 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Dec 2024 15:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:9a:c0:cd:0c:e1:bd:31:4c:fa:c4:fc:07:08:1e:85:48:83:4e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Nov 19 00:00:00 2024 GMT
            Not After : Dec 24 23:59:59 2024 GMT
        Subject: serialNumber=35aa7363a064d34f4e35450c6139099309c2edb4feaccaed4645ef4608959603, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c5:2e:73:d8:18:cc:91:a4:e2:82:29:0e:e7:
                    38:9f:9e:d1:e3:28:60:fd:f8:d5:1f:14:6c:a0:5a:
                    e6:68:07:fc:d6:41:d9:85:a0:d8:26:96:5d:93:f6:
                    83:21:d0:52:1f:5a:0d:ee:3d:47:88:7b:36:56:17:
                    4b:c4:bb:e3:fe:12:85:2f:30:b7:04:40:90:19:8d:
                    2b:36:fe:5e:64:39:56:45:53:37:5d:a3:36:2e:5d:
                    d8:da:41:ad:05:d2:18:d7:77:e9:1d:2a:f3:87:48:
                    36:80:b2:91:64:62:25:02:2c:9c:c8:76:01:62:7a:
                    81:2f:10:e1:67:53:18:fb:ec:91:6b:5a:34:6f:d4:
                    50:c2:0d:0a:48:d8:48:2c:db:0f:fd:f8:c3:07:dc:
                    bc:b9:f0:94:29:8c:3d:07:20:68:09:b0:fc:f5:ea:
                    5a:c5:76:4b:8a:a1:1e:2d:9d:4d:01:6d:81:10:1d:
                    35:4c:bd:91:6c:48:69:40:1d:c1:83:49:2e:4d:a8:
                    5e:c5:c8:12:90:6e:6a:d8:19:a3:1c:ef:7e:5d:82:
                    99:92:fb:c7:4d:f7:fb:db:3a:9d:55:79:30:ba:ef:
                    02:27:47:50:c3:22:86:52:d6:83:a4:7b:f9:08:e9:
                    22:50:fa:3c:0c:95:76:ad:90:e3:90:82:1f:e1:9b:
                    ce:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:99:CF:E3:4C:F5:06:6D:76:5E:4E:E9:67:EE:DB:D8:B3:73:2F:1B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2f218f6-1edd-4d3d-a03c-7d9a289fe4a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         95:fa:53:e6:a4:97:56:4c:53:22:22:f9:0e:18:b4:ec:07:66:
         c8:90:cd:41:d6:89:ca:15:5a:ab:38:a9:1b:0f:b6:ac:74:5f:
         93:c8:52:0d:7e:9c:70:47:29:e8:77:84:0c:1c:28:23:fa:4b:
         cb:19:e1:07:3c:36:a2:24:4b:74:2b:f3:d4:83:66:29:13:c9:
         db:4b:ac:44:ff:c4:96:99:8c:ff:4d:a9:0d:cf:e1:bf:ec:45:
         6a:8d:20:1a:42:0f:86:9c:b9:58:a5:7c:cc:92:40:95:34:b4:
         ea:ec:f5:ae:d8:cb:87:f9:e4:99:69:75:b8:d6:98:03:aa:80:
         34:59:d0:c0:49:93:8a:f2:5e:54:4f:2f:2f:20:51:80:ce:2e:
         42:cc:0a:00:a6:1e:9d:59:bf:9b:e6:4c:aa:6d:33:15:41:c4:
         af:43:41:21:7b:15:3c:c6:1f:6a:e3:cf:8b:bc:6f:f8:6e:61:
         12:f2:55:cf:48:7c:8a:0f:75:a4:d3:4c:ef:b9:66:04:15:a5:
         0e:39:ca:17:7c:9d:a9:aa:d4:ef:77:44:24:28:8e:26:07:59:
         32:3c:8e:8b:cd:9e:42:af:6d:87:fa:c2:fa:4b:08:23:b8:b2:
         9e:a2:fe:b8:a9:b7:4e:ce:d7:87:a5:5d:44:c0:4e:94:87:b6:
         dd:c2:04:ef
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUTJrAzQzhvTFM+sT8BwgehUiDTjIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDExMTkwMDAwMDBaFw0yNDEyMjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1YWE3MzYzYTA2NGQzNGY0ZTM1NDUwYzYxMzkwOTkzMDljMmVkYjRmZWFj
Y2FlZDQ2NDVlZjQ2MDg5NTk2MDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN/FLnPYGMyRpOKCKQ7nOJ+e0eMoYP341R8UbKBa5mgH/NZB2YWg2CaWXZP2
gyHQUh9aDe49R4h7NlYXS8S74/4ShS8wtwRAkBmNKzb+XmQ5VkVTN12jNi5d2NpB
rQXSGNd36R0q84dINoCykWRiJQIsnMh2AWJ6gS8Q4WdTGPvskWtaNG/UUMINCkjY
SCzbD/34wwfcvLnwlCmMPQcgaAmw/PXqWsV2S4qhHi2dTQFtgRAdNUy9kWxIaUAd
wYNJLk2oXsXIEpBuatgZoxzvfl2CmZL7x033+9s6nVV5MLrvAidHUMMihlLWg6R7
+QjpIlD6PAyVdq2Q45CCH+GbzlsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQxmc/j
TPUGbXZeTuln7tvYs3MvGzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzJmMjE4ZjYtMWVkZC00ZDNkLWEwM2MtN2Q5YTI4OWZlNGE4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDALAiMA0G
CSqGSIb3DQEBCwUAA4IBAQCV+lPmpJdWTFMiIvkOGLTsB2bIkM1B1onKFVqrOKkb
D7asdF+TyFINfpxwRynod4QMHCgj+kvLGeEHPDaiJEt0K/PUg2YpE8nbS6xE/8SW
mYz/TakNz+G/7EVqjSAaQg+GnLlYpXzMkkCVNLTq7PWu2MuH+eSZaXW41pgDqoA0
WdDASZOK8l5UTy8vIFGAzi5CzAoAph6dWb+b5kyqbTMVQcSvQ0EhexU8xh9q48+L
vG/4bmES8lXPSHyKD3Wk00zvuWYEFaUOOcoXfJ2pqtTvd0QkKI4mB1kyPI6LzZ5C
r22H+sL6SwgjuLKeov64qbdOzteHpV1EwE6Uh7bdwgTv
-----END CERTIFICATE-----
Generated at Wed Dec 4 22:56:28 2024 by rpki-client on console-ams.rpki-client.org