Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c39dd71c-f22c-4bb4-9c6f-dfc8c6a02ffd.roa
File:                     c39dd71c-f22c-4bb4-9c6f-dfc8c6a02ffd.roa (raw, json)
Hash identifier:          lbEdqlwrxmd9Zc03SN1PCDBYGEWfiBX0KnG/c2RxuOA=
Subject key identifier:   4C:86:42:F6:63:EA:A8:3B:B6:8B:02:91:4A:0E:D1:91:B1:52:88:70
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2A0B6ABBDC19EB60EDE6327D159BD6C6DE263B7C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c39dd71c-f22c-4bb4-9c6f-dfc8c6a02ffd.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:0b:6a:bb:dc:19:eb:60:ed:e6:32:7d:15:9b:d6:c6:de:26:3b:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=1b5045d91cb8ef30a1d0948d5270c392f08307a4b144bab988e4768b80da412a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c2:9e:9a:18:be:77:a0:e5:54:18:e9:ed:ed:
                    e5:72:ca:77:63:07:3e:4c:c6:6d:ca:6f:46:0a:78:
                    ce:6b:e2:95:dd:ac:03:68:0b:6f:e1:3f:dd:e2:77:
                    fc:3f:2f:46:cc:31:45:0f:66:82:9e:af:2f:c0:a9:
                    87:0a:99:cf:6c:81:5e:8b:14:27:4d:3f:b8:25:94:
                    95:18:5c:08:72:73:f0:a4:a8:6f:6b:56:0b:1e:ee:
                    15:bb:fa:6e:7d:19:f9:a2:ec:86:d3:f7:27:d0:63:
                    35:03:36:6e:70:07:e1:28:f1:a6:6f:15:d8:0b:18:
                    6f:47:c9:45:0a:87:9f:ba:5d:e7:cb:1f:9e:db:ad:
                    84:b7:40:07:e3:0d:24:aa:b6:d4:81:59:47:db:14:
                    ee:47:76:25:b5:6d:c8:9f:76:cd:68:d4:f4:3c:16:
                    22:c3:dd:fe:c1:45:87:7a:ab:36:bf:4b:26:00:99:
                    89:43:17:b9:ae:04:d3:50:27:9e:a9:71:ff:6d:87:
                    82:14:66:23:96:71:58:b0:fe:37:3c:eb:b6:26:e7:
                    4e:75:99:64:91:4f:66:88:e1:6b:60:53:5a:b3:d0:
                    fc:7e:28:06:22:27:63:ce:7e:4c:a5:3f:64:91:23:
                    d8:b3:67:35:02:c1:be:10:78:f4:a4:4c:6b:16:5a:
                    17:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:86:42:F6:63:EA:A8:3B:B6:8B:02:91:4A:0E:D1:91:B1:52:88:70
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c39dd71c-f22c-4bb4-9c6f-dfc8c6a02ffd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c3:07:3d:b0:8c:8f:b5:fb:22:0b:c7:64:98:21:98:d6:cf:b1:
         a8:43:4f:44:31:ad:93:a3:08:4c:cd:4c:2e:9b:44:04:f5:57:
         4b:02:d5:e8:c3:14:1c:bb:c0:0f:f7:19:40:33:70:e2:f4:40:
         fb:b1:7c:55:8b:cc:44:90:0c:ba:09:a2:3a:60:33:91:80:8c:
         cc:91:43:57:83:47:18:7e:b7:2a:f3:b3:e8:1e:a2:2d:30:79:
         54:9c:5d:49:99:fd:7b:ad:9a:92:60:51:d7:db:8f:13:21:00:
         fe:28:fa:39:d0:03:c9:63:a1:4a:31:00:6d:89:b0:51:13:d2:
         5a:ae:af:50:4a:08:c9:57:c1:c9:97:16:29:38:d8:e6:e8:fe:
         ad:a5:83:a9:a2:cd:16:89:8a:3f:ad:1e:e8:10:2c:de:bf:0e:
         32:8e:28:1f:fa:39:8c:5c:3b:57:5d:6f:f0:64:d6:da:fd:3d:
         84:dc:80:43:d2:50:5d:65:f0:0e:a4:30:c1:69:02:96:3a:a0:
         dd:25:c0:bf:13:4b:02:a3:f9:1f:9f:68:97:eb:62:a9:66:7a:
         ce:00:e5:a2:80:e2:bb:4f:b3:83:72:1f:b5:fd:83:b9:8f:ed:
         50:3b:bc:b7:e2:27:7e:29:99:ba:b2:71:9b:ac:f3:41:c3:aa:
         2e:ba:a5:6f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKgtqu9wZ62Dt5jJ9FZvWxt4mO3wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiNTA0NWQ5MWNiOGVmMzBhMWQwOTQ4ZDUyNzBjMzkyZjA4MzA3YTRiMTQ0
YmFiOTg4ZTQ3NjhiODBkYTQxMmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7CnpoYvneg5VQY6e3t5XLKd2MHPkzGbcpvRgp4zmvild2sA2gLb+E/3eJ3
/D8vRswxRQ9mgp6vL8CphwqZz2yBXosUJ00/uCWUlRhcCHJz8KSob2tWCx7uFbv6
bn0Z+aLshtP3J9BjNQM2bnAH4Sjxpm8V2AsYb0fJRQqHn7pd58sfntuthLdAB+MN
JKq21IFZR9sU7kd2JbVtyJ92zWjU9DwWIsPd/sFFh3qrNr9LJgCZiUMXua4E01An
nqlx/22HghRmI5ZxWLD+NzzrtibnTnWZZJFPZojha2BTWrPQ/H4oBiInY85+TKU/
ZJEj2LNnNQLBvhB49KRMaxZaF6sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRMhkL2
Y+qoO7aLApFKDtGRsVKIcDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzM5ZGQ3MWMtZjIyYy00YmI0LTljNmYtZGZjOGM2YTAyZmZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H6g
MA0GCSqGSIb3DQEBCwUAA4IBAQDDBz2wjI+1+yILx2SYIZjWz7GoQ09EMa2TowhM
zUwum0QE9VdLAtXowxQcu8AP9xlAM3Di9ED7sXxVi8xEkAy6CaI6YDORgIzMkUNX
g0cYfrcq87PoHqItMHlUnF1Jmf17rZqSYFHX248TIQD+KPo50APJY6FKMQBtibBR
E9Jarq9QSgjJV8HJlxYpONjm6P6tpYOpos0WiYo/rR7oECzevw4yjigf+jmMXDtX
XW/wZNba/T2E3IBD0lBdZfAOpDDBaQKWOqDdJcC/E0sCo/kfn2iX62KpZnrOAOWi
gOK7T7ODch+1/YO5j+1QO7y34id+KZm6snGbrPNBw6ouuqVv
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:43 2024 by rpki-client on console-ams.rpki-client.org