Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c9a8b3ef-477f-4e5e-abfc-7ed9a7d6c194.roa
File:                     c9a8b3ef-477f-4e5e-abfc-7ed9a7d6c194.roa (raw, json)
Hash identifier:          n/VJo+lTQmne7xZFmYoy/ATfAZ8En9bnutgkVLm57pY=
Subject key identifier:   37:1B:55:DA:4E:65:BA:DE:B2:25:E3:A1:39:64:0D:F0:35:6D:27:66
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7D9D2B8F78551199BD7227FF4BA4A924C15DDB35
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c9a8b3ef-477f-4e5e-abfc-7ed9a7d6c194.roa
Signing time:             Fri 25 Oct 2024 00:00:00 +0000
ROA not before:           Fri 25 Oct 2024 00:00:00 +0000
ROA not after:            Fri 29 Nov 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Nov 2024 15:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:9d:2b:8f:78:55:11:99:bd:72:27:ff:4b:a4:a9:24:c1:5d:db:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 25 00:00:00 2024 GMT
            Not After : Nov 29 23:59:59 2024 GMT
        Subject: serialNumber=d07a0ff062ff72a739d9fc9b213036748582b4728f896c41b3eceb4d6ee2d30b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f0:16:05:d9:7b:0b:fc:5b:ce:4b:2e:bf:87:
                    94:ba:b0:73:c2:ed:be:78:5a:9b:13:07:1a:d7:70:
                    53:76:ca:4b:eb:55:5e:8c:b3:ac:8c:ab:4f:b4:f4:
                    e5:fb:0d:28:dd:9d:2e:66:57:fa:8a:6a:4c:3a:3e:
                    39:1e:c8:c8:4a:d3:9e:7d:e2:a1:7b:a7:dc:e9:c4:
                    79:1b:b3:dc:5e:17:a3:fd:7a:36:4f:33:63:87:10:
                    0d:98:85:6a:b8:82:a6:cf:33:67:a9:ed:3c:49:91:
                    55:a8:2f:f3:58:1f:77:fe:bd:31:f8:15:03:14:19:
                    95:bc:5c:5b:8e:68:a2:2f:af:9b:6a:01:e2:d2:cf:
                    bd:8e:d6:15:c8:90:c2:49:35:9d:b8:f9:d6:0a:27:
                    4d:62:e1:72:87:cb:31:36:30:08:02:a0:ed:f8:43:
                    ad:19:42:d2:a3:23:41:1c:8b:1a:f7:12:79:ca:cc:
                    78:27:5f:79:fd:13:0f:41:40:e9:ef:83:da:0e:3d:
                    e8:43:ac:61:22:1e:80:1d:c6:9f:e8:31:9c:fa:80:
                    e9:d2:a3:f4:53:a5:4b:ff:06:7b:b7:8d:79:0c:f5:
                    ba:17:de:01:c1:ae:a7:a3:4b:59:35:06:e5:59:a9:
                    d2:76:f7:ed:47:31:ea:52:c1:36:24:c3:6c:5d:a3:
                    b7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:1B:55:DA:4E:65:BA:DE:B2:25:E3:A1:39:64:0D:F0:35:6D:27:66
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c9a8b3ef-477f-4e5e-abfc-7ed9a7d6c194.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:44:53:cb:d9:99:36:67:b2:31:27:03:31:c0:bf:a1:3c:0d:
         b5:0a:12:64:22:9b:bb:a8:22:a3:46:98:ba:1d:8f:1a:43:8d:
         0d:f7:79:f8:3b:54:1a:ed:3e:35:73:30:c2:a8:cd:af:f0:74:
         9f:63:b4:ba:17:bb:fc:64:3a:d5:dd:e4:7a:86:d6:d0:37:30:
         13:ba:73:5a:5f:59:83:4c:45:21:46:00:f9:38:f0:5f:bd:0a:
         ff:87:7e:d5:54:29:61:91:a9:8a:31:23:06:de:39:4a:a9:64:
         24:50:1c:dd:6f:61:5a:3b:46:af:67:d2:b0:78:60:83:c7:cd:
         20:a9:b2:2d:c6:61:59:fb:ea:cf:31:94:04:67:33:eb:47:35:
         f0:e7:3f:a0:9b:05:76:dc:30:48:e9:0b:58:ad:7c:e1:9e:c2:
         65:e2:3c:49:7b:02:20:3d:6a:dd:dd:c7:ee:98:e9:20:35:f7:
         83:fb:f9:cf:8f:92:52:96:e6:69:0b:32:24:4a:4f:c1:da:0b:
         04:b2:12:c5:b5:bb:3c:7a:7a:11:91:59:39:ab:14:5a:b7:79:
         05:ae:97:74:3e:94:b4:26:35:88:c4:4c:23:ee:63:9f:c6:78:
         f5:bd:d3:7a:2d:4d:41:88:3d:7d:48:03:00:db:20:cd:6f:ff:
         0e:51:2c:e8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfZ0rj3hVEZm9cif/S6SpJMFd2zUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDEwMjUwMDAwMDBaFw0yNDExMjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGQwN2EwZmYwNjJmZjcyYTczOWQ5ZmM5YjIxMzAzNjc0ODU4MmI0NzI4Zjg5
NmM0MWIzZWNlYjRkNmVlMmQzMGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKHwFgXZewv8W85LLr+HlLqwc8LtvnhamxMHGtdwU3bKS+tVXoyzrIyrT7T0
5fsNKN2dLmZX+opqTDo+OR7IyErTnn3ioXun3OnEeRuz3F4Xo/16Nk8zY4cQDZiF
ariCps8zZ6ntPEmRVagv81gfd/69MfgVAxQZlbxcW45ooi+vm2oB4tLPvY7WFciQ
wkk1nbj51gonTWLhcofLMTYwCAKg7fhDrRlC0qMjQRyLGvcSecrMeCdfef0TD0FA
6e+D2g496EOsYSIegB3Gn+gxnPqA6dKj9FOlS/8Ge7eNeQz1uhfeAcGup6NLWTUG
5Vmp0nb37Ucx6lLBNiTDbF2jty0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ3G1Xa
TmW63rIl46E5ZA3wNW0nZjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzlhOGIzZWYtNDc3Zi00ZTVlLWFiZmMtN2VkOWE3ZDZjMTk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H9g
MA0GCSqGSIb3DQEBCwUAA4IBAQCLRFPL2Zk2Z7IxJwMxwL+hPA21ChJkIpu7qCKj
Rpi6HY8aQ40N93n4O1Qa7T41czDCqM2v8HSfY7S6F7v8ZDrV3eR6htbQNzATunNa
X1mDTEUhRgD5OPBfvQr/h37VVClhkamKMSMG3jlKqWQkUBzdb2FaO0avZ9KweGCD
x80gqbItxmFZ++rPMZQEZzPrRzXw5z+gmwV23DBI6QtYrXzhnsJl4jxJewIgPWrd
3cfumOkgNfeD+/nPj5JSluZpCzIkSk/B2gsEshLFtbs8enoRkVk5qxRat3kFrpd0
PpS0JjWIxEwj7mOfxnj1vdN6LU1BiD19SAMA2yDNb/8OUSzo
-----END CERTIFICATE-----
Generated at Tue Nov 12 17:56:20 2024 by rpki-client on console-ams.rpki-client.org