Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caf40866-a0b4-4882-b28e-32602ae3e0df.roa
File:                     caf40866-a0b4-4882-b28e-32602ae3e0df.roa (raw, json)
Hash identifier:          5iMGjynyvw5Rw2EeBbDPl9KzEMKwEnNnJytPBhCwDBs=
Subject key identifier:   7F:80:A8:A2:C0:A4:20:76:84:1B:1A:B2:B6:EC:18:A3:33:F0:24:19
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       55E9AED059E397500E26BC9B6A13B020C85AE2D7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caf40866-a0b4-4882-b28e-32602ae3e0df.roa
Signing time:             Fri 29 Mar 2024 00:00:00 +0000
ROA not before:           Fri 29 Mar 2024 00:00:00 +0000
ROA not after:            Fri 03 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:e9:ae:d0:59:e3:97:50:0e:26:bc:9b:6a:13:b0:20:c8:5a:e2:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 29 00:00:00 2024 GMT
            Not After : May  3 23:59:59 2024 GMT
        Subject: serialNumber=959dc67dd77a56fead036a4a991f80ae825b1a87ef989c0eaf51b6de80520d18, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6a:00:93:e8:b9:60:04:84:b1:57:db:46:a5:
                    f2:eb:08:32:50:fd:f4:15:9f:13:34:c9:4f:37:0c:
                    bf:61:43:da:d2:bf:99:45:f6:c4:dd:8a:a5:17:92:
                    b5:60:fc:08:c4:62:49:d7:c1:61:85:aa:db:d8:ea:
                    d9:75:14:05:79:e4:b6:d5:80:7e:f0:71:4a:59:f1:
                    f8:e8:86:ab:48:0b:32:d1:78:22:85:36:42:b1:87:
                    ae:8d:36:57:e9:17:2d:b9:0a:18:54:d0:69:9b:a5:
                    69:1e:53:9d:43:c6:22:af:cb:f7:ed:4c:f9:48:17:
                    4e:58:46:fa:aa:21:41:70:25:b0:b6:01:6d:47:68:
                    d3:09:2d:7b:6c:b2:0e:34:02:91:73:ac:3f:35:38:
                    b8:98:4a:d0:74:1b:66:ce:4b:f9:e7:e2:20:80:66:
                    c0:40:47:c4:44:c6:d8:1e:39:e5:07:77:af:09:0a:
                    56:f1:82:55:2b:08:5f:a7:0d:54:93:84:70:22:08:
                    7e:bc:16:dc:ad:22:98:8d:42:25:dc:95:03:fc:80:
                    8d:c8:67:90:27:e4:d6:d7:47:99:af:58:ac:26:1a:
                    46:a2:fa:20:71:b8:fc:2f:7f:92:18:89:0d:c4:48:
                    e4:ea:bc:17:7e:c0:5e:7b:0d:07:0b:29:f7:5a:97:
                    88:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:80:A8:A2:C0:A4:20:76:84:1B:1A:B2:B6:EC:18:A3:33:F0:24:19
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caf40866-a0b4-4882-b28e-32602ae3e0df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8f:c3:a8:00:58:ec:8c:54:33:54:ab:62:33:27:67:ed:0a:56:
         d8:5f:93:50:a5:ec:20:32:83:37:59:60:e3:c7:41:b7:ba:c8:
         ce:12:6b:0c:09:53:3d:0b:d0:f0:c5:2e:f6:f1:ca:59:83:cb:
         14:73:c0:b3:f7:7e:06:0b:be:99:e9:c0:93:c6:0f:ab:2b:24:
         9c:79:6b:14:28:d3:19:c3:c9:e8:32:01:2f:5f:27:49:1d:eb:
         ef:01:df:bc:76:27:ff:27:4e:d2:33:06:5b:d0:7b:d2:16:01:
         cf:c0:7e:9f:d6:e3:21:49:b3:80:5e:ce:ba:ad:d5:71:16:00:
         75:96:04:02:d5:e8:44:60:e2:8b:78:6a:ba:60:43:8e:ac:b5:
         a7:77:cd:bd:34:83:60:a1:70:71:e4:c8:85:77:7a:59:7b:4c:
         73:1e:03:a0:aa:ab:5f:3a:da:52:00:76:6d:61:9d:54:a0:eb:
         4f:2d:ff:40:43:9c:dc:19:ee:7d:51:40:a1:93:8a:74:40:fb:
         e5:99:04:d7:0b:85:db:e2:15:be:2d:29:42:4b:47:97:83:05:
         43:60:a9:36:bb:50:f2:4d:ae:4a:66:01:99:dd:d7:34:7d:84:
         3d:9f:d7:6e:c7:2b:00:77:40:0a:c3:3f:32:3d:55:bb:d5:bf:
         ff:07:c9:fa
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVemu0Fnjl1AOJrybahOwIMha4tcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMjkwMDAwMDBaFw0yNDA1MDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDk1OWRjNjdkZDc3YTU2ZmVhZDAzNmE0YTk5MWY4MGFlODI1YjFhODdlZjk4
OWMwZWFmNTFiNmRlODA1MjBkMTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKhqAJPouWAEhLFX20al8usIMlD99BWfEzTJTzcMv2FD2tK/mUX2xN2KpReS
tWD8CMRiSdfBYYWq29jq2XUUBXnkttWAfvBxSlnx+OiGq0gLMtF4IoU2QrGHro02
V+kXLbkKGFTQaZulaR5TnUPGIq/L9+1M+UgXTlhG+qohQXAlsLYBbUdo0wkte2yy
DjQCkXOsPzU4uJhK0HQbZs5L+efiIIBmwEBHxETG2B455Qd3rwkKVvGCVSsIX6cN
VJOEcCIIfrwW3K0imI1CJdyVA/yAjchnkCfk1tdHma9YrCYaRqL6IHG4/C9/khiJ
DcRI5Oq8F37AXnsNBwsp91qXiNcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR/gKii
wKQgdoQbGrK27BijM/AkGTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2FmNDA4NjYtYTBiNC00ODgyLWIyOGUtMzI2MDJhZTNlMGRmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FCg
MA0GCSqGSIb3DQEBCwUAA4IBAQCPw6gAWOyMVDNUq2IzJ2ftClbYX5NQpewgMoM3
WWDjx0G3usjOEmsMCVM9C9DwxS728cpZg8sUc8Cz934GC76Z6cCTxg+rKySceWsU
KNMZw8noMgEvXydJHevvAd+8dif/J07SMwZb0HvSFgHPwH6f1uMhSbOAXs66rdVx
FgB1lgQC1ehEYOKLeGq6YEOOrLWnd829NINgoXBx5MiFd3pZe0xzHgOgqqtfOtpS
AHZtYZ1UoOtPLf9AQ5zcGe59UUChk4p0QPvlmQTXC4Xb4hW+LSlCS0eXgwVDYKk2
u1DyTa5KZgGZ3dc0fYQ9n9duxysAd0AKwz8yPVW71b//B8n6
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:24 2024 by rpki-client on console-fra.rpki-client.org