Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cc8b5e2d-b0f1-4159-899a-3f32cb08a825.roa
File:                     cc8b5e2d-b0f1-4159-899a-3f32cb08a825.roa (raw, json)
Hash identifier:          BoFzL1GLJ8ZAVCYCyvcAA7Xqi1hCXCGTIXVNVDhoGNM=
Subject key identifier:   0B:F3:46:60:26:FC:CD:D1:2B:6A:BE:30:96:09:76:07:EC:23:FF:D8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       72282403D945D1243115D6AE0AED6484AD90D686
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cc8b5e2d-b0f1-4159-899a-3f32cb08a825.roa
Signing time:             Mon 04 Mar 2024 00:00:00 +0000
ROA not before:           Mon 04 Mar 2024 00:00:00 +0000
ROA not after:            Mon 08 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d019::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:28:24:03:d9:45:d1:24:31:15:d6:ae:0a:ed:64:84:ad:90:d6:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  4 00:00:00 2024 GMT
            Not After : Apr  8 23:59:59 2024 GMT
        Subject: serialNumber=9c141ba8de294632550081cfe3af50b40a688a9a083918ebe3cbf754bedc300a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ca:5e:bf:24:39:c3:52:9d:f3:44:c5:78:50:
                    87:9f:90:af:7d:fa:30:e5:0e:55:ec:bc:1a:a8:9a:
                    8f:b2:ee:9e:65:b4:4a:e2:4a:d1:8c:db:90:50:c7:
                    b8:e4:42:94:11:6b:e4:57:3a:2b:cd:34:9a:26:aa:
                    36:4f:9f:5e:4b:3d:77:0e:90:dc:b6:dd:b0:ad:00:
                    90:54:b1:75:44:23:18:cc:a2:73:ca:99:77:8d:dc:
                    0a:fc:9f:12:94:9c:bf:af:33:c0:1d:0f:7e:8c:d0:
                    69:51:86:f4:c8:f9:0c:dc:9b:13:a1:14:61:3f:fc:
                    aa:dc:34:75:74:42:79:17:38:ef:3e:37:4d:d7:15:
                    a8:25:c3:16:c4:8b:cc:ed:2d:29:51:79:d2:ff:89:
                    8b:87:40:48:92:e9:20:fc:7e:b9:ba:6b:db:b0:04:
                    17:41:53:eb:ba:dc:20:f3:41:1f:ff:f5:c6:26:39:
                    45:93:e5:69:f4:cb:81:5c:ee:dd:98:a7:d1:96:f6:
                    05:1e:9f:16:11:9f:d8:1b:fa:ac:cb:9c:bb:97:fc:
                    2e:0c:73:5d:1a:63:c0:52:7a:1c:77:6f:d6:27:d7:
                    6d:08:3a:b2:ed:92:2c:4a:4a:ce:7c:d6:93:b3:b1:
                    67:be:ad:44:1e:05:39:57:f8:75:c0:11:04:b6:84:
                    22:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:F3:46:60:26:FC:CD:D1:2B:6A:BE:30:96:09:76:07:EC:23:FF:D8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cc8b5e2d-b0f1-4159-899a-3f32cb08a825.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d019::/36

    Signature Algorithm: sha256WithRSAEncryption
         28:d7:c2:82:46:8c:74:05:ed:e8:8f:07:ed:bd:98:0d:b3:6b:
         23:93:76:59:0f:9b:d9:99:16:41:d7:15:ee:58:21:b1:af:ed:
         c7:d1:81:8b:a9:96:92:9d:1a:de:8d:5d:ae:b2:0e:1f:93:7e:
         d9:c2:07:08:aa:b2:a1:30:dc:3c:b6:8d:8c:1b:87:e8:63:fe:
         39:d7:1b:54:3c:a0:45:ca:2c:81:51:2e:8b:69:97:27:0a:6f:
         50:15:e8:10:70:cd:a2:be:17:8a:33:f3:3b:94:ec:6f:7a:9a:
         91:91:7e:95:07:01:74:1d:55:65:92:3d:37:9f:1a:e9:d5:89:
         ad:f1:a6:da:03:80:ad:8b:04:0f:05:e0:bb:e6:b2:28:17:53:
         83:0a:09:ee:82:90:05:fe:3a:98:fd:32:9d:36:23:99:af:1b:
         d9:b7:4e:3f:6f:de:6a:76:d0:6f:88:f5:a5:3f:45:c6:ed:a4:
         6d:8a:de:5b:ad:1e:95:40:41:09:4c:af:64:60:11:26:79:12:
         bc:48:3f:ab:0d:1d:03:ae:15:cc:f6:3e:e5:ec:a1:05:2c:32:
         c3:35:00:47:3b:2a:df:39:ea:2c:b4:95:a8:87:64:a8:fa:3d:
         35:52:e3:70:f0:27:5e:4e:64:de:ad:20:09:8e:3e:a9:b8:a6:
         00:9a:42:94
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcigkA9lF0SQxFdauCu1khK2Q1oYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDQwMDAwMDBaFw0yNDA0MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQDljMTQxYmE4ZGUyOTQ2MzI1NTAwODFjZmUzYWY1MGI0MGE2ODhhOWEwODM5
MThlYmUzY2JmNzU0YmVkYzMwMGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLKXr8kOcNSnfNExXhQh5+Qr336MOUOVey8Gqiaj7LunmW0SuJK0YzbkFDH
uORClBFr5Fc6K800miaqNk+fXks9dw6Q3LbdsK0AkFSxdUQjGMyic8qZd43cCvyf
EpScv68zwB0PfozQaVGG9Mj5DNybE6EUYT/8qtw0dXRCeRc47z43TdcVqCXDFsSL
zO0tKVF50v+Ji4dASJLpIPx+ubpr27AEF0FT67rcIPNBH//1xiY5RZPlafTLgVzu
3Zin0Zb2BR6fFhGf2Bv6rMucu5f8LgxzXRpjwFJ6HHdv1ifXbQg6su2SLEpKznzW
k7OxZ76tRB4FOVf4dcARBLaEIh8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQL80Zg
JvzN0StqvjCWCXYH7CP/2DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2M4YjVlMmQtYjBmMS00MTU5LTg5OWEtM2YzMmNiMDhhODI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BkA
MA0GCSqGSIb3DQEBCwUAA4IBAQAo18KCRox0Be3ojwftvZgNs2sjk3ZZD5vZmRZB
1xXuWCGxr+3H0YGLqZaSnRrejV2usg4fk37ZwgcIqrKhMNw8to2MG4foY/451xtU
PKBFyiyBUS6LaZcnCm9QFegQcM2ivheKM/M7lOxvepqRkX6VBwF0HVVlkj03nxrp
1Ymt8abaA4CtiwQPBeC75rIoF1ODCgnugpAF/jqY/TKdNiOZrxvZt04/b95qdtBv
iPWlP0XG7aRtit5brR6VQEEJTK9kYBEmeRK8SD+rDR0DrhXM9j7l7KEFLDLDNQBH
OyrfOeostJWoh2So+j01UuNw8CdeTmTerSAJjj6puKYAmkKU
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:43 2024 by rpki-client on console-ams.rpki-client.org