Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bcc124-bcd8-42ec-911f-1b551dceda68.roa
File:                     d7bcc124-bcd8-42ec-911f-1b551dceda68.roa (raw, json)
Hash identifier:          Sns7fcl1TQWEtM6DvOJQqlyOXnUiBdBh36/dHftfneM=
Subject key identifier:   6F:3A:A6:DB:5D:AE:6E:18:A5:DD:08:BD:1B:A2:1F:09:85:FC:2C:1F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       759C11ADE1BAFF7CE23862377A889D01A2D3C92A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bcc124-bcd8-42ec-911f-1b551dceda68.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:9c:11:ad:e1:ba:ff:7c:e2:38:62:37:7a:88:9d:01:a2:d3:c9:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=ce2167890514682de02bfe211f447c5089ec084fe1020dc322d4f8f75c8d6366, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b5:8a:7a:12:01:30:bd:b7:ec:b3:aa:a6:d7:
                    e8:38:10:56:e9:a3:1d:40:7d:04:d7:a9:d6:27:b5:
                    2c:d8:0f:86:17:fb:80:ee:02:ba:50:88:e0:6d:47:
                    a3:dd:7f:09:cb:79:50:d0:82:a1:5c:bc:5b:61:06:
                    7c:6c:c5:f7:44:5e:48:fd:97:23:c7:97:ee:97:2d:
                    73:cb:b4:ea:4c:b1:61:b6:6f:e3:67:b8:78:0e:21:
                    b5:24:48:25:9f:d8:47:b3:b0:73:bf:86:4e:f6:de:
                    da:62:8a:e7:e4:6a:b1:95:cb:1c:cd:39:4c:f0:18:
                    c1:64:b5:dd:74:1c:3c:de:68:1d:d9:c4:47:d1:a9:
                    f6:b6:b0:23:92:00:06:68:dc:65:dc:75:0f:c5:5e:
                    ad:aa:5d:a8:25:d2:c5:cc:e7:d6:f1:7b:6a:69:3a:
                    7c:a5:b3:e4:a3:5d:8a:c9:92:b8:60:c8:dc:05:65:
                    2d:a7:a7:d2:a8:b7:80:e5:91:0e:22:dc:84:98:ac:
                    7f:35:c7:1a:77:b2:9f:47:6f:4c:04:39:35:76:fb:
                    0c:71:82:8e:a8:ef:2d:11:5e:90:45:38:cb:c3:8d:
                    4b:2b:08:9d:f9:01:5a:a3:96:43:94:b6:83:56:a5:
                    50:b3:4f:92:72:bd:58:d4:fa:26:26:45:3b:52:a5:
                    4a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:3A:A6:DB:5D:AE:6E:18:A5:DD:08:BD:1B:A2:1F:09:85:FC:2C:1F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bcc124-bcd8-42ec-911f-1b551dceda68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         72:f3:a7:4b:f1:82:7d:89:f1:9d:61:ad:e4:28:dc:e0:49:56:
         12:cb:70:96:f0:f6:3a:ce:84:6d:57:4a:29:77:88:51:ed:df:
         c1:9e:89:b7:aa:cc:58:fd:91:e1:c1:5f:03:75:95:b9:81:69:
         ae:28:5f:17:a2:1a:24:e1:b0:44:6e:ed:0f:99:02:44:d9:64:
         a7:e6:22:9d:0b:f0:6b:95:de:62:6f:0e:61:6a:b7:11:f2:98:
         4e:3c:02:ae:02:1e:93:70:33:f0:d6:57:64:dd:ee:66:1b:ab:
         4f:d3:21:1d:cc:8b:fa:36:48:d9:5d:c9:67:97:91:8a:db:d3:
         dd:80:a4:92:7e:17:e8:8d:b6:1d:ca:97:b6:3a:54:e3:e8:aa:
         72:c8:17:3f:de:7c:75:fc:e8:40:e9:d9:d4:47:fe:6e:4c:9c:
         c9:85:f4:4d:38:03:b1:81:9d:69:be:8a:98:b6:fe:62:f4:83:
         1d:5c:b0:eb:27:eb:a4:79:e7:79:5b:17:9b:8e:c2:2c:a6:bf:
         81:30:83:8a:b2:ea:c8:f3:d1:d5:54:29:26:1c:ac:5a:2e:45:
         a8:c4:93:b2:ad:79:e7:f0:a4:06:fa:59:0f:c3:8d:ac:5f:36:
         0f:d7:bb:53:49:e7:66:74:4f:02:2f:67:67:3e:a0:df:60:cf:
         1a:26:44:60
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdZwRreG6/3ziOGI3eoidAaLTySowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGNlMjE2Nzg5MDUxNDY4MmRlMDJiZmUyMTFmNDQ3YzUwODllYzA4NGZlMTAy
MGRjMzIyZDRmOGY3NWM4ZDYzNjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOa1inoSATC9t+yzqqbX6DgQVumjHUB9BNep1ie1LNgPhhf7gO4CulCI4G1H
o91/Cct5UNCCoVy8W2EGfGzF90ReSP2XI8eX7pctc8u06kyxYbZv42e4eA4htSRI
JZ/YR7Owc7+GTvbe2mKK5+RqsZXLHM05TPAYwWS13XQcPN5oHdnER9Gp9rawI5IA
BmjcZdx1D8VerapdqCXSxczn1vF7amk6fKWz5KNdismSuGDI3AVlLaen0qi3gOWR
DiLchJisfzXHGneyn0dvTAQ5NXb7DHGCjqjvLRFekEU4y8ONSysInfkBWqOWQ5S2
g1alULNPknK9WNT6JiZFO1KlShUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRvOqbb
Xa5uGKXdCL0boh8JhfwsHzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDdiY2MxMjQtYmNkOC00MmVjLTkxMWYtMWI1NTFkY2VkYTY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H7g
MA0GCSqGSIb3DQEBCwUAA4IBAQBy86dL8YJ9ifGdYa3kKNzgSVYSy3CW8PY6zoRt
V0opd4hR7d/Bnom3qsxY/ZHhwV8DdZW5gWmuKF8Xohok4bBEbu0PmQJE2WSn5iKd
C/Brld5ibw5harcR8phOPAKuAh6TcDPw1ldk3e5mG6tP0yEdzIv6NkjZXclnl5GK
29PdgKSSfhfojbYdype2OlTj6KpyyBc/3nx1/OhA6dnUR/5uTJzJhfRNOAOxgZ1p
voqYtv5i9IMdXLDrJ+ukeed5WxebjsIspr+BMIOKsurI89HVVCkmHKxaLkWoxJOy
rXnn8KQG+lkPw42sXzYP17tTSedmdE8CL2dnPqDfYM8aJkRg
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:24 2024 by rpki-client on console-fra.rpki-client.org