Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dbcb975b-22d4-4912-ae03-ce7b0158c404.roa
File:                     dbcb975b-22d4-4912-ae03-ce7b0158c404.roa (raw, json)
Hash identifier:          uYN9BLIG5nYOuYRd39E+8AfZanFjdqXw8m5u2OCq2pU=
Subject key identifier:   9D:4E:56:5E:6B:E9:0F:EE:88:84:6D:4F:09:34:06:E4:39:AF:D5:08
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       35530862C86C849BD1FACA40EE19AA23A7F7EDB6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dbcb975b-22d4-4912-ae03-ce7b0158c404.roa
Signing time:             Sat 23 Mar 2024 00:00:00 +0000
ROA not before:           Sat 23 Mar 2024 00:00:00 +0000
ROA not after:            Sat 27 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        185.48.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:53:08:62:c8:6c:84:9b:d1:fa:ca:40:ee:19:aa:23:a7:f7:ed:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 23 00:00:00 2024 GMT
            Not After : Apr 27 23:59:59 2024 GMT
        Subject: serialNumber=7f17f6dba759c4037b51ad05cc3481e7c3cf8ba96e943f9fc55c24757d574b0c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:16:d3:5d:ef:80:ff:22:4d:03:b0:a0:7e:00:
                    8a:5c:e5:13:31:4e:26:02:fe:d3:32:44:7e:4c:1d:
                    05:bc:4b:0b:20:32:e9:5f:77:6e:9e:57:63:71:a9:
                    0e:19:49:7a:4d:44:94:3b:7d:a7:c9:dd:7c:45:45:
                    3f:72:84:f8:b4:d9:21:2e:a0:26:e8:49:5e:98:67:
                    68:e5:22:09:dd:ef:1e:03:9b:4d:11:54:1f:ad:fa:
                    84:31:e8:4e:38:b3:33:24:38:0c:d4:83:79:a9:88:
                    51:2d:de:bd:ac:07:07:5b:b0:b7:69:11:d4:a3:94:
                    51:75:e5:f3:94:a6:55:d1:95:86:39:3f:f3:c2:51:
                    b8:64:26:92:68:35:c3:6c:a3:56:76:a2:48:e7:71:
                    be:91:65:fe:81:a7:12:4d:57:99:1c:36:6a:c8:87:
                    b2:24:8a:b4:d8:80:4b:88:f4:5c:82:ac:bf:e7:90:
                    1b:f0:e4:2d:62:3d:ee:52:69:d5:6c:97:8e:d2:43:
                    1e:2f:33:a6:5a:9e:c3:0f:77:13:ca:ee:16:6f:34:
                    16:68:3a:3f:ab:43:6f:16:96:82:2e:66:47:7a:4e:
                    2a:ff:55:07:31:8f:3c:95:24:c0:a1:ce:85:59:ca:
                    1f:79:6a:ee:c3:f0:bc:33:6c:4b:5a:66:81:1f:fe:
                    fe:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:4E:56:5E:6B:E9:0F:EE:88:84:6D:4F:09:34:06:E4:39:AF:D5:08
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dbcb975b-22d4-4912-ae03-ce7b0158c404.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:fc:67:12:d4:d4:69:f4:7f:c1:1c:e9:82:c7:5c:bd:1b:12:
         17:9e:3a:70:83:c0:28:d7:7e:a0:8a:c7:16:ca:44:1c:b5:a3:
         55:63:bf:c7:9a:64:de:f4:69:34:18:76:90:fe:2d:67:aa:ce:
         8f:0a:40:51:82:76:62:a6:94:47:be:d8:17:6e:4d:4f:0a:cb:
         15:3e:6d:09:59:16:70:a5:0c:c2:1b:fd:e5:00:bf:35:fc:a0:
         3a:0f:33:c0:f7:f0:80:00:a4:a9:82:c4:87:66:2d:b5:fa:56:
         f1:7c:98:11:43:17:bb:c6:b2:22:4a:bd:45:1c:e8:10:f7:96:
         b4:02:52:6e:a6:7b:aa:13:9b:45:4e:8f:3a:47:69:db:11:a9:
         b4:6c:9c:1c:96:61:1c:02:97:0c:5f:3f:76:8e:45:f8:f5:cb:
         e0:cd:ce:a5:c5:63:84:20:27:b1:67:92:2f:48:58:7e:69:53:
         1d:03:74:09:d6:43:f7:e7:50:fa:8a:00:a1:ec:e9:f6:53:b1:
         06:36:4f:a2:2e:b3:f4:5c:48:f5:92:85:8d:33:3b:e2:67:95:
         9c:ee:cd:07:f5:71:95:9d:d9:08:03:57:04:f9:cc:be:80:3c:
         5c:5e:40:51:fa:8e:0e:35:a4:9a:00:03:f5:4d:2c:8c:d5:0f:
         29:2c:7d:5f
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUNVMIYshshJvR+spA7hmqI6f37bYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMjMwMDAwMDBaFw0yNDA0MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDdmMTdmNmRiYTc1OWM0MDM3YjUxYWQwNWNjMzQ4MWU3YzNjZjhiYTk2ZTk0
M2Y5ZmM1NWMyNDc1N2Q1NzRiMGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKEW013vgP8iTQOwoH4AilzlEzFOJgL+0zJEfkwdBbxLCyAy6V93bp5XY3Gp
DhlJek1ElDt9p8ndfEVFP3KE+LTZIS6gJuhJXphnaOUiCd3vHgObTRFUH636hDHo
TjizMyQ4DNSDeamIUS3evawHB1uwt2kR1KOUUXXl85SmVdGVhjk/88JRuGQmkmg1
w2yjVnaiSOdxvpFl/oGnEk1XmRw2asiHsiSKtNiAS4j0XIKsv+eQG/DkLWI97lJp
1WyXjtJDHi8zplqeww93E8ruFm80Fmg6P6tDbxaWgi5mR3pOKv9VBzGPPJUkwKHO
hVnKH3lq7sPwvDNsS1pmgR/+/iECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSdTlZe
a+kP7oiEbU8JNAbkOa/VCDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGJjYjk3NWItMjJkNC00OTEyLWFlMDMtY2U3YjAxNThjNDA0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArkweDAN
BgkqhkiG9w0BAQsFAAOCAQEAYfxnEtTUafR/wRzpgsdcvRsSF546cIPAKNd+oIrH
FspEHLWjVWO/x5pk3vRpNBh2kP4tZ6rOjwpAUYJ2YqaUR77YF25NTwrLFT5tCVkW
cKUMwhv95QC/NfygOg8zwPfwgACkqYLEh2YttfpW8XyYEUMXu8ayIkq9RRzoEPeW
tAJSbqZ7qhObRU6POkdp2xGptGycHJZhHAKXDF8/do5F+PXL4M3OpcVjhCAnsWeS
L0hYfmlTHQN0CdZD9+dQ+ooAoezp9lOxBjZPoi6z9FxI9ZKFjTM74meVnO7NB/Vx
lZ3ZCANXBPnMvoA8XF5AUfqODjWkmgAD9U0sjNUPKSx9Xw==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:31 2024 by rpki-client on console-ams.rpki-client.org