Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dbcb975b-22d4-4912-ae03-ce7b0158c404.roa
File:                     dbcb975b-22d4-4912-ae03-ce7b0158c404.roa (raw, json)
Hash identifier:          o42sbZUSDkz45oliRoFLfVRpFS/f6pvxebk9V6cNph8=
Subject key identifier:   97:71:BD:FF:F4:26:1B:16:3A:44:03:45:91:AB:86:2D:B9:C7:2C:15
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1B8DC5748362627B08A272C4008D384ECB49FE14
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dbcb975b-22d4-4912-ae03-ce7b0158c404.roa
Signing time:             Fri 29 Sep 2023 00:00:00 +0000
ROA not before:           Fri 29 Sep 2023 00:00:00 +0000
ROA not after:            Fri 03 Nov 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        185.48.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Sep 2023 19:20:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:8d:c5:74:83:62:62:7b:08:a2:72:c4:00:8d:38:4e:cb:49:fe:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 29 00:00:00 2023 GMT
            Not After : Nov  3 23:59:59 2023 GMT
        Subject: serialNumber=0ff06ad856b10b89867bd682c9f28f17793b203fd9e4fe5895bcde0c3682074f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:13:e4:b3:0b:9b:ee:8f:95:15:96:2f:f2:a9:
                    45:9a:9d:9f:91:c4:87:a8:c7:0a:d9:b2:7e:af:3d:
                    f2:e4:6d:67:ce:e9:78:89:06:b7:56:35:fd:90:09:
                    be:8f:cf:9e:c8:75:1e:d6:49:1b:e3:0b:02:8d:ba:
                    73:6b:4c:d8:bd:1b:b0:f3:17:87:0f:e8:8d:de:99:
                    6e:f1:19:fa:40:29:fb:14:f8:56:95:8d:84:fb:0e:
                    98:7b:14:d4:cb:23:ba:40:56:be:3e:6d:b7:99:3b:
                    fe:45:5b:0a:55:c9:94:22:ee:fa:9e:de:72:25:7f:
                    56:28:49:06:4e:c9:da:29:c0:ee:41:45:b4:38:de:
                    91:6c:9d:6e:f0:53:5d:13:f1:33:83:be:0f:e2:b3:
                    d1:96:6d:a6:9e:58:70:99:48:8b:e4:7a:54:9c:56:
                    92:75:0c:ec:fe:5d:d3:43:f9:a0:06:d2:48:d5:21:
                    91:ad:24:82:ee:e9:aa:36:31:4e:5b:e7:1b:c3:92:
                    a8:f9:5a:f5:3d:0a:6a:ff:48:15:00:4c:87:bc:1c:
                    e8:e4:a6:59:ac:c9:ae:09:7e:b5:c4:4b:ad:2f:6d:
                    5a:0d:fb:c2:f4:e3:dd:47:39:65:22:9f:78:a3:f1:
                    8d:e4:32:2c:c8:50:82:c0:2d:2c:bb:20:aa:3d:ed:
                    53:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:71:BD:FF:F4:26:1B:16:3A:44:03:45:91:AB:86:2D:B9:C7:2C:15
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dbcb975b-22d4-4912-ae03-ce7b0158c404.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c9:15:53:4c:a3:b5:f2:88:87:03:c6:41:3d:fc:f9:2f:40:4f:
         81:a3:71:23:6c:e3:f7:96:86:c8:f2:2a:0f:08:71:be:c1:bf:
         eb:b8:6c:1b:ad:69:3c:23:dc:f6:60:11:eb:1b:f2:6b:e4:1e:
         e7:b7:9f:1c:70:12:de:d1:8f:3a:f8:87:c8:f1:02:c3:8d:4e:
         46:1a:9c:60:d9:f5:84:64:34:63:75:6a:e2:f2:1d:25:4f:77:
         99:fa:d6:c5:5b:90:92:b9:d0:ba:ae:f5:fc:b2:0e:be:e5:e2:
         99:54:30:ad:28:47:de:eb:37:1b:55:14:44:3c:63:84:cb:f2:
         5d:cb:22:1b:a1:0a:ea:ff:7b:f7:72:ee:c9:3c:37:99:93:64:
         fc:6e:b8:d7:fb:7d:ac:c2:20:68:bd:0d:56:8d:f5:6d:58:6e:
         e9:c0:7b:52:b5:61:a5:20:77:da:6b:57:65:63:3c:ab:10:cc:
         5b:9b:0e:ce:e1:46:52:cc:29:31:6f:ac:91:85:87:30:00:83:
         e1:37:45:0a:16:8d:83:2f:b8:93:31:84:18:d8:6f:81:9a:bb:
         68:bd:2b:45:20:bd:90:88:26:06:48:37:9d:b7:9a:1a:5d:f5:
         61:f9:63:13:f9:d2:0d:80:9f:7c:74:47:df:9f:43:ad:c2:35:
         ad:fe:1d:de
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUG43FdINiYnsIonLEAI04TstJ/hQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzA5MjkwMDAwMDBaFw0yMzExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDBmZjA2YWQ4NTZiMTBiODk4NjdiZDY4MmM5ZjI4ZjE3NzkzYjIwM2ZkOWU0
ZmU1ODk1YmNkZTBjMzY4MjA3NGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANIT5LMLm+6PlRWWL/KpRZqdn5HEh6jHCtmyfq898uRtZ87peIkGt1Y1/ZAJ
vo/Pnsh1HtZJG+MLAo26c2tM2L0bsPMXhw/ojd6ZbvEZ+kAp+xT4VpWNhPsOmHsU
1MsjukBWvj5tt5k7/kVbClXJlCLu+p7eciV/VihJBk7J2inA7kFFtDjekWydbvBT
XRPxM4O+D+Kz0ZZtpp5YcJlIi+R6VJxWknUM7P5d00P5oAbSSNUhka0kgu7pqjYx
TlvnG8OSqPla9T0Kav9IFQBMh7wc6OSmWazJrgl+tcRLrS9tWg37wvTj3Uc5ZSKf
eKPxjeQyLMhQgsAtLLsgqj3tU0ECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSXcb3/
9CYbFjpEA0WRq4YtuccsFTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGJjYjk3NWItMjJkNC00OTEyLWFlMDMtY2U3YjAxNThjNDA0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArkweDAN
BgkqhkiG9w0BAQsFAAOCAQEAyRVTTKO18oiHA8ZBPfz5L0BPgaNxI2zj95aGyPIq
DwhxvsG/67hsG61pPCPc9mAR6xvya+Qe57efHHAS3tGPOviHyPECw41ORhqcYNn1
hGQ0Y3Vq4vIdJU93mfrWxVuQkrnQuq71/LIOvuXimVQwrShH3us3G1UURDxjhMvy
XcsiG6EK6v9793LuyTw3mZNk/G641/t9rMIgaL0NVo31bVhu6cB7UrVhpSB32mtX
ZWM8qxDMW5sOzuFGUswpMW+skYWHMACD4TdFChaNgy+4kzGEGNhvgZq7aL0rRSC9
kIgmBkg3nbeaGl31YfljE/nSDYCffHRH359DrcI1rf4d3g==
-----END CERTIFICATE-----
Generated at Fri Sep 29 00:27:37 2023 by rpki-client on console-fra.rpki-client.org