Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5744d03-14d6-49dd-bcc7-bbf41846c647.roa
File:                     e5744d03-14d6-49dd-bcc7-bbf41846c647.roa (raw, json)
Hash identifier:          8A27xU2MDsbeFJKVvnKbaH8nTy68O0TOOAYelDN0B1E=
Subject key identifier:   56:79:CC:5C:FB:76:2B:7F:5A:76:E6:44:6C:FC:F9:1A:34:A7:32:6D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5845C4CC28FD3260961B95A43B981D82B331E8EE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5744d03-14d6-49dd-bcc7-bbf41846c647.roa
Signing time:             Mon 04 Mar 2024 00:00:00 +0000
ROA not before:           Mon 04 Mar 2024 00:00:00 +0000
ROA not after:            Mon 08 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.126.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:45:c4:cc:28:fd:32:60:96:1b:95:a4:3b:98:1d:82:b3:31:e8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  4 00:00:00 2024 GMT
            Not After : Apr  8 23:59:59 2024 GMT
        Subject: serialNumber=371463240ea5d0b33e3e83fbd2a1ecadf9780ef7da963967d933a1b8ca598fc3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e3:dd:5f:e0:e9:b8:04:75:28:6d:7b:5b:c3:
                    92:ed:5c:c1:47:61:55:6a:c2:7f:fd:0c:ef:ac:25:
                    d1:3f:fb:7d:32:1e:ad:91:ad:9e:66:3d:9a:57:10:
                    63:9a:2d:35:6a:b4:85:d0:8a:27:cf:99:57:7e:64:
                    b7:b1:7a:78:7e:84:95:0c:0f:e1:cb:00:90:1f:85:
                    4d:2e:55:d5:30:53:19:26:ad:58:f9:8d:59:da:08:
                    72:b4:6e:48:23:c1:be:ab:60:ac:4c:51:1d:4e:de:
                    bd:ca:3c:5a:ff:8f:d0:ae:70:f8:a1:1f:2b:85:05:
                    42:4d:28:ce:f6:de:1d:44:9e:60:20:23:1e:c3:38:
                    0f:69:cc:65:d8:1f:2c:9f:b4:58:c1:07:c8:3f:42:
                    c6:4b:10:1d:07:24:30:2d:00:a2:68:f3:e9:a7:ca:
                    62:05:f3:9f:61:50:3f:2e:45:b4:e9:da:57:c0:49:
                    d3:7d:d6:38:f9:34:b0:5c:7b:7f:f0:9a:65:c0:0e:
                    a9:fc:19:05:37:a8:09:1e:fd:f0:24:08:58:54:9d:
                    47:2c:88:ef:15:d2:8d:e3:1f:e1:0e:14:7d:c2:a7:
                    ea:f0:98:6d:c7:94:7f:dc:94:17:c1:6b:61:76:b9:
                    cc:ac:5c:72:d5:dc:3a:70:5a:8a:c3:5b:7d:0a:43:
                    09:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:79:CC:5C:FB:76:2B:7F:5A:76:E6:44:6C:FC:F9:1A:34:A7:32:6D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5744d03-14d6-49dd-bcc7-bbf41846c647.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:db:e3:21:07:95:c7:06:19:c6:fb:96:83:59:9f:10:0d:c4:
         d9:15:0f:76:ca:4f:d7:2d:0a:76:1c:9e:c8:82:45:00:2c:0f:
         da:7d:6e:70:f5:9e:16:66:ef:82:3b:cb:11:c9:bb:23:f0:99:
         71:2c:24:05:7b:ec:ba:45:42:fa:d4:bc:c6:60:d0:eb:4e:5d:
         59:fc:02:c9:41:9a:45:03:4b:af:41:4a:a9:85:75:a5:32:95:
         61:56:79:51:5a:65:20:fd:56:bd:73:71:a5:10:4b:6f:c2:23:
         29:17:46:49:62:7e:98:ce:b1:b5:3c:78:bc:f6:ed:86:b5:34:
         3f:34:7b:71:fa:81:d1:d2:71:7e:99:f5:1b:0d:21:66:7a:cb:
         3e:04:67:1e:27:5c:ab:b4:0a:a2:fb:97:8c:00:9f:b3:94:f5:
         c0:60:4d:d2:d0:00:ef:36:9f:6e:86:66:77:ae:84:16:2c:b2:
         d2:5a:d3:33:1a:58:1e:19:f3:c9:b1:e3:d7:4f:dd:fd:62:59:
         80:e9:99:ec:8a:fe:06:4c:af:66:bb:34:87:36:9b:8b:df:39:
         91:59:cb:a1:b9:b3:7c:b9:81:75:b3:13:34:4c:9d:fa:61:1d:
         7c:92:74:b2:b7:cc:bc:6c:e3:5e:e9:c7:41:2c:51:60:b0:b5:
         1b:09:b3:96
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUWEXEzCj9MmCWG5WkO5gdgrMx6O4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDQwMDAwMDBaFw0yNDA0MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQDM3MTQ2MzI0MGVhNWQwYjMzZTNlODNmYmQyYTFlY2FkZjk3ODBlZjdkYTk2
Mzk2N2Q5MzNhMWI4Y2E1OThmYzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOfj3V/g6bgEdShte1vDku1cwUdhVWrCf/0M76wl0T/7fTIerZGtnmY9mlcQ
Y5otNWq0hdCKJ8+ZV35kt7F6eH6ElQwP4csAkB+FTS5V1TBTGSatWPmNWdoIcrRu
SCPBvqtgrExRHU7evco8Wv+P0K5w+KEfK4UFQk0ozvbeHUSeYCAjHsM4D2nMZdgf
LJ+0WMEHyD9CxksQHQckMC0Aomjz6afKYgXzn2FQPy5FtOnaV8BJ033WOPk0sFx7
f/CaZcAOqfwZBTeoCR798CQIWFSdRyyI7xXSjeMf4Q4UfcKn6vCYbceUf9yUF8Fr
YXa5zKxcctXcOnBaisNbfQpDCQUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRWecxc
+3Yrf1p25kRs/PkaNKcybTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTU3NDRkMDMtMTRkNi00OWRkLWJjYzctYmJmNDE4NDZjNjQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbAgfjAN
BgkqhkiG9w0BAQsFAAOCAQEACtvjIQeVxwYZxvuWg1mfEA3E2RUPdspP1y0Kdhye
yIJFACwP2n1ucPWeFmbvgjvLEcm7I/CZcSwkBXvsukVC+tS8xmDQ605dWfwCyUGa
RQNLr0FKqYV1pTKVYVZ5UVplIP1WvXNxpRBLb8IjKRdGSWJ+mM6xtTx4vPbthrU0
PzR7cfqB0dJxfpn1Gw0hZnrLPgRnHidcq7QKovuXjACfs5T1wGBN0tAA7zafboZm
d66EFiyy0lrTMxpYHhnzybHj10/d/WJZgOmZ7Ir+BkyvZrs0hzabi985kVnLobmz
fLmBdbMTNEyd+mEdfJJ0srfMvGzjXunHQSxRYLC1Gwmzlg==
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:43 2024 by rpki-client on console-ams.rpki-client.org