Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e69b1519-f345-43aa-8c6b-cd786ee13404.roa
File:                     e69b1519-f345-43aa-8c6b-cd786ee13404.roa (raw, json)
Hash identifier:          XAQ/TzfhH9izehZB5lS4WzgMSp6JrBJjbo+r3Pe/ROg=
Subject key identifier:   8B:3D:8F:19:EF:B9:F4:7D:FF:10:7E:75:76:17:E3:01:26:58:7D:A2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       562D41966AD9FA1699505816667DF979DBB5BFCC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e69b1519-f345-43aa-8c6b-cd786ee13404.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:5000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:2d:41:96:6a:d9:fa:16:99:50:58:16:66:7d:f9:79:db:b5:bf:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=1eff7951b659b79346e53c2d364c9fbed365e050927e749447fe5cc4bb57ff1d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1a:17:9c:2e:a6:d4:8b:e4:1a:6f:c2:f1:41:
                    c4:77:1d:2c:08:be:9d:a4:f4:ab:41:42:c5:fc:a0:
                    4b:d6:a8:80:3e:5b:7a:8b:c7:37:82:bf:88:97:b0:
                    be:6f:a8:fa:b3:95:03:f5:97:14:ca:cf:b3:ca:64:
                    3f:60:cd:a7:0e:cd:93:69:e9:26:65:b5:18:f4:cf:
                    b3:a8:7d:50:56:de:58:d1:ea:30:bb:70:86:d4:72:
                    08:25:fa:23:0c:6c:2e:eb:aa:91:70:a6:bd:82:0b:
                    4d:b6:fd:54:95:dd:41:68:b9:7b:e6:03:f1:dd:7e:
                    f6:d1:31:f6:c8:d3:b3:e8:16:f9:fd:8a:20:da:3a:
                    9a:85:1b:94:57:b2:58:90:5c:53:53:ea:00:dd:a3:
                    dd:92:56:df:31:34:82:6e:88:ad:6f:74:2f:5f:1a:
                    59:85:ac:7f:2f:15:cb:5b:a6:f5:8b:a4:6f:d7:37:
                    99:be:5e:2e:cb:bc:34:2c:ad:6c:87:98:8f:5e:72:
                    ea:a5:ad:55:c2:c7:53:65:65:60:1d:ae:c4:cd:8b:
                    df:5d:3e:54:17:41:c3:5b:58:bb:3b:cb:f5:1e:5e:
                    25:4b:60:eb:64:71:b9:51:21:e5:60:fe:d7:ba:f9:
                    a5:1e:c0:fe:e2:dc:c5:c1:29:c6:21:7a:73:59:81:
                    df:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:3D:8F:19:EF:B9:F4:7D:FF:10:7E:75:76:17:E3:01:26:58:7D:A2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e69b1519-f345-43aa-8c6b-cd786ee13404.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:0b:0c:b5:a7:a2:c6:d8:d6:e0:29:c0:20:ad:a0:19:dd:4d:
         e7:bc:78:aa:b1:5f:85:4d:63:ce:97:c9:c4:22:2e:67:1f:bf:
         c8:58:be:45:26:6e:a2:f6:5a:99:f8:e5:41:88:85:de:56:72:
         7e:0b:c0:6e:66:26:f4:c3:8a:52:78:fe:44:b8:f0:70:79:88:
         b4:63:c9:13:49:bc:80:a6:9c:53:2d:c9:d5:b3:22:b7:bd:d5:
         64:89:22:6d:a0:c0:df:23:46:eb:01:1c:59:f9:52:2b:40:0e:
         58:19:88:f4:42:dd:c0:0d:af:7b:1e:51:fe:d5:e3:ff:1c:f8:
         c7:cf:0f:93:d6:d9:7e:32:55:4a:62:1d:8e:84:5d:82:7c:0b:
         93:a3:b2:2f:87:27:fe:1d:c9:66:5a:ec:80:60:d8:cc:70:58:
         9b:07:c1:12:34:f8:9e:10:fb:c8:87:41:85:75:03:61:9d:2c:
         46:1a:5c:c9:2b:a6:e8:ff:70:41:a5:10:22:cd:29:b3:99:25:
         dc:11:a9:1f:fd:9e:63:82:c5:9a:23:77:da:68:8b:d3:d7:d2:
         2b:89:8c:05:2b:b7:6b:95:be:e8:f5:bf:aa:75:c0:1c:41:b2:
         76:09:07:91:dd:d3:3c:b5:bc:16:ad:37:59:30:2d:54:bc:ec:
         f4:2d:c1:11
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVi1BlmrZ+haZUFgWZn35edu1v8wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlZmY3OTUxYjY1OWI3OTM0NmU1M2MyZDM2NGM5ZmJlZDM2NWUwNTA5Mjdl
NzQ5NDQ3ZmU1Y2M0YmI1N2ZmMWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0aF5wuptSL5BpvwvFBxHcdLAi+naT0q0FCxfygS9aogD5beovHN4K/iJew
vm+o+rOVA/WXFMrPs8pkP2DNpw7Nk2npJmW1GPTPs6h9UFbeWNHqMLtwhtRyCCX6
IwxsLuuqkXCmvYILTbb9VJXdQWi5e+YD8d1+9tEx9sjTs+gW+f2KINo6moUblFey
WJBcU1PqAN2j3ZJW3zE0gm6IrW90L18aWYWsfy8Vy1um9Yukb9c3mb5eLsu8NCyt
bIeYj15y6qWtVcLHU2VlYB2uxM2L310+VBdBw1tYuzvL9R5eJUtg62RxuVEh5WD+
17r5pR7A/uLcxcEpxiF6c1mB330CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSLPY8Z
77n0ff8QfnV2F+MBJlh9ojAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTY5YjE1MTktZjM0NS00M2FhLThjNmItY2Q3ODZlZTEzNDA0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H5Q
MA0GCSqGSIb3DQEBCwUAA4IBAQANCwy1p6LG2NbgKcAgraAZ3U3nvHiqsV+FTWPO
l8nEIi5nH7/IWL5FJm6i9lqZ+OVBiIXeVnJ+C8BuZib0w4pSeP5EuPBweYi0Y8kT
SbyAppxTLcnVsyK3vdVkiSJtoMDfI0brARxZ+VIrQA5YGYj0Qt3ADa97HlH+1eP/
HPjHzw+T1tl+MlVKYh2OhF2CfAuTo7Ivhyf+HclmWuyAYNjMcFibB8ESNPieEPvI
h0GFdQNhnSxGGlzJK6bo/3BBpRAizSmzmSXcEakf/Z5jgsWaI3faaIvT19IriYwF
K7drlb7o9b+qdcAcQbJ2CQeR3dM8tbwWrTdZMC1UvOz0LcER
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:31 2024 by rpki-client on console-ams.rpki-client.org