Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e937d1d6-ce02-43b8-8306-022b3b0fff00.roa
File:                     e937d1d6-ce02-43b8-8306-022b3b0fff00.roa (raw, json)
Hash identifier:          7OwAsASn0J0ZvTqYopp+ISnZhYGp/rJ0xLp+CLXgiGQ=
Subject key identifier:   6D:27:AA:DF:DE:B3:F3:57:3E:E3:C9:C0:7C:B5:F5:E2:B9:20:D2:46
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6295FB8A7437ED29B54394A40A6FDFA4C992B504
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e937d1d6-ce02-43b8-8306-022b3b0fff00.roa
Signing time:             Mon 04 Mar 2024 00:00:00 +0000
ROA not before:           Mon 04 Mar 2024 00:00:00 +0000
ROA not after:            Mon 08 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:c000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:95:fb:8a:74:37:ed:29:b5:43:94:a4:0a:6f:df:a4:c9:92:b5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  4 00:00:00 2024 GMT
            Not After : Apr  8 23:59:59 2024 GMT
        Subject: serialNumber=e3359460b3749d5f0a3f6b1f1e03d7c2d26cca6a5c31122e1cecb33f733c411d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3d:39:26:16:00:a7:76:8f:b0:f0:e5:3f:a5:
                    0d:36:df:ad:96:1c:59:28:a0:e5:9b:e2:07:bc:42:
                    dd:f7:95:a7:de:8c:1d:e4:57:3e:12:97:a9:c9:43:
                    76:a1:2e:01:07:2a:9c:b9:d0:12:06:92:ca:59:ce:
                    63:9d:7b:22:42:0a:60:47:30:c1:2e:40:33:15:cb:
                    6b:0c:27:0e:25:e8:96:66:08:f7:13:5c:98:d6:2f:
                    48:e9:e2:ef:a1:ad:22:04:98:ac:fb:86:4c:c0:fe:
                    5c:d3:c8:c8:e9:6e:85:ee:63:60:8a:20:19:05:9e:
                    d0:a6:b8:20:e9:83:83:84:b2:b3:c6:03:45:c7:c5:
                    72:de:69:d5:b7:ac:ce:ad:f7:6a:9e:46:b9:6e:37:
                    66:ec:3b:0d:5d:18:20:7c:81:77:fa:0e:6f:93:78:
                    a4:7a:91:32:6d:d1:b9:47:2f:6a:3f:8b:0a:3f:85:
                    a6:03:1c:fb:81:07:da:61:97:43:99:88:cb:af:aa:
                    0d:84:98:09:cd:8a:a7:72:8c:04:5e:9e:78:58:4f:
                    f7:b8:d8:ab:97:d5:8f:0e:9b:47:af:2f:b1:a4:53:
                    b4:08:9a:ed:9b:0f:9f:13:2a:38:88:e6:7e:0c:fe:
                    c6:8b:14:2d:4e:43:9f:69:71:bc:70:41:8a:19:5b:
                    28:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:27:AA:DF:DE:B3:F3:57:3E:E3:C9:C0:7C:B5:F5:E2:B9:20:D2:46
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e937d1d6-ce02-43b8-8306-022b3b0fff00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         36:cb:e9:ab:d6:3e:30:0f:bb:e2:f6:16:a7:9e:e1:b5:6d:3c:
         55:d6:a1:c5:11:5f:b2:e8:6a:2d:c0:e2:49:1c:ca:54:ef:04:
         0d:ce:98:29:98:c4:64:dd:45:62:c7:12:3c:cb:84:92:58:1c:
         4b:10:9b:5c:bb:2f:6d:0f:0e:a7:78:c6:78:4a:bc:08:88:70:
         11:d8:05:b4:c6:83:15:fb:71:c9:08:23:36:86:26:37:cb:5d:
         e3:a3:88:b4:32:67:a4:54:bf:d1:12:9a:92:86:43:93:aa:b5:
         e3:7d:db:1e:f5:5c:9f:0b:78:01:bc:61:60:ce:37:67:7b:24:
         d8:cc:2e:33:5c:7b:27:f8:65:7f:62:4a:cb:70:18:2f:9e:f7:
         db:82:34:03:74:0d:45:db:a5:2c:8f:ab:91:a6:ba:f3:15:47:
         83:57:6f:14:b8:43:2a:6d:d0:04:7d:b9:e9:72:ea:12:70:94:
         d6:70:75:34:a8:8b:46:4b:f7:24:d0:05:ba:17:87:73:d8:5c:
         12:81:1f:ab:ec:64:aa:5b:2e:b6:c5:6a:7f:85:27:7c:ab:d2:
         de:46:e9:b7:1a:7c:eb:e8:c7:c4:c1:b5:32:05:cb:89:98:48:
         78:6e:ac:f1:0d:1e:a4:d9:66:28:dd:9d:19:99:dc:47:94:2d:
         88:9e:c8:64
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYpX7inQ37Sm1Q5SkCm/fpMmStQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDQwMDAwMDBaFw0yNDA0MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQGUzMzU5NDYwYjM3NDlkNWYwYTNmNmIxZjFlMDNkN2MyZDI2Y2NhNmE1YzMx
MTIyZTFjZWNiMzNmNzMzYzQxMWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANM9OSYWAKd2j7Dw5T+lDTbfrZYcWSig5ZviB7xC3feVp96MHeRXPhKXqclD
dqEuAQcqnLnQEgaSylnOY517IkIKYEcwwS5AMxXLawwnDiXolmYI9xNcmNYvSOni
76GtIgSYrPuGTMD+XNPIyOluhe5jYIogGQWe0Ka4IOmDg4Sys8YDRcfFct5p1bes
zq33ap5GuW43Zuw7DV0YIHyBd/oOb5N4pHqRMm3RuUcvaj+LCj+FpgMc+4EH2mGX
Q5mIy6+qDYSYCc2Kp3KMBF6eeFhP97jYq5fVjw6bR68vsaRTtAia7ZsPnxMqOIjm
fgz+xosULU5Dn2lxvHBBihlbKGsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRtJ6rf
3rPzVz7jycB8tfXiuSDSRjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTkzN2QxZDYtY2UwMi00M2I4LTgzMDYtMDIyYjNiMGZmZjAwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DXA
MA0GCSqGSIb3DQEBCwUAA4IBAQA2y+mr1j4wD7vi9hannuG1bTxV1qHFEV+y6Got
wOJJHMpU7wQNzpgpmMRk3UVixxI8y4SSWBxLEJtcuy9tDw6neMZ4SrwIiHAR2AW0
xoMV+3HJCCM2hiY3y13jo4i0MmekVL/REpqShkOTqrXjfdse9VyfC3gBvGFgzjdn
eyTYzC4zXHsn+GV/YkrLcBgvnvfbgjQDdA1F26Usj6uRprrzFUeDV28UuEMqbdAE
fbnpcuoScJTWcHU0qItGS/ck0AW6F4dz2FwSgR+r7GSqWy62xWp/hSd8q9LeRum3
Gnzr6MfEwbUyBcuJmEh4bqzxDR6k2WYo3Z0ZmdxHlC2Inshk
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:26 2024 by rpki-client on console-fra.rpki-client.org