Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ef4f5658-1df5-4b15-b458-c8609229af7f.roa
File:                     ef4f5658-1df5-4b15-b458-c8609229af7f.roa (raw, json)
Hash identifier:          pPx0YE51L2FFSdaIc4iRSfEoPHwjS42xNwDChP3yT4Q=
Subject key identifier:   3F:14:B3:57:43:DA:6A:24:A6:66:1A:C9:BA:59:B5:8D:44:9B:12:50
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       53243560D9B4BCC9B64E205635539858C1B9CFEF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ef4f5658-1df5-4b15-b458-c8609229af7f.roa
Signing time:             Fri 29 Mar 2024 00:00:00 +0000
ROA not before:           Fri 29 Mar 2024 00:00:00 +0000
ROA not after:            Fri 03 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:5000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:24:35:60:d9:b4:bc:c9:b6:4e:20:56:35:53:98:58:c1:b9:cf:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 29 00:00:00 2024 GMT
            Not After : May  3 23:59:59 2024 GMT
        Subject: serialNumber=05ff4f70c6e60e38402fa7682f1c913d9a208b8cc81a232bb449447e0de80efe, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:44:97:7c:3c:75:8f:2b:66:8a:1a:cd:b2:4f:
                    03:8b:6e:e1:e2:41:f7:c9:8b:9a:8e:8c:b1:5c:00:
                    4a:a2:f7:a6:a5:cd:7f:ff:c5:6b:e9:59:62:00:71:
                    6a:2c:64:9d:f4:ce:b1:8c:5a:88:32:56:38:a7:33:
                    a8:17:2e:c2:dc:ae:37:2f:36:06:7b:00:fe:9f:4a:
                    0d:69:e6:de:18:21:51:1a:ae:97:21:2c:ce:cd:0c:
                    3b:04:dc:a2:84:de:1b:76:f3:16:d7:ef:aa:cc:8e:
                    d0:dc:97:74:ce:05:81:94:ac:ad:fc:86:d4:2c:15:
                    44:b4:7a:9f:f0:83:e4:df:da:f0:11:7f:ac:b1:5d:
                    ef:45:98:f6:3e:fb:b5:da:69:09:b9:bf:a5:5a:e0:
                    e6:8f:ab:2a:61:e4:b8:10:ba:7f:ee:9c:6f:4b:54:
                    9c:92:04:c4:84:f5:8f:f0:74:88:ea:d6:b3:b1:91:
                    82:5d:e8:40:ed:60:d2:c5:a6:7a:89:1d:26:9c:7e:
                    af:75:5f:f1:46:51:1a:1f:6f:6a:31:02:2b:4a:1f:
                    1b:11:d6:f0:b6:2c:cb:95:21:5a:0a:d5:0d:00:92:
                    47:48:c3:c4:71:80:2b:64:58:7b:7f:00:68:3c:ed:
                    4a:8e:39:28:50:e0:30:03:85:0a:4a:b2:75:17:3c:
                    53:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:14:B3:57:43:DA:6A:24:A6:66:1A:C9:BA:59:B5:8D:44:9B:12:50
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ef4f5658-1df5-4b15-b458-c8609229af7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4e:67:9d:ac:58:a6:8a:a3:f5:cb:10:a8:cc:df:af:1c:76:3d:
         0e:1c:b4:83:8f:93:3f:79:7a:c3:1a:ec:8e:eb:db:cc:a1:96:
         ec:32:c1:fd:46:e1:cb:ad:30:db:b1:9b:85:b4:42:30:7a:52:
         52:5d:ce:76:9d:a4:90:40:51:da:48:a9:b1:1d:f1:82:22:6d:
         20:a4:dd:53:ff:2e:0f:76:ec:f9:3b:2e:6e:4f:83:e4:8c:88:
         12:53:45:2a:2c:32:85:d5:f1:3b:6c:28:08:5a:98:08:93:60:
         8f:d9:9a:fe:0b:58:c6:82:7e:c3:c6:ec:75:28:bf:46:c5:19:
         2b:12:de:5e:c4:46:fa:d8:0d:8c:d4:2a:dc:d5:36:4d:2e:ce:
         85:b0:23:28:4f:f4:fa:b4:9d:56:d6:18:da:10:80:44:2f:a2:
         af:f3:fc:8c:41:52:c8:b0:e8:01:e0:3c:0a:ce:5a:16:9e:e7:
         31:2f:8a:7e:15:7d:b1:54:34:15:eb:80:2a:6b:91:d7:04:f7:
         9e:95:fe:1e:7a:a7:23:6b:21:19:a6:63:05:03:33:42:e3:d0:
         c6:7c:c7:f9:ee:42:61:b7:af:b8:a4:57:85:63:a2:0d:e3:41:
         c9:e1:1e:77:ba:fa:3d:ef:31:c5:43:78:15:ae:4a:f6:cf:27:
         33:c7:17:e0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUyQ1YNm0vMm2TiBWNVOYWMG5z+8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMjkwMDAwMDBaFw0yNDA1MDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1ZmY0ZjcwYzZlNjBlMzg0MDJmYTc2ODJmMWM5MTNkOWEyMDhiOGNjODFh
MjMyYmI0NDk0NDdlMGRlODBlZmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALBEl3w8dY8rZooazbJPA4tu4eJB98mLmo6MsVwASqL3pqXNf//Fa+lZYgBx
aixknfTOsYxaiDJWOKczqBcuwtyuNy82BnsA/p9KDWnm3hghURqulyEszs0MOwTc
ooTeG3bzFtfvqsyO0NyXdM4FgZSsrfyG1CwVRLR6n/CD5N/a8BF/rLFd70WY9j77
tdppCbm/pVrg5o+rKmHkuBC6f+6cb0tUnJIExIT1j/B0iOrWs7GRgl3oQO1g0sWm
eokdJpx+r3Vf8UZRGh9vajECK0ofGxHW8LYsy5UhWgrVDQCSR0jDxHGAK2RYe38A
aDztSo45KFDgMAOFCkqydRc8U3MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ/FLNX
Q9pqJKZmGsm6WbWNRJsSUDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWY0ZjU2NTgtMWRmNS00YjE1LWI0NTgtYzg2MDkyMjlhZjdmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBOZ52sWKaKo/XLEKjM368cdj0OHLSDj5M/eXrD
GuyO69vMoZbsMsH9RuHLrTDbsZuFtEIwelJSXc52naSQQFHaSKmxHfGCIm0gpN1T
/y4Pduz5Oy5uT4PkjIgSU0UqLDKF1fE7bCgIWpgIk2CP2Zr+C1jGgn7Dxux1KL9G
xRkrEt5exEb62A2M1Crc1TZNLs6FsCMoT/T6tJ1W1hjaEIBEL6Kv8/yMQVLIsOgB
4DwKzloWnucxL4p+FX2xVDQV64Aqa5HXBPeelf4eeqcjayEZpmMFAzNC49DGfMf5
7kJht6+4pFeFY6IN40HJ4R53uvo97zHFQ3gVrkr2zyczxxfg
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:24 2024 by rpki-client on console-fra.rpki-client.org