Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f25924f8-f3da-4eb4-b047-fdbfbc8e41e9.roa
File:                     f25924f8-f3da-4eb4-b047-fdbfbc8e41e9.roa (raw, json)
Hash identifier:          D+35HgLquo5JCtRdDKRq4pA80l8oYIm33dJfvPKOcyU=
Subject key identifier:   22:99:47:B2:0C:39:F5:F0:E7:F8:29:D0:5C:E1:DF:75:45:40:C0:C5
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3303F8E2F3F57365FCFEF3F343F23FECCF2E5FA5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f25924f8-f3da-4eb4-b047-fdbfbc8e41e9.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Sep 2023 14:37:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:03:f8:e2:f3:f5:73:65:fc:fe:f3:f3:43:f2:3f:ec:cf:2e:5f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=dda71b4824974e6ed5e2deecef275e67cbb355e7f0972576268748d46ac90c58, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:90:9b:f1:46:bd:d3:0f:d2:2c:de:b9:de:b6:
                    a3:1f:68:52:8b:21:be:10:93:0c:89:5d:35:0b:7d:
                    49:86:88:32:65:4b:fb:a1:b9:bf:ee:f5:a0:f7:6f:
                    d1:a7:14:a2:25:5c:3e:02:51:94:d5:46:f3:cf:64:
                    0d:cf:7b:97:8b:96:17:51:8e:80:44:71:0e:87:25:
                    b2:ef:58:54:bc:a7:a1:15:7c:2a:b5:8a:e0:57:e8:
                    1b:79:17:3b:45:e2:bb:08:d8:78:60:82:26:27:fc:
                    36:9d:bf:ff:e6:97:bf:98:56:b4:37:7a:21:3b:1a:
                    72:70:8c:f8:a9:41:dc:37:df:3b:48:e0:a7:a5:89:
                    2b:77:53:eb:09:94:30:09:c2:0f:40:f4:20:82:90:
                    d3:2d:61:2c:6c:cf:1c:84:66:5d:85:9c:a4:f7:2f:
                    bf:ba:a7:6c:d3:e0:08:04:95:58:ee:a6:d0:1c:00:
                    fe:c0:88:1f:e3:7c:c4:4c:cf:1d:2c:3d:76:4c:57:
                    2f:6c:70:8f:32:3c:6b:6e:69:47:bd:8c:49:a3:54:
                    e1:f8:67:df:00:9a:03:81:47:90:92:1f:ae:dc:bf:
                    eb:d7:53:69:cf:1b:ca:5d:ef:ad:8e:bc:57:b6:62:
                    9d:6b:1b:51:6b:38:12:a5:51:1f:68:a2:2a:77:82:
                    ea:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:99:47:B2:0C:39:F5:F0:E7:F8:29:D0:5C:E1:DF:75:45:40:C0:C5
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f25924f8-f3da-4eb4-b047-fdbfbc8e41e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2d:16:63:78:f3:f1:66:de:6a:7d:8b:5f:87:c3:40:5d:d3:ba:
         0e:e1:16:d7:b9:07:39:55:86:c0:cb:fd:0c:f2:0b:92:0a:27:
         2c:4c:b6:e2:fa:a9:5b:bd:f8:7e:fa:f6:48:87:ae:63:c5:62:
         86:da:09:7b:2f:e7:2a:eb:55:cd:69:09:d8:80:b0:39:35:f5:
         4e:0c:05:6a:53:44:bf:31:33:5b:5a:0a:15:db:e7:2d:9a:ea:
         e5:48:3c:72:2c:65:e5:f5:40:f1:6e:9d:ba:48:0d:d8:de:bd:
         66:8d:69:f7:09:0e:46:cb:3a:54:d2:15:e0:a8:c9:2b:ef:6b:
         fc:94:93:28:f0:0e:b1:5e:d3:33:4c:3b:98:71:6f:56:4e:ab:
         08:67:86:5d:74:07:dc:aa:a6:8b:30:2c:ca:60:9c:02:ef:b4:
         6b:1f:3e:6c:94:1f:84:47:18:de:c8:a4:b1:3c:d2:97:ab:ae:
         cd:ef:8b:5a:99:af:54:f3:25:48:ae:53:ba:96:c9:99:a5:ee:
         d5:1e:02:3d:82:1c:1f:cc:39:76:1f:93:15:56:dc:d3:32:6d:
         a9:e0:8a:3f:8f:8d:4b:31:70:7d:10:85:c5:be:73:9c:13:64:
         0f:e2:00:04:5b:e2:9c:93:df:45:fb:b7:1b:bd:7c:8e:ee:d1:
         6c:17:9b:82
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMwP44vP1c2X8/vPzQ/I/7M8uX6UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzA5MTEwMDAwMDBaFw0yMzEwMTYyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkYTcxYjQ4MjQ5NzRlNmVkNWUyZGVlY2VmMjc1ZTY3Y2JiMzU1ZTdmMDk3
MjU3NjI2ODc0OGQ0NmFjOTBjNTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMqQm/FGvdMP0izeud62ox9oUoshvhCTDIldNQt9SYaIMmVL+6G5v+71oPdv
0acUoiVcPgJRlNVG889kDc97l4uWF1GOgERxDoclsu9YVLynoRV8KrWK4FfoG3kX
O0XiuwjYeGCCJif8Np2//+aXv5hWtDd6ITsacnCM+KlB3DffO0jgp6WJK3dT6wmU
MAnCD0D0IIKQ0y1hLGzPHIRmXYWcpPcvv7qnbNPgCASVWO6m0BwA/sCIH+N8xEzP
HSw9dkxXL2xwjzI8a25pR72MSaNU4fhn3wCaA4FHkJIfrty/69dTac8byl3vrY68
V7ZinWsbUWs4EqVRH2iiKneC6mUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQimUey
DDn18Of4KdBc4d91RUDAxTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjI1OTI0ZjgtZjNkYS00ZWI0LWIwNDctZmRiZmJjOGU0MWU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HdA
MA0GCSqGSIb3DQEBCwUAA4IBAQAtFmN48/Fm3mp9i1+Hw0Bd07oO4RbXuQc5VYbA
y/0M8guSCicsTLbi+qlbvfh++vZIh65jxWKG2gl7L+cq61XNaQnYgLA5NfVODAVq
U0S/MTNbWgoV2+ctmurlSDxyLGXl9UDxbp26SA3Y3r1mjWn3CQ5GyzpU0hXgqMkr
72v8lJMo8A6xXtMzTDuYcW9WTqsIZ4ZddAfcqqaLMCzKYJwC77RrHz5slB+ERxje
yKSxPNKXq67N74tama9U8yVIrlO6lsmZpe7VHgI9ghwfzDl2H5MVVtzTMm2p4Io/
j41LMXB9EIXFvnOcE2QP4gAEW+Kck99F+7cbvXyO7tFsF5uC
-----END CERTIFICATE-----
Generated at Mon Sep 11 16:32:02 2023 by rpki-client on console-fra.rpki-client.org