Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f25924f8-f3da-4eb4-b047-fdbfbc8e41e9.roa
File:                     f25924f8-f3da-4eb4-b047-fdbfbc8e41e9.roa (raw, json)
Hash identifier:          SOdWG2ThULRA9JBU6IECS/hUA4P43Z7dcKZEh40eFw0=
Subject key identifier:   7A:1D:83:87:FE:F4:CC:DE:64:36:49:DA:7C:00:EB:AB:42:6A:C8:DA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       323BEDBEF8731FA8BC42AB273EDB6CEDE2F717DA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f25924f8-f3da-4eb4-b047-fdbfbc8e41e9.roa
Signing time:             Sun 19 Mar 2023 00:00:00 +0000
ROA not before:           Sun 19 Mar 2023 00:00:00 +0000
ROA not after:            Sun 23 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Mar 2023 08:58:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:3b:ed:be:f8:73:1f:a8:bc:42:ab:27:3e:db:6c:ed:e2:f7:17:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 19 00:00:00 2023 GMT
            Not After : Apr 23 23:59:59 2023 GMT
        Subject: serialNumber=26777f2e415ac0f102d057b6835941d95e2129a1a6455a396efbc70a9507a3f5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:44:48:96:42:42:3c:cd:b4:1c:9b:6d:0c:4a:
                    e1:a1:9f:2d:93:98:a1:5d:68:4e:97:b5:e8:c8:70:
                    34:ea:96:9f:11:e3:52:e3:b0:f4:51:bd:27:1c:57:
                    41:88:38:cf:9b:26:f9:77:fc:96:94:0f:86:b3:af:
                    39:56:99:01:7a:05:41:19:1c:34:ca:4d:61:69:ff:
                    70:f1:59:84:67:f6:39:28:a2:01:7b:dc:f0:5e:83:
                    30:69:49:74:0e:67:72:e9:a9:81:46:aa:39:5e:cb:
                    9b:b1:bf:70:6e:53:ab:ba:1a:1f:2d:60:df:29:a4:
                    13:88:33:dc:df:6d:1c:12:7e:e8:9c:fc:a4:2c:85:
                    14:c8:17:90:28:37:a4:9e:35:ac:e0:46:f7:02:a4:
                    2e:21:15:1e:ae:1f:1a:12:76:6e:2a:7d:0f:89:51:
                    3e:b1:8b:53:05:d2:0a:ed:a7:c4:2f:b6:45:7f:3c:
                    81:73:39:23:21:49:ba:4e:17:e0:b6:94:5d:f3:e4:
                    07:0f:c1:37:46:1d:08:d9:bb:d1:48:4c:2b:76:b8:
                    ff:b0:ca:91:e8:24:26:31:ba:ee:75:10:67:89:b2:
                    b8:e5:0a:ed:14:95:a5:52:71:7e:5e:91:fc:ce:95:
                    05:4b:86:23:7c:c1:b3:bd:e8:92:af:ed:bb:2b:0c:
                    37:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                7A:1D:83:87:FE:F4:CC:DE:64:36:49:DA:7C:00:EB:AB:42:6A:C8:DA
            X509v3 Authority Key Identifier: 
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f25924f8-f3da-4eb4-b047-fdbfbc8e41e9.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5c:18:6e:ca:81:f9:7e:b1:bc:df:3e:3d:59:03:07:14:8a:8f:
         e4:66:9f:4b:81:70:f5:ce:29:fc:48:41:44:da:3a:8d:8f:ba:
         61:67:ec:5f:81:ee:de:4c:ec:bc:ef:32:6f:d2:b0:c2:81:2f:
         44:f6:77:b5:a9:6c:96:b3:66:d6:29:29:4d:74:fe:6e:e2:0b:
         56:ed:19:32:e9:bd:d6:f0:30:fd:76:f9:18:a0:94:09:32:9c:
         ed:7e:b8:9f:dc:7d:42:19:f4:e3:f5:38:50:3c:e5:6d:57:a9:
         47:1d:f6:e3:0d:a9:5b:d1:43:dd:bf:12:88:5d:06:cb:96:f3:
         01:b8:30:0a:e2:e8:88:d7:ed:82:0d:0d:fb:f9:91:0c:15:97:
         ca:af:0f:17:d6:34:e1:83:73:0f:e9:cd:6a:13:c5:72:5e:22:
         d0:b9:c9:4b:27:5e:7d:e3:82:d2:5e:dc:ef:90:e8:60:b4:fc:
         36:ba:6d:d5:5d:83:a2:c9:e5:a7:57:1b:0d:f6:d1:53:10:80:
         88:e9:f7:fd:32:d0:c0:4f:82:54:a3:2d:5c:29:f6:46:af:87:
         26:2f:05:96:58:e4:91:cd:f1:db:24:12:46:17:4e:6a:37:9e:
         9c:03:19:c4:86:33:1f:fd:2a:80:57:54:56:85:5e:b7:cb:f5:
         e2:dd:e4:9f
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIUMjvtvvhzH6i8QqsnPtts7eL3F9owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yMzAzMTkwMDAwMDBaFw0yMzA0MjMyMzU5NTlaMIGlMUkwRwYD
VQQFE0AyNjc3N2YyZTQxNWFjMGYxMDJkMDU3YjY4MzU5NDFkOTVlMjEyOWExYTY0
NTVhMzk2ZWZiYzcwYTk1MDdhM2Y1MS0wKwYDVQQDEyQ2NjE1YTM4Yi0zYWQ3LTQ3
YjctOGZiMi02ODVjMzhkMDA5MTQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
wURIlkJCPM20HJttDErhoZ8tk5ihXWhOl7XoyHA06pafEeNS47D0Ub0nHFdBiDjP
myb5d/yWlA+Gs685VpkBegVBGRw0yk1haf9w8VmEZ/Y5KKIBe9zwXoMwaUl0Dmdy
6amBRqo5Xsubsb9wblOruhofLWDfKaQTiDPc320cEn7onPykLIUUyBeQKDeknjWs
4Eb3AqQuIRUerh8aEnZuKn0PiVE+sYtTBdIK7afEL7ZFfzyBczkjIUm6ThfgtpRd
8+QHD8E3Rh0I2bvRSEwrdrj/sMqR6CQmMbrudRBnibK45QrtFJWlUnF+XpH8zpUF
S4YjfMGzveiSr+27Kww3QQIDAQABo4ICIzCCAh8wHQYDVR0OBBYEFHodg4f+9Mze
ZDZJ2nwA66tCasjaMB8GA1UdIwQYMBaAFItiY9vpeZ3WeT4OiCrSHLSEmXC8MA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvaTJKajItbDVuZFo1
UGc2SUt0SWN0SVNaY0x3LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lL2RiYThmMDFjLTk2NjktNDRhMy1hYzZlLWRiMmVkYjA5OWI4NC9mMjU5
MjRmOC1mM2RhLTRlYjQtYjA0Ny1mZGJmYmM4ZTQxZTkucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
dU9EYXRkdFljMUhyaHRVUVZReXJESzA4R2VJLmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgXQd0AwDQYJ
KoZIhvcNAQELBQADggEBAFwYbsqB+X6xvN8+PVkDBxSKj+Rmn0uBcPXOKfxIQUTa
Oo2PumFn7F+B7t5M7LzvMm/SsMKBL0T2d7WpbJazZtYpKU10/m7iC1btGTLpvdbw
MP12+RiglAkynO1+uJ/cfUIZ9OP1OFA85W1XqUcd9uMNqVvRQ92/EohdBsuW8wG4
MAri6IjX7YINDfv5kQwVl8qvDxfWNOGDcw/pzWoTxXJeItC5yUsnXn3jgtJe3O+Q
6GC0/Da6bdVdg6LJ5adXGw320VMQgIjp9/0y0MBPglSjLVwp9kavhyYvBZZY5JHN
8dskEkYXTmo3npwDGcSGMx/9KoBXVFaFXrfL9eLd5J8=
-----END CERTIFICATE-----
Generated at Sun Mar 19 16:34:20 2023 by rpki-client on console-ams.rpki-client.org