Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9de8135-15d5-4e2d-91da-2744e9de020d.roa
File:                     f9de8135-15d5-4e2d-91da-2744e9de020d.roa (raw, json)
Hash identifier:          y7iFZ80OgVpGRHF7R1aeg93xz+yz+t6qAwpQkk4yfws=
Subject key identifier:   7E:42:EB:DC:D1:84:93:72:14:4D:95:AE:2F:E3:3C:21:4B:17:14:B3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0E74DD0E6EAF8D68FA94EBCFA9DEDB18CBF5A728
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9de8135-15d5-4e2d-91da-2744e9de020d.roa
Signing time:             Fri 08 Mar 2024 00:00:00 +0000
ROA not before:           Fri 08 Mar 2024 00:00:00 +0000
ROA not after:            Fri 12 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d030:c000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:74:dd:0e:6e:af:8d:68:fa:94:eb:cf:a9:de:db:18:cb:f5:a7:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  8 00:00:00 2024 GMT
            Not After : Apr 12 23:59:59 2024 GMT
        Subject: serialNumber=b496a590f8cbef650cc551f8f5b7793b7c0ef4f73cc7ca205836143560d64a44, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0c:e2:22:c7:76:32:a8:4f:ea:46:32:2b:f7:
                    3d:ef:fc:d9:32:df:0e:b9:39:68:e8:2b:c3:1c:3f:
                    e1:c2:50:b1:34:e7:db:9f:11:cf:27:6f:36:94:78:
                    3f:56:35:46:f2:63:d2:0a:5c:95:71:7a:c5:24:b4:
                    9b:18:7e:e4:e4:6e:9a:2e:f3:69:7d:de:1e:3f:38:
                    64:35:58:39:d9:7f:49:39:27:2c:0d:13:0f:ce:e5:
                    00:88:84:0d:83:e1:91:4b:61:80:24:c6:9f:e0:10:
                    b1:ae:48:f3:14:37:6e:2b:d5:ca:60:41:c9:55:db:
                    26:75:dc:d2:3f:1b:ce:95:ea:9b:d8:ad:b4:79:39:
                    fc:5b:b8:12:1b:2f:e0:91:12:3c:e8:7a:96:64:7a:
                    6b:14:28:78:0b:9d:bb:62:04:79:a5:05:3d:e6:34:
                    5f:a8:6b:f0:e5:24:ad:4c:d3:ad:61:b0:4b:3e:50:
                    f7:69:97:a6:17:3d:46:b3:56:a2:af:5d:a9:21:7e:
                    98:1b:15:59:73:ba:0e:79:b0:91:c1:ed:ff:e8:bc:
                    98:f3:8f:d6:5c:38:b8:fb:e5:5e:e9:f9:02:a0:a0:
                    1e:3b:0a:06:75:20:12:f4:60:6a:29:c8:b5:32:a2:
                    9c:2b:70:f3:3e:03:f4:3f:94:bc:1d:38:0d:27:f8:
                    16:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:42:EB:DC:D1:84:93:72:14:4D:95:AE:2F:E3:3C:21:4B:17:14:B3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9de8135-15d5-4e2d-91da-2744e9de020d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         12:83:74:b6:86:a8:72:bb:ba:3f:fa:e3:8b:b5:84:fb:b8:3a:
         7b:7d:c1:8e:72:db:59:49:00:b2:3c:3e:50:87:83:53:92:71:
         a7:96:6a:31:54:86:3a:1d:de:b2:b1:8d:e4:92:88:a6:ab:ad:
         01:35:2e:a3:de:ed:09:a9:52:18:20:63:4d:e1:d1:9c:a1:85:
         e1:2c:53:23:03:c1:42:c6:02:c4:ae:07:30:c0:5f:90:c1:db:
         4f:9a:a9:59:83:f5:d8:cf:19:e0:15:ab:69:80:17:43:e3:c8:
         dc:d2:27:ca:60:c2:c7:96:ae:a6:45:21:8b:5e:4a:b8:a9:b2:
         42:31:4b:5b:3c:80:b3:ef:7e:c6:f2:de:ad:04:d2:11:c9:ef:
         d3:8f:2c:f4:79:ae:2b:31:a4:a6:db:c6:c6:38:35:36:93:9b:
         46:4c:63:f1:1f:19:d3:3b:2b:e8:11:db:7c:69:22:4c:08:33:
         2a:e5:7b:2e:b5:64:1b:35:13:68:d5:09:a8:ea:14:a5:dc:ea:
         8f:bd:43:31:88:96:f1:9e:21:9e:4e:4b:68:91:74:38:86:b3:
         eb:7d:85:87:bc:59:74:c9:b6:03:9a:4e:ad:76:9d:93:7a:f1:
         f5:ce:16:b8:a6:f1:1e:73:dd:36:b2:15:e0:19:b0:71:86:88:
         f7:2b:d7:f5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDnTdDm6vjWj6lOvPqd7bGMv1pygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNDAzMDgwMDAwMDBaFw0yNDA0MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0OTZhNTkwZjhjYmVmNjUwY2M1NTFmOGY1Yjc3OTNiN2MwZWY0ZjczY2M3
Y2EyMDU4MzYxNDM1NjBkNjRhNDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL8M4iLHdjKoT+pGMiv3Pe/82TLfDrk5aOgrwxw/4cJQsTTn258RzydvNpR4
P1Y1RvJj0gpclXF6xSS0mxh+5ORumi7zaX3eHj84ZDVYOdl/STknLA0TD87lAIiE
DYPhkUthgCTGn+AQsa5I8xQ3bivVymBByVXbJnXc0j8bzpXqm9ittHk5/Fu4Ehsv
4JESPOh6lmR6axQoeAudu2IEeaUFPeY0X6hr8OUkrUzTrWGwSz5Q92mXphc9RrNW
oq9dqSF+mBsVWXO6DnmwkcHt/+i8mPOP1lw4uPvlXun5AqCgHjsKBnUgEvRgainI
tTKinCtw8z4D9D+UvB04DSf4FlcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR+Quvc
0YSTchRNla4v4zwhSxcUszAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjlkZTgxMzUtMTVkNS00ZTJkLTkxZGEtMjc0NGU5ZGUwMjBkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DDA
MA0GCSqGSIb3DQEBCwUAA4IBAQASg3S2hqhyu7o/+uOLtYT7uDp7fcGOcttZSQCy
PD5Qh4NTknGnlmoxVIY6Hd6ysY3kkoimq60BNS6j3u0JqVIYIGNN4dGcoYXhLFMj
A8FCxgLErgcwwF+QwdtPmqlZg/XYzxngFatpgBdD48jc0ifKYMLHlq6mRSGLXkq4
qbJCMUtbPICz737G8t6tBNIRye/Tjyz0ea4rMaSm28bGODU2k5tGTGPxHxnTOyvo
Edt8aSJMCDMq5XsutWQbNRNo1Qmo6hSl3OqPvUMxiJbxniGeTktokXQ4hrPrfYWH
vFl0ybYDmk6tdp2TevH1zha4pvEec902shXgGbBxhoj3K9f1
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:26 2024 by rpki-client on console-fra.rpki-client.org