Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1172536b-2edc-4ffb-9fca-b111f3d038a9.roa
File:                     1172536b-2edc-4ffb-9fca-b111f3d038a9.roa (raw, json)
Hash identifier:          eVQaadepH0UlC0vnbVfBtQlpviaIBuOYyFzkhwYquWI=
Subject key identifier:   5B:6B:D8:45:F9:7C:7D:C7:38:DD:D3:C5:23:59:2B:9E:76:2B:E9:BA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7D6C42F7AFD5470A048C6958B6AD14744380BC5F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1172536b-2edc-4ffb-9fca-b111f3d038a9.roa
Signing time:             Fri 26 Sep 2025 18:20:50 +0000
ROA not before:           Fri 26 Sep 2025 18:20:50 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.112.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:6c:42:f7:af:d5:47:0a:04:8c:69:58:b6:ad:14:74:43:80:bc:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:20:50 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=5448a081daff03123c04a5365787dd4600240c1591ec71f633e62bbbb55dc1bd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:30:bf:70:4b:52:96:36:3d:c8:96:54:b9:d4:
                    2b:66:ab:f2:84:6f:42:bc:cc:f9:c6:04:c6:fb:37:
                    ee:d5:18:2e:2d:2f:36:03:1d:5f:fe:65:96:60:a3:
                    a0:9b:f8:36:a5:1a:38:ef:71:f8:11:4a:f7:73:b8:
                    09:2d:91:e6:18:18:61:a4:bb:75:82:32:30:8d:ce:
                    f6:1c:39:23:ba:3d:75:53:09:c7:40:0b:57:f1:c0:
                    76:29:24:a5:04:9f:f0:af:47:05:b0:35:ee:19:6a:
                    1e:3d:4b:ce:2f:b3:24:56:b9:76:1a:25:7c:8e:49:
                    26:8a:30:46:a2:b9:61:ed:71:68:34:2a:09:63:0f:
                    ae:0c:d7:1c:66:92:75:14:b4:cb:6d:75:0d:1d:9c:
                    d0:7d:68:0d:c3:7d:0b:48:9a:df:c2:55:4e:42:e2:
                    e9:b4:a8:0b:0d:0f:2f:f4:55:b5:eb:1f:90:9e:9a:
                    cb:8e:40:6e:af:5e:b0:94:30:b7:d7:a7:02:3a:b8:
                    07:ff:65:ae:b9:88:52:39:25:f1:61:eb:68:e6:84:
                    d5:5c:62:cf:33:0c:1a:ab:e6:91:70:f8:9e:67:fe:
                    20:3c:95:39:90:c4:06:d9:9e:fe:d4:02:a8:d0:d4:
                    e0:e0:d1:74:40:b8:f9:0d:76:d8:bf:22:d3:38:c5:
                    67:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:6B:D8:45:F9:7C:7D:C7:38:DD:D3:C5:23:59:2B:9E:76:2B:E9:BA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1172536b-2edc-4ffb-9fca-b111f3d038a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         02:7e:1c:d7:38:42:e0:88:fe:b5:95:d2:5a:5a:55:90:a3:0d:
         b2:87:b3:35:6e:6e:e7:07:07:31:26:a0:72:b7:1d:bc:46:2a:
         b0:f7:d4:7e:fe:57:e1:2c:95:c7:a1:19:e7:cd:19:90:b6:1b:
         f4:e6:c9:6e:fb:2b:95:2a:56:34:33:d1:32:20:cf:6b:fb:61:
         2b:77:d3:46:77:69:1f:b6:49:29:c4:70:19:81:4d:ad:1e:1e:
         d5:af:82:2e:84:d1:1a:67:e5:95:cf:03:00:63:0b:f7:aa:a7:
         f5:f6:ed:22:e1:07:9f:8c:c4:3f:d8:da:c0:28:4e:55:46:b1:
         ae:4b:40:31:14:16:e0:73:11:5d:09:72:30:e2:bf:0e:0f:67:
         8d:b9:60:4c:87:66:15:c5:5d:44:e4:04:b9:28:7e:69:07:74:
         88:9a:4a:7d:7d:4a:62:f8:f9:b1:2c:3d:45:97:d7:fd:8b:3d:
         79:0c:15:f0:7c:c9:77:a1:37:f9:07:42:ae:b2:38:9d:ed:ff:
         14:04:9e:8c:be:37:c9:30:d0:c6:99:10:20:9d:8c:e8:01:7a:
         22:a8:94:ce:1e:39:ae:3b:1b:b2:a2:0e:31:d5:ba:30:c7:32:
         d2:61:81:93:79:e9:22:68:33:4b:f7:21:d3:2e:02:60:90:2e:
         c2:49:7c:99
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUfWxC96/VRwoEjGlYtq0UdEOAvF8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODIwNTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDU0NDhhMDgxZGFmZjAzMTIzYzA0YTUzNjU3ODdkZDQ2MDAyNDBjMTU5MWVj
NzFmNjMzZTYyYmJiYjU1ZGMxYmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALQwv3BLUpY2PciWVLnUK2ar8oRvQrzM+cYExvs37tUYLi0vNgMdX/5llmCj
oJv4NqUaOO9x+BFK93O4CS2R5hgYYaS7dYIyMI3O9hw5I7o9dVMJx0ALV/HAdikk
pQSf8K9HBbA17hlqHj1Lzi+zJFa5dholfI5JJoowRqK5Ye1xaDQqCWMPrgzXHGaS
dRS0y211DR2c0H1oDcN9C0ia38JVTkLi6bSoCw0PL/RVtesfkJ6ay45Abq9esJQw
t9enAjq4B/9lrrmIUjkl8WHraOaE1VxizzMMGqvmkXD4nmf+IDyVOZDEBtme/tQC
qNDU4ODRdEC4+Q122L8i0zjFZ2kCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRba9hF
+Xx9xzjd08UjWSuedivpujAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTE3MjUzNmItMmVkYy00ZmZiLTlmY2EtYjExMWYzZDAzOGE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7AgcDAN
BgkqhkiG9w0BAQsFAAOCAQEAAn4c1zhC4Ij+tZXSWlpVkKMNsoezNW5u5wcHMSag
crcdvEYqsPfUfv5X4SyVx6EZ580ZkLYb9ObJbvsrlSpWNDPRMiDPa/thK3fTRndp
H7ZJKcRwGYFNrR4e1a+CLoTRGmfllc8DAGML96qn9fbtIuEHn4zEP9jawChOVUax
rktAMRQW4HMRXQlyMOK/Dg9njblgTIdmFcVdROQEuSh+aQd0iJpKfX1KYvj5sSw9
RZfX/Ys9eQwV8HzJd6E3+QdCrrI4ne3/FASejL43yTDQxpkQIJ2M6AF6IqiUzh45
rjsbsqIOMdW6MMcy0mGBk3npImgzS/ch0y4CYJAuwkl8mQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:26 2025 by rpki-client