Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8a7076-0c78-4aa6-9c1e-dfeb947189f4.roa
File:                     1a8a7076-0c78-4aa6-9c1e-dfeb947189f4.roa (raw, json)
Hash identifier:          Bf3RsbB+GLII78qQW3vbQpjn1w4O40OnayEqNo1u5jg=
Subject key identifier:   2D:EB:43:E4:CB:A0:4E:F7:53:28:C7:C8:7D:59:91:B8:0D:A9:7F:8B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       37BDE7821EDEE677DE3EB21D615889BC06FDD005
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8a7076-0c78-4aa6-9c1e-dfeb947189f4.roa
Signing time:             Mon 13 Oct 2025 17:56:05 +0000
ROA not before:           Mon 13 Oct 2025 17:56:05 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:bd:e7:82:1e:de:e6:77:de:3e:b2:1d:61:58:89:bc:06:fd:d0:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:56:05 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=1559d028f6bcdbe89776d44ca590a6e374c0d74c2877dcaae0883f9759b996ec, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:81:0b:64:57:f5:c8:10:4a:b8:aa:c5:1e:ce:
                    79:15:2e:b1:dd:eb:96:e9:a8:92:e2:fb:63:e7:78:
                    f3:16:98:41:9b:31:95:3d:f2:13:b3:7e:5a:75:c5:
                    7b:6f:88:87:aa:34:e4:6b:54:78:52:35:04:85:61:
                    2f:d2:25:0f:a3:8f:de:92:d4:8d:e4:a5:31:d4:7c:
                    1d:06:0a:81:9c:ad:be:e5:2e:3e:e3:42:68:b2:6f:
                    28:a8:bb:d3:0d:b2:73:b8:65:7e:7d:55:33:aa:64:
                    72:b0:80:28:7c:1e:4e:4c:ff:18:5d:09:e5:4b:8e:
                    be:7e:5a:bd:55:a5:75:6d:4a:f6:2b:bf:05:61:ca:
                    3a:c3:9b:84:ac:f0:27:45:0c:1e:9b:59:f7:2d:7e:
                    69:7d:a0:95:8e:26:e2:3b:db:99:02:17:10:4c:de:
                    3d:b2:66:7d:d3:80:b6:6d:ba:bb:7b:b9:65:e7:cc:
                    53:e3:6e:61:36:06:0d:ae:28:e8:d1:4f:5e:00:90:
                    59:51:3b:6f:79:57:e6:c5:a2:4b:5e:67:6a:ca:40:
                    2d:94:99:59:a1:62:13:a3:e4:15:19:c4:4f:d8:11:
                    3c:8a:d6:46:3e:6d:fd:48:3a:cb:1f:d3:ef:d7:d7:
                    9c:53:72:26:98:55:93:61:87:b0:99:d2:27:4d:a3:
                    dc:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:EB:43:E4:CB:A0:4E:F7:53:28:C7:C8:7D:59:91:B8:0D:A9:7F:8B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8a7076-0c78-4aa6-9c1e-dfeb947189f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:43:c0:ad:ab:f1:c4:d1:7f:f1:f2:f2:dc:61:e1:8b:b7:40:
         8e:20:76:56:49:f3:be:48:fc:03:cb:77:18:ed:30:3b:ec:79:
         11:da:4e:ac:63:b9:fb:0b:b7:cd:59:8d:7f:08:61:a3:80:e5:
         72:04:6e:4e:e1:fc:4e:af:40:b3:81:c3:5d:8f:40:57:a4:38:
         e7:1a:af:3f:fd:72:12:95:46:1f:f5:8e:ec:db:b6:23:66:23:
         3b:20:1b:cb:2e:ed:89:7a:60:8d:ff:9a:c4:4f:ce:88:9a:e1:
         51:cc:18:ec:e0:79:62:7e:9f:93:87:fd:2f:a1:ac:f1:14:e6:
         34:ad:b2:d1:a5:c3:95:78:12:2a:4c:e2:b5:3e:66:c0:46:2d:
         23:e4:64:a4:bc:b4:95:46:06:70:b7:de:33:62:47:e6:61:c8:
         43:77:2d:96:7b:35:81:94:2a:b8:0a:b0:47:de:eb:36:9a:f8:
         c2:27:4f:fa:20:fc:79:85:17:2d:4e:da:53:7d:e2:4f:9c:60:
         74:71:82:af:62:81:7a:84:be:11:6f:e3:d1:cb:af:27:1c:6f:
         73:2f:da:0b:e5:b3:c7:7a:4c:89:74:b8:3c:21:9e:de:68:ef:
         7f:74:19:0c:f2:74:2c:f3:b5:f9:20:c6:e3:f3:85:9c:55:25:
         be:bf:7e:1a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUN73ngh7e5nfePrIdYViJvAb90AUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU2MDVaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDE1NTlkMDI4ZjZiY2RiZTg5Nzc2ZDQ0Y2E1OTBhNmUzNzRjMGQ3NGMyODc3
ZGNhYWUwODgzZjk3NTliOTk2ZWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKKBC2RX9cgQSriqxR7OeRUusd3rlumokuL7Y+d48xaYQZsxlT3yE7N+WnXF
e2+Ih6o05GtUeFI1BIVhL9IlD6OP3pLUjeSlMdR8HQYKgZytvuUuPuNCaLJvKKi7
0w2yc7hlfn1VM6pkcrCAKHweTkz/GF0J5UuOvn5avVWldW1K9iu/BWHKOsObhKzw
J0UMHptZ9y1+aX2glY4m4jvbmQIXEEzePbJmfdOAtm26u3u5ZefMU+NuYTYGDa4o
6NFPXgCQWVE7b3lX5sWiS15naspALZSZWaFiE6PkFRnET9gRPIrWRj5t/Ug6yx/T
79fXnFNyJphVk2GHsJnSJ02j3EMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQt60Pk
y6BO91Mox8h9WZG4Dal/izAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWE4YTcwNzYtMGM3OC00YWE2LTljMWUtZGZlYjk0NzE4OWY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbAgfDAN
BgkqhkiG9w0BAQsFAAOCAQEAK0PAravxxNF/8fLy3GHhi7dAjiB2Vknzvkj8A8t3
GO0wO+x5EdpOrGO5+wu3zVmNfwhho4DlcgRuTuH8Tq9As4HDXY9AV6Q45xqvP/1y
EpVGH/WO7Nu2I2YjOyAbyy7tiXpgjf+axE/OiJrhUcwY7OB5Yn6fk4f9L6Gs8RTm
NK2y0aXDlXgSKkzitT5mwEYtI+RkpLy0lUYGcLfeM2JH5mHIQ3ctlns1gZQquAqw
R97rNpr4widP+iD8eYUXLU7aU33iT5xgdHGCr2KBeoS+EW/j0cuvJxxvcy/aC+Wz
x3pMiXS4PCGe3mjvf3QZDPJ0LPO1+SDG4/OFnFUlvr9+Gg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:19 2025 by rpki-client