Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
File:                     296e983c-f59b-4a15-a74d-56b2bff88779.roa (raw, json)
Hash identifier:          A9mHyTWZYHBJhbw85VykiTHmXmf+hvhU3AOaxM5yTCo=
Subject key identifier:   48:79:A6:ED:82:3C:95:CA:BF:FC:24:89:33:58:11:71:BD:A5:87:AB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       62F598E9E721E7D9511EDE86AEE9FE9F13336733
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
Signing time:             Mon 13 Oct 2025 17:55:28 +0000
ROA not before:           Mon 13 Oct 2025 17:55:28 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:f5:98:e9:e7:21:e7:d9:51:1e:de:86:ae:e9:fe:9f:13:33:67:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:55:28 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=98fc93fa1f47e38246afbdf4e1fd0c3980c5dd9855d3eb92ce63a44169faa0af, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d6:7a:e7:c8:f4:f2:b8:dd:ae:07:b1:05:2b:
                    98:2b:e1:9a:14:df:a0:1b:5d:03:e4:76:26:25:11:
                    2e:ee:e7:be:30:a7:95:85:38:56:61:ad:f9:5c:06:
                    70:79:91:88:9d:98:03:22:fd:d8:30:1f:de:74:c7:
                    19:58:24:33:69:f2:64:03:cd:26:d4:e0:ba:b7:62:
                    42:80:ab:55:e4:40:06:30:36:31:77:f7:ba:69:4d:
                    a4:69:1a:ae:bb:57:ff:f7:f2:71:2d:e8:ad:33:67:
                    18:ac:92:1a:62:16:01:d2:09:9e:c8:b0:e0:36:51:
                    03:6c:00:85:65:2b:36:d1:d2:64:93:37:48:a4:ea:
                    ae:34:96:c0:28:ab:4e:e0:1d:db:f1:2d:28:84:ad:
                    91:98:e1:19:f7:da:fd:24:7f:af:c3:78:09:8d:90:
                    b9:2e:7d:03:b6:a0:cf:35:25:f3:39:c7:d6:d5:66:
                    43:e8:36:d6:17:ab:eb:98:43:7d:5a:9d:79:0d:50:
                    0f:f7:09:39:ae:1a:b7:a9:ac:92:71:5e:a6:96:e5:
                    f9:5a:13:63:cf:b3:25:bb:e8:8b:3e:d4:00:30:86:
                    92:70:57:fd:0b:e0:ca:f8:41:3b:b1:87:16:60:1a:
                    7b:1e:29:17:49:23:c6:ea:a4:de:c0:d1:d2:b9:c5:
                    23:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:79:A6:ED:82:3C:95:CA:BF:FC:24:89:33:58:11:71:BD:A5:87:AB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         36:d8:68:cd:fa:1e:46:96:65:89:58:ec:6d:9f:56:77:13:cf:
         9d:54:f9:b3:96:4c:59:44:c6:c5:04:4b:83:e8:4a:07:9c:d4:
         ce:45:a4:bc:af:1f:10:6c:dd:3f:25:01:36:4c:f8:6f:c3:4f:
         c7:20:26:6a:9a:83:19:8c:c6:3b:af:4c:f9:d7:ad:06:5f:8c:
         bd:b8:6b:46:cc:0a:3a:8e:4f:b9:1c:89:4b:f5:3d:8a:c4:0a:
         23:43:f6:c8:89:6e:23:cc:1b:81:de:a3:77:42:cc:e8:d8:98:
         db:59:bb:39:9e:df:16:2f:3f:8b:a0:0a:fa:48:96:1d:fa:a6:
         f8:41:8a:74:9d:92:87:5f:0f:f0:51:ae:e3:45:93:e3:da:88:
         ef:62:67:98:f6:bc:38:79:90:17:c4:90:38:01:3a:a7:b6:d2:
         e1:6a:c7:a7:0b:ef:20:38:47:a7:f8:5f:d2:ef:90:6b:b0:67:
         51:b3:00:ef:bf:f8:53:8a:50:5f:ef:7c:e1:de:78:f2:8e:65:
         5e:e4:b7:8f:6e:16:ef:e2:f5:1e:8a:64:c2:1d:4e:42:e4:cf:
         7f:d8:50:bb:9a:74:87:4d:35:b8:a5:7a:38:ef:12:5d:b0:79:
         db:40:fa:bb:77:e8:a7:f3:b4:6a:c6:55:86:84:5e:99:71:2d:
         3a:97:34:85
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUYvWY6ech59lRHt6Grun+nxMzZzMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU1MjhaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDk4ZmM5M2ZhMWY0N2UzODI0NmFmYmRmNGUxZmQwYzM5ODBjNWRkOTg1NWQz
ZWI5MmNlNjNhNDQxNjlmYWEwYWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzWeufI9PK43a4HsQUrmCvhmhTfoBtdA+R2JiURLu7nvjCnlYU4VmGt+VwG
cHmRiJ2YAyL92DAf3nTHGVgkM2nyZAPNJtTgurdiQoCrVeRABjA2MXf3umlNpGka
rrtX//fycS3orTNnGKySGmIWAdIJnsiw4DZRA2wAhWUrNtHSZJM3SKTqrjSWwCir
TuAd2/EtKIStkZjhGffa/SR/r8N4CY2QuS59A7agzzUl8znH1tVmQ+g21her65hD
fVqdeQ1QD/cJOa4at6msknFeppbl+VoTY8+zJbvoiz7UADCGknBX/QvgyvhBO7GH
FmAaex4pF0kjxuqk3sDR0rnFIwUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRIeabt
gjyVyr/8JIkzWBFxvaWHqzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mjk2ZTk4M2MtZjU5Yi00YTE1LWE3NGQtNTZiMmJmZjg4Nzc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAiMDAN
BgkqhkiG9w0BAQsFAAOCAQEANthozfoeRpZliVjsbZ9WdxPPnVT5s5ZMWUTGxQRL
g+hKB5zUzkWkvK8fEGzdPyUBNkz4b8NPxyAmapqDGYzGO69M+detBl+MvbhrRswK
Oo5PuRyJS/U9isQKI0P2yIluI8wbgd6jd0LM6NiY21m7OZ7fFi8/i6AK+kiWHfqm
+EGKdJ2Sh18P8FGu40WT49qI72JnmPa8OHmQF8SQOAE6p7bS4WrHpwvvIDhHp/hf
0u+Qa7BnUbMA77/4U4pQX+984d548o5lXuS3j24W7+L1Hopkwh1OQuTPf9hQu5p0
h001uKV6OO8SXbB520D6u3fop/O0asZVhoRemXEtOpc0hQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:06 2025 by rpki-client