Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/53380a08-b071-4729-9c41-f9a83d36f4c0.roa
File:                     53380a08-b071-4729-9c41-f9a83d36f4c0.roa (raw, json)
Hash identifier:          aXxZOBLhsIS2Jct0Qin8vvEPYNkiQZRqRkEwcZ0kXUY=
Subject key identifier:   17:DD:68:23:7D:86:6F:C4:4A:F4:19:17:C3:C1:7A:52:B3:FC:E6:6A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1CC26FC18598D709154625AF9E02E368818C2945
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/53380a08-b071-4729-9c41-f9a83d36f4c0.roa
Signing time:             Mon 13 Oct 2025 17:56:06 +0000
ROA not before:           Mon 13 Oct 2025 17:56:06 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.80.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:c2:6f:c1:85:98:d7:09:15:46:25:af:9e:02:e3:68:81:8c:29:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:56:06 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=caf44fabf0224bc340742c2219a611776bd8adb2ba7b944c6ea0dd03ce03cb55, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:2b:3b:72:b7:94:0f:75:78:01:77:64:93:fe:
                    44:3b:54:da:08:11:1f:3c:0a:aa:b5:a4:8e:d2:43:
                    e4:0b:8a:d6:5a:3b:a6:51:59:ad:5e:c2:0d:5d:ab:
                    b2:9b:d2:4b:07:71:fe:69:5e:77:2b:8f:b4:77:f2:
                    0c:64:95:e8:04:a7:52:6b:bf:0e:2f:7b:ee:af:d7:
                    2b:89:fb:c6:01:c5:de:80:cd:07:5e:56:f6:de:fd:
                    f7:9f:2e:29:cb:e4:46:10:9a:fc:6f:8d:e7:43:66:
                    57:dd:9d:75:08:f3:66:af:b7:d6:af:46:f6:67:f7:
                    36:a3:e0:41:39:c0:e6:d1:fe:84:37:da:d8:58:85:
                    ea:a2:fb:15:a4:0e:38:4a:5e:fc:ef:3e:1d:23:99:
                    e4:d5:36:70:3e:4a:d8:ed:41:8c:a4:cd:4c:05:11:
                    f4:e3:4d:67:21:b3:67:a0:70:0c:58:59:fc:71:d6:
                    74:e8:63:6f:82:29:2f:34:90:ef:a7:c7:89:cc:e1:
                    66:1e:87:c7:40:0e:ab:6b:b7:8f:35:a7:95:f7:6f:
                    40:1c:43:07:25:b4:83:01:d0:ff:a9:21:1b:09:0e:
                    64:26:15:fd:03:de:0e:7a:43:c5:1b:88:be:52:56:
                    7b:36:93:74:f4:a7:fd:00:4a:ea:28:67:be:3e:85:
                    1c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:DD:68:23:7D:86:6F:C4:4A:F4:19:17:C3:C1:7A:52:B3:FC:E6:6A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/53380a08-b071-4729-9c41-f9a83d36f4c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:0c:15:2d:e7:a5:c4:a6:1f:f0:42:8f:26:79:a3:5d:2a:fb:
         63:6e:4f:dd:fc:9b:a6:12:d2:55:e5:7d:7c:c5:71:85:cb:68:
         98:be:5a:e2:f1:56:33:59:50:ea:4a:97:46:96:2a:88:82:9f:
         de:c5:7a:c2:40:02:05:e4:48:06:b1:dc:ed:1c:ee:4e:b1:c2:
         cb:9e:ff:73:5d:71:8c:e3:b8:07:8a:c2:35:0f:51:c2:92:47:
         32:e4:47:7b:61:28:7f:9e:82:a3:1f:d1:54:1a:d9:02:5d:bb:
         c3:3e:4b:8c:25:05:f5:dc:94:bb:da:2f:a1:1b:3f:31:8a:3c:
         6d:72:7c:6d:b0:fb:18:3d:e9:88:cb:d6:21:ad:e5:71:53:b6:
         a8:93:63:ca:73:60:5d:8f:49:f9:54:7d:7a:bf:98:7e:15:09:
         65:98:ca:50:c1:0f:10:99:79:28:2d:92:9f:b4:f4:5e:af:28:
         ff:39:a0:c0:aa:01:55:86:73:ca:51:05:35:d5:08:b0:76:37:
         f4:09:df:25:f7:78:24:9c:57:bc:18:6f:16:b7:7b:9c:6a:9b:
         f0:dd:7d:e9:9e:dc:84:0e:f3:0a:f6:e9:30:51:05:84:ff:26:
         63:8b:91:b0:6a:ef:02:95:37:07:e3:86:39:9c:23:7a:83:a0:
         21:50:90:3e
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUHMJvwYWY1wkVRiWvngLjaIGMKUUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU2MDZaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhZjQ0ZmFiZjAyMjRiYzM0MDc0MmMyMjE5YTYxMTc3NmJkOGFkYjJiYTdi
OTQ0YzZlYTBkZDAzY2UwM2NiNTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOQrO3K3lA91eAF3ZJP+RDtU2ggRHzwKqrWkjtJD5AuK1lo7plFZrV7CDV2r
spvSSwdx/mledyuPtHfyDGSV6ASnUmu/Di977q/XK4n7xgHF3oDNB15W9t79958u
KcvkRhCa/G+N50NmV92ddQjzZq+31q9G9mf3NqPgQTnA5tH+hDfa2FiF6qL7FaQO
OEpe/O8+HSOZ5NU2cD5K2O1BjKTNTAUR9ONNZyGzZ6BwDFhZ/HHWdOhjb4IpLzSQ
76fHiczhZh6Hx0AOq2u3jzWnlfdvQBxDByW0gwHQ/6khGwkOZCYV/QPeDnpDxRuI
vlJWezaTdPSn/QBK6ihnvj6FHFUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQX3Wgj
fYZvxEr0GRfDwXpSs/zmajAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTMzODBhMDgtYjA3MS00NzI5LTljNDEtZjlhODNkMzZmNGMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArAgUDAN
BgkqhkiG9w0BAQsFAAOCAQEATAwVLeelxKYf8EKPJnmjXSr7Y25P3fybphLSVeV9
fMVxhctomL5a4vFWM1lQ6kqXRpYqiIKf3sV6wkACBeRIBrHc7RzuTrHCy57/c11x
jOO4B4rCNQ9RwpJHMuRHe2Eof56Cox/RVBrZAl27wz5LjCUF9dyUu9ovoRs/MYo8
bXJ8bbD7GD3piMvWIa3lcVO2qJNjynNgXY9J+VR9er+YfhUJZZjKUMEPEJl5KC2S
n7T0Xq8o/zmgwKoBVYZzylEFNdUIsHY39AnfJfd4JJxXvBhvFrd7nGqb8N196Z7c
hA7zCvbpMFEFhP8mY4uRsGrvApU3B+OGOZwjeoOgIVCQPg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:19 2025 by rpki-client