Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/54957543-b22c-43fb-b523-8f40c64fe15d.roa
File:                     54957543-b22c-43fb-b523-8f40c64fe15d.roa (raw, json)
Hash identifier:          DLPKDV2IlUxa/unfW2MWPP6JLD4vPyNn4fuZxtSy9T8=
Subject key identifier:   10:BF:A1:27:9D:03:48:9C:B8:EB:B3:C6:81:34:98:82:BF:34:8D:80
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       310218D0D10EA64B618BC4051941FB16D8DB385D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/54957543-b22c-43fb-b523-8f40c64fe15d.roa
Signing time:             Mon 13 Oct 2025 17:55:38 +0000
ROA not before:           Mon 13 Oct 2025 17:55:38 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.192.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:02:18:d0:d1:0e:a6:4b:61:8b:c4:05:19:41:fb:16:d8:db:38:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:55:38 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=c63031628adfbf73b671ea190084304794ddcaf8502649e6f378139f8b36a2ce, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:98:e6:78:cd:53:da:d7:72:b2:4f:19:64:39:
                    c6:7e:7b:6a:33:95:8f:69:87:0a:37:d3:11:41:2d:
                    76:c4:f8:a6:cb:48:36:0f:48:5f:38:98:ea:3d:89:
                    1b:2a:06:a9:12:e9:9e:68:ec:ca:88:2c:d7:3c:09:
                    ec:a8:6e:15:fc:8f:c6:90:57:5b:9b:dc:ec:42:41:
                    db:be:6e:f0:3f:0a:fa:83:59:45:b9:de:e9:a9:45:
                    29:2a:33:61:cd:8d:e9:46:f2:c7:12:22:7c:af:7b:
                    06:b0:a6:45:42:08:e7:89:fa:aa:74:bb:22:67:f6:
                    eb:01:0e:ca:7d:95:3f:10:3d:b7:90:55:aa:92:43:
                    74:5e:a3:7a:8d:08:8c:ce:28:e1:bc:04:2f:94:3c:
                    9b:29:20:c4:0b:90:eb:b1:75:b6:3d:7d:0a:25:6f:
                    7e:fc:36:42:98:4b:d1:23:20:c4:ab:5e:ba:85:4e:
                    a1:85:4c:58:aa:30:2c:3c:24:71:50:0a:53:44:c4:
                    21:e5:9d:15:45:60:54:e4:d2:f4:58:b7:69:2b:6a:
                    dc:46:a5:bd:e4:54:c3:14:1d:da:6e:30:fb:37:3b:
                    b4:dd:5b:01:ab:06:2d:5e:66:12:83:57:ee:d6:88:
                    b3:5b:32:ca:57:12:07:1b:72:7a:fa:9c:56:ca:d5:
                    ec:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:BF:A1:27:9D:03:48:9C:B8:EB:B3:C6:81:34:98:82:BF:34:8D:80
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/54957543-b22c-43fb-b523-8f40c64fe15d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1d:a7:32:50:25:e5:81:17:17:fe:83:0a:ce:66:fd:0d:12:7f:
         fa:6c:57:5d:70:61:a7:ab:11:47:0d:c3:c6:d2:c5:a6:0d:c2:
         43:d7:fa:98:e9:e6:49:22:41:76:ce:0e:31:82:bf:ed:9e:ae:
         c8:f0:a6:2a:ee:d1:84:89:ba:f6:6d:ce:63:95:10:83:2b:9b:
         4b:aa:a0:0b:d0:4a:f9:cf:7b:4a:44:e9:dd:ed:be:fc:f6:78:
         da:56:38:2d:fc:28:15:b2:31:26:40:2e:17:8f:32:bc:0f:f7:
         ee:c0:a7:e3:cb:9e:29:06:e0:65:c3:3f:5c:83:25:d8:cc:da:
         2e:8c:a8:b6:27:ec:e6:d5:89:cd:e4:be:27:b8:18:86:3a:53:
         8b:d9:8a:f7:55:66:5d:b7:5b:33:87:ea:1e:96:8a:3e:70:ad:
         04:cd:40:32:6b:a5:83:f2:d8:24:95:84:43:c3:da:2d:67:d5:
         f7:81:57:62:6b:85:bb:0d:4f:ac:a0:fd:fd:8c:68:51:62:1a:
         19:17:3c:f9:b9:c3:5b:54:f5:8e:c9:f9:50:e1:64:7b:72:0f:
         64:4b:7a:9b:75:6c:ac:c8:94:78:f5:e5:ec:c5:53:f3:63:72:
         40:f9:c6:e2:ad:3f:8c:4a:67:5a:88:13:10:c3:35:22:86:2e:
         4a:06:b0:1a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMQIY0NEOpkthi8QFGUH7FtjbOF0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU1MzhaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGM2MzAzMTYyOGFkZmJmNzNiNjcxZWExOTAwODQzMDQ3OTRkZGNhZjg1MDI2
NDllNmYzNzgxMzlmOGIzNmEyY2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPCY5njNU9rXcrJPGWQ5xn57ajOVj2mHCjfTEUEtdsT4pstINg9IXziY6j2J
GyoGqRLpnmjsyogs1zwJ7KhuFfyPxpBXW5vc7EJB275u8D8K+oNZRbne6alFKSoz
Yc2N6UbyxxIifK97BrCmRUII54n6qnS7Imf26wEOyn2VPxA9t5BVqpJDdF6jeo0I
jM4o4bwEL5Q8mykgxAuQ67F1tj19CiVvfvw2QphL0SMgxKteuoVOoYVMWKowLDwk
cVAKU0TEIeWdFUVgVOTS9Fi3aStq3EalveRUwxQd2m4w+zc7tN1bAasGLV5mEoNX
7taIs1syylcSBxtyevqcVsrV7L8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQQv6En
nQNInLjrs8aBNJiCvzSNgDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTQ5NTc1NDMtYjIyYy00M2ZiLWI1MjMtOGY0MGM2NGZlMTVkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBbAiwDAN
BgkqhkiG9w0BAQsFAAOCAQEAHacyUCXlgRcX/oMKzmb9DRJ/+mxXXXBhp6sRRw3D
xtLFpg3CQ9f6mOnmSSJBds4OMYK/7Z6uyPCmKu7RhIm69m3OY5UQgyubS6qgC9BK
+c97SkTp3e2+/PZ42lY4LfwoFbIxJkAuF48yvA/37sCn48ueKQbgZcM/XIMl2Mza
Loyotifs5tWJzeS+J7gYhjpTi9mK91VmXbdbM4fqHpaKPnCtBM1AMmulg/LYJJWE
Q8PaLWfV94FXYmuFuw1PrKD9/YxoUWIaGRc8+bnDW1T1jsn5UOFke3IPZEt6m3Vs
rMiUePXl7MVT82NyQPnG4q0/jEpnWogTEMM1IoYuSgawGg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:15 2025 by rpki-client