Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9397285f-ddbe-4525-ac62-a96d2fbb5cd9.roa
File:                     9397285f-ddbe-4525-ac62-a96d2fbb5cd9.roa (raw, json)
Hash identifier:          bb1MIMN3nyshaQKa9UB5gxqEX0ucO6Z3fqCS3ZDGq7Y=
Subject key identifier:   B8:3C:46:38:8D:38:A2:FB:62:ED:89:AC:EE:C1:AF:E7:46:C4:DB:B6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       348629AF9F3B34B2DF61020B2F5C9AF28B966749
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9397285f-ddbe-4525-ac62-a96d2fbb5cd9.roa
Signing time:             Mon 13 Oct 2025 17:56:08 +0000
ROA not before:           Mon 13 Oct 2025 17:56:08 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.64.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:86:29:af:9f:3b:34:b2:df:61:02:0b:2f:5c:9a:f2:8b:96:67:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:56:08 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=f76a6ec6d102546481388045f6f64de4ca67eb922d64905a031642daaf98bb4c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4d:15:ed:c1:4a:32:8b:f5:65:af:f5:88:ce:
                    63:f6:ac:89:a8:e9:ee:a4:c7:91:dc:e6:fc:0a:38:
                    ef:a7:23:51:18:b4:bf:08:03:69:3b:64:cc:a0:b2:
                    b1:b9:0e:72:8d:50:5d:a0:2d:02:62:c2:02:8c:a2:
                    d4:39:3f:e5:69:43:63:cf:f9:3c:2e:88:d1:51:d9:
                    7b:a1:87:3a:cf:f1:4a:e0:23:97:a4:99:67:52:1f:
                    4e:9d:b3:af:22:aa:a0:12:db:6c:20:cc:d7:89:c5:
                    a2:d7:79:f5:02:43:12:c8:7c:ec:51:0d:8d:15:05:
                    0b:ed:2b:06:ee:75:61:88:5e:28:f9:20:37:99:66:
                    c2:75:f6:e2:9a:8e:7c:9a:8b:ae:d6:b7:40:3f:bd:
                    d2:c0:a3:bb:64:22:70:84:c5:04:61:06:66:2d:64:
                    ae:b5:73:8c:ac:f2:04:92:3c:4d:00:0d:a5:42:9b:
                    64:83:3b:6d:66:29:17:a9:9b:2d:05:09:92:c9:7d:
                    83:60:5b:32:b6:1f:fb:00:4b:b4:7e:fb:22:7d:9d:
                    8e:19:a7:5d:bf:00:7d:02:40:88:b5:07:b8:c6:a2:
                    0a:aa:97:7d:03:97:ae:79:3b:13:27:99:5c:a2:b8:
                    ff:9e:ea:14:b7:eb:e7:05:9b:12:37:fa:d6:bf:ce:
                    55:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:3C:46:38:8D:38:A2:FB:62:ED:89:AC:EE:C1:AF:E7:46:C4:DB:B6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9397285f-ddbe-4525-ac62-a96d2fbb5cd9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         58:52:11:9d:26:fd:eb:c1:97:af:f2:ab:9e:63:83:c5:80:64:
         9c:c1:39:af:5c:c4:9f:9c:20:1d:88:e6:5b:eb:36:eb:1c:2e:
         d0:38:0f:09:df:c6:d9:06:0e:c2:e1:5f:89:07:9e:e3:22:8f:
         ae:29:73:6a:04:e1:4d:6f:c8:a9:4d:74:36:ff:ec:8c:ca:70:
         6b:82:7f:46:19:d0:1e:5a:3e:77:b0:e3:b8:d5:f9:3b:ed:be:
         10:31:13:f1:f2:9a:5a:3b:e8:b7:5a:04:be:6f:85:67:a0:66:
         e7:f8:91:04:8c:e7:30:1d:03:63:5f:59:98:97:55:cf:52:4d:
         a2:89:5b:e1:57:f0:dd:64:69:78:03:37:57:1a:d6:5e:7d:c4:
         8d:33:e8:5b:29:2c:2c:95:68:18:15:03:14:c8:54:ef:ea:05:
         65:3a:5b:89:5a:ca:29:07:31:ca:c0:d7:ab:85:c6:b5:85:20:
         df:73:09:1b:4e:ec:e4:55:8f:1d:c2:f2:d7:a6:6d:15:d0:2f:
         ed:74:c5:09:11:a7:5b:f9:be:f2:22:82:ae:5d:11:23:a3:54:
         db:62:16:0a:3c:42:01:de:52:66:35:41:d5:f6:99:ed:4b:c7:
         49:f2:4b:a8:66:8b:fe:67:6e:b2:14:2c:fa:8c:5a:3d:bd:1f:
         0d:82:4f:8d
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUNIYpr587NLLfYQILL1ya8ouWZ0kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU2MDhaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3NmE2ZWM2ZDEwMjU0NjQ4MTM4ODA0NWY2ZjY0ZGU0Y2E2N2ViOTIyZDY0
OTA1YTAzMTY0MmRhYWY5OGJiNGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5NFe3BSjKL9WWv9YjOY/asiajp7qTHkdzm/Ao476cjURi0vwgDaTtkzKCy
sbkOco1QXaAtAmLCAoyi1Dk/5WlDY8/5PC6I0VHZe6GHOs/xSuAjl6SZZ1IfTp2z
ryKqoBLbbCDM14nFotd59QJDEsh87FENjRUFC+0rBu51YYheKPkgN5lmwnX24pqO
fJqLrta3QD+90sCju2QicITFBGEGZi1krrVzjKzyBJI8TQANpUKbZIM7bWYpF6mb
LQUJksl9g2BbMrYf+wBLtH77In2djhmnXb8AfQJAiLUHuMaiCqqXfQOXrnk7EyeZ
XKK4/57qFLfr5wWbEjf61r/OVbsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS4PEY4
jTii+2Ltiazuwa/nRsTbtjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTM5NzI4NWYtZGRiZS00NTI1LWFjNjItYTk2ZDJmYmI1Y2Q5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAgQDAN
BgkqhkiG9w0BAQsFAAOCAQEAWFIRnSb968GXr/KrnmODxYBknME5r1zEn5wgHYjm
W+s26xwu0DgPCd/G2QYOwuFfiQee4yKPrilzagThTW/IqU10Nv/sjMpwa4J/RhnQ
Hlo+d7DjuNX5O+2+EDET8fKaWjvot1oEvm+FZ6Bm5/iRBIznMB0DY19ZmJdVz1JN
oolb4Vfw3WRpeAM3VxrWXn3EjTPoWyksLJVoGBUDFMhU7+oFZTpbiVrKKQcxysDX
q4XGtYUg33MJG07s5FWPHcLy16ZtFdAv7XTFCRGnW/m+8iKCrl0RI6NU22IWCjxC
Ad5SZjVB1faZ7UvHSfJLqGaL/mdushQs+oxaPb0fDYJPjQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:20 2025 by rpki-client