Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/995d4f8d-0bcd-4b30-9dbe-42bcdbeb0464.roa
File:                     995d4f8d-0bcd-4b30-9dbe-42bcdbeb0464.roa (raw, json)
Hash identifier:          0CtJlAsgCJKK7p2zI7CjLux/bkj9vKVovUGoVXPxDIA=
Subject key identifier:   D3:C1:8D:4B:6B:F5:07:54:CD:B5:7E:E8:8E:88:33:BE:7F:3C:54:7D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       11AF3388257EC1729ABEA030251A45378A67C91E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/995d4f8d-0bcd-4b30-9dbe-42bcdbeb0464.roa
Signing time:             Mon 13 Oct 2025 17:56:10 +0000
ROA not before:           Mon 13 Oct 2025 17:56:10 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:af:33:88:25:7e:c1:72:9a:be:a0:30:25:1a:45:37:8a:67:c9:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:56:10 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=3efcf3ffcbf7107b1e2d3d4add1d872785905dd55aa6c42936b7ac0f83e04904, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:64:cf:1e:8a:28:a2:c7:79:f9:1c:30:b0:05:
                    77:43:1c:d3:08:df:54:ee:4d:e0:f8:dd:82:b3:6b:
                    1f:0c:f6:66:a9:40:64:cd:5a:6b:99:b6:f7:7c:0d:
                    85:ae:f1:9f:10:40:c5:ef:1a:b7:12:73:1a:c4:53:
                    b8:c7:ed:e3:8a:ff:07:0f:be:31:29:ff:b0:5d:8f:
                    bc:30:93:49:5c:e7:83:40:2a:f3:07:ce:7c:99:bb:
                    1b:53:bf:76:98:c7:43:0b:a3:62:27:af:e9:3d:82:
                    35:55:35:52:72:7a:cd:69:36:0e:fd:81:72:dc:57:
                    ff:e1:31:fa:d8:f7:b1:f1:1c:39:67:1d:7a:b8:6e:
                    3a:57:d2:62:ec:e9:88:32:39:60:f0:a1:81:52:e8:
                    d1:d1:ee:87:b5:36:ba:59:85:fe:ce:c4:84:5b:d2:
                    33:a4:37:ac:fd:4c:97:3e:46:81:05:82:4d:90:71:
                    8e:1f:08:d3:5a:a3:09:82:5d:85:36:c5:ff:dc:5a:
                    21:47:a3:41:db:2b:b3:b9:23:81:5c:ba:49:f2:19:
                    fc:bb:4d:c6:c8:e6:7b:46:e9:b7:3c:cc:a8:08:e5:
                    31:ff:c0:f0:11:13:1e:bf:b3:f2:b2:49:a3:14:16:
                    02:71:4b:61:bd:67:94:7c:5f:93:62:f0:3e:d5:37:
                    6c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:C1:8D:4B:6B:F5:07:54:CD:B5:7E:E8:8E:88:33:BE:7F:3C:54:7D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/995d4f8d-0bcd-4b30-9dbe-42bcdbeb0464.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:bc:a9:c6:4f:15:fd:98:e0:ef:b7:88:09:e0:42:c2:5e:70:
         50:09:56:cb:62:c7:0a:ae:06:7d:35:bc:74:f1:20:d1:96:94:
         06:fe:79:aa:a0:c4:cd:11:21:4a:ec:30:d1:7c:a3:35:4b:bf:
         9f:30:ee:dc:e4:f8:27:1b:dd:3a:7f:1e:9b:35:c1:fd:9e:e2:
         c3:1b:f3:4a:aa:b5:4c:89:51:ad:e0:9e:a4:8a:e6:03:4b:b7:
         8b:40:90:a8:21:25:ed:cf:ee:0b:65:51:63:35:c3:bb:cc:1c:
         3b:d7:b6:6d:a1:a0:45:c2:b4:63:6a:fd:f4:25:19:70:9f:25:
         d7:76:8e:bf:76:45:6f:6e:c7:72:67:fb:6d:c5:3f:29:85:9e:
         14:da:0e:a0:9d:3f:45:38:e0:30:38:fe:f6:f4:b3:13:d4:86:
         be:aa:21:5e:09:7a:af:74:5f:2d:5d:7e:a9:bc:40:b0:81:64:
         12:ad:26:49:41:fe:0a:9d:89:f1:cc:0a:3e:73:3c:40:6e:31:
         11:57:22:f6:03:4a:47:9a:e1:9b:80:83:df:e0:c4:6c:90:88:
         b0:3c:fa:42:51:a7:c0:f6:b7:15:af:0a:c9:a2:67:40:44:a6:
         3e:69:b5:b2:51:4e:b3:59:db:c5:17:30:c1:7f:fb:31:c8:27:
         07:d3:17:6e
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUEa8ziCV+wXKavqAwJRpFN4pnyR4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU2MTBaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDNlZmNmM2ZmY2JmNzEwN2IxZTJkM2Q0YWRkMWQ4NzI3ODU5MDVkZDU1YWE2
YzQyOTM2YjdhYzBmODNlMDQ5MDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOtkzx6KKKLHefkcMLAFd0Mc0wjfVO5N4PjdgrNrHwz2ZqlAZM1aa5m293wN
ha7xnxBAxe8atxJzGsRTuMft44r/Bw++MSn/sF2PvDCTSVzng0Aq8wfOfJm7G1O/
dpjHQwujYiev6T2CNVU1UnJ6zWk2Dv2BctxX/+Ex+tj3sfEcOWcderhuOlfSYuzp
iDI5YPChgVLo0dHuh7U2ulmF/s7EhFvSM6Q3rP1Mlz5GgQWCTZBxjh8I01qjCYJd
hTbF/9xaIUejQdsrs7kjgVy6SfIZ/LtNxsjme0bptzzMqAjlMf/A8BETHr+z8rJJ
oxQWAnFLYb1nlHxfk2LwPtU3bAcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTTwY1L
a/UHVM21fuiOiDO+fzxUfTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTk1ZDRmOGQtMGJjZC00YjMwLTlkYmUtNDJiY2RiZWIwNDY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArAiEDAN
BgkqhkiG9w0BAQsFAAOCAQEAerypxk8V/Zjg77eICeBCwl5wUAlWy2LHCq4GfTW8
dPEg0ZaUBv55qqDEzREhSuww0XyjNUu/nzDu3OT4JxvdOn8emzXB/Z7iwxvzSqq1
TIlRreCepIrmA0u3i0CQqCEl7c/uC2VRYzXDu8wcO9e2baGgRcK0Y2r99CUZcJ8l
13aOv3ZFb27Hcmf7bcU/KYWeFNoOoJ0/RTjgMDj+9vSzE9SGvqohXgl6r3RfLV1+
qbxAsIFkEq0mSUH+Cp2J8cwKPnM8QG4xEVci9gNKR5rhm4CD3+DEbJCIsDz6QlGn
wPa3Fa8KyaJnQESmPmm1slFOs1nbxRcwwX/7McgnB9MXbg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:53 2025 by rpki-client