Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a260fe3c-a901-4f5a-b50a-79b9a1e1f8d9.roa
File:                     a260fe3c-a901-4f5a-b50a-79b9a1e1f8d9.roa (raw, json)
Hash identifier:          yTAcma3DokBljI3WQwornUg+aEggW9E9I8xivpQIoEQ=
Subject key identifier:   4D:57:D8:F5:15:7A:DB:BB:3B:83:B1:56:2B:1D:38:12:74:83:DE:96
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       47A3C00A9398BC49EAD357ABFDA973CDF35A74BF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a260fe3c-a901-4f5a-b50a-79b9a1e1f8d9.roa
Signing time:             Mon 13 Oct 2025 17:56:13 +0000
ROA not before:           Mon 13 Oct 2025 17:56:13 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:a3:c0:0a:93:98:bc:49:ea:d3:57:ab:fd:a9:73:cd:f3:5a:74:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:56:13 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=22453a6a8ad91dd56c1a9d30c507edeebec7972d1bd4efb53f11748bd49252ab, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:66:a3:dc:6d:bc:4b:3a:a6:e7:a4:9a:96:8f:
                    0a:68:8b:aa:55:78:3b:10:55:49:d2:ce:83:05:5a:
                    44:61:2f:1d:60:b3:41:a4:88:6c:23:ad:64:e3:e3:
                    06:a6:12:97:eb:7d:4e:45:da:7f:bc:04:8a:3b:36:
                    f8:5e:7d:17:a2:f8:82:cc:1c:4a:15:34:57:51:b2:
                    32:80:c1:b7:f9:c8:29:b4:83:77:e1:21:8a:18:ae:
                    88:02:87:40:0a:1d:2c:f4:99:ec:db:fa:7b:41:7a:
                    b6:92:14:55:f1:58:51:d2:48:57:c4:70:ba:81:38:
                    4e:db:f6:f7:0c:97:95:3c:1c:32:0e:fa:2e:36:25:
                    8c:7a:a2:c5:98:b4:e4:29:b3:9f:3a:d2:3b:b6:2b:
                    22:03:51:9b:8a:0f:01:62:a5:b0:ea:ae:3a:de:34:
                    70:f4:f8:16:bf:da:3b:29:d9:60:a9:40:86:6a:e4:
                    b9:2d:b0:92:06:7c:c9:92:95:3f:ed:c7:2c:e7:9b:
                    55:66:e4:d3:b8:5a:8c:b5:64:fa:33:cf:4d:22:f1:
                    8b:bd:e7:a3:56:e6:35:6c:95:70:91:19:91:38:68:
                    fa:3d:c7:e8:66:ec:30:8f:1f:d2:19:35:58:76:84:
                    e9:22:48:3d:16:02:65:35:da:c8:65:72:08:71:76:
                    81:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:57:D8:F5:15:7A:DB:BB:3B:83:B1:56:2B:1D:38:12:74:83:DE:96
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a260fe3c-a901-4f5a-b50a-79b9a1e1f8d9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b7:b9:d9:da:99:cd:6a:83:ab:8d:ab:6f:f2:13:6e:12:c4:0f:
         eb:e2:8d:ba:6d:d0:c2:c0:01:71:ec:fe:fb:49:f0:f5:d3:cd:
         af:86:b6:9a:c0:07:65:d2:d6:68:3f:79:e9:f0:3c:fc:6b:a6:
         9e:8e:ca:54:b5:5c:18:25:41:ed:b9:ed:8b:46:df:e6:43:41:
         dd:32:89:1a:7a:fb:b9:2f:32:b3:1d:fa:ca:c2:1f:05:d8:d1:
         44:68:f2:59:d4:0f:fa:ed:43:aa:51:28:02:5e:61:1b:fe:d3:
         7f:6b:98:e0:27:04:47:3b:5a:69:cc:75:bf:9c:aa:a8:26:71:
         d3:0f:96:46:be:68:5d:47:e1:8a:57:e7:99:3b:eb:7b:85:30:
         37:db:a5:d8:a9:ec:3b:cb:f0:69:a2:de:07:d4:ef:c8:6a:de:
         47:b3:d0:0f:2a:94:eb:9b:7a:2b:f0:5a:aa:62:bc:95:f1:20:
         bb:7b:86:ff:a4:de:28:48:d7:80:8b:a7:d9:63:e0:d0:d1:f0:
         73:82:83:76:83:e7:47:28:ef:2e:22:7b:53:7e:f1:0c:d0:da:
         13:0c:d3:4b:b5:fd:7c:f1:a0:57:f6:a3:89:de:de:ef:6a:cc:
         66:9c:37:a3:60:4d:cf:1f:d2:19:64:d1:3b:66:5f:a8:f4:50:
         f2:cc:4b:e2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUR6PACpOYvEnq01er/alzzfNadL8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU2MTNaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDIyNDUzYTZhOGFkOTFkZDU2YzFhOWQzMGM1MDdlZGVlYmVjNzk3MmQxYmQ0
ZWZiNTNmMTE3NDhiZDQ5MjUyYWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALlmo9xtvEs6puekmpaPCmiLqlV4OxBVSdLOgwVaRGEvHWCzQaSIbCOtZOPj
BqYSl+t9TkXaf7wEijs2+F59F6L4gswcShU0V1GyMoDBt/nIKbSDd+EhihiuiAKH
QAodLPSZ7Nv6e0F6tpIUVfFYUdJIV8RwuoE4Ttv29wyXlTwcMg76LjYljHqixZi0
5CmznzrSO7YrIgNRm4oPAWKlsOquOt40cPT4Fr/aOynZYKlAhmrkuS2wkgZ8yZKV
P+3HLOebVWbk07hajLVk+jPPTSLxi73no1bmNWyVcJEZkTho+j3H6GbsMI8f0hk1
WHaE6SJIPRYCZTXayGVyCHF2gUMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRNV9j1
FXrbuzuDsVYrHTgSdIPeljAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTI2MGZlM2MtYTkwMS00ZjVhLWI1MGEtNzliOWExZTFmOGQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAiADAN
BgkqhkiG9w0BAQsFAAOCAQEAt7nZ2pnNaoOrjatv8hNuEsQP6+KNum3QwsABcez+
+0nw9dPNr4a2msAHZdLWaD956fA8/Gumno7KVLVcGCVB7bnti0bf5kNB3TKJGnr7
uS8ysx36ysIfBdjRRGjyWdQP+u1DqlEoAl5hG/7Tf2uY4CcERztaacx1v5yqqCZx
0w+WRr5oXUfhilfnmTvre4UwN9ul2KnsO8vwaaLeB9TvyGreR7PQDyqU65t6K/Ba
qmK8lfEgu3uG/6TeKEjXgIun2WPg0NHwc4KDdoPnRyjvLiJ7U37xDNDaEwzTS7X9
fPGgV/ajid7e72rMZpw3o2BNzx/SGWTRO2ZfqPRQ8sxL4g==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:35 2025 by rpki-client