Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aa79bb18-b74d-4cc3-ba05-20af0f9435b1.roa
File:                     aa79bb18-b74d-4cc3-ba05-20af0f9435b1.roa (raw, json)
Hash identifier:          Tdn9Km2rr9N3bmBf6/aZy7e1UrKhbGt8VWRUvUg9jBI=
Subject key identifier:   C2:3B:A4:A4:8E:F1:2D:76:6A:DC:C5:B1:4E:C3:9D:F4:D5:1C:AC:66
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4680A56ED5074A43B6A66F10BB21A5DDFE8CF801
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aa79bb18-b74d-4cc3-ba05-20af0f9435b1.roa
Signing time:             Mon 13 Oct 2025 17:55:32 +0000
ROA not before:           Mon 13 Oct 2025 17:55:32 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.144.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:80:a5:6e:d5:07:4a:43:b6:a6:6f:10:bb:21:a5:dd:fe:8c:f8:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:55:32 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=806f22ebe404b673ea6836b15d9953ed71d815f0f590c35935db2c2d5a67db82, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:28:ee:8b:c0:84:d8:86:fb:f0:3b:59:86:04:
                    0c:ca:73:84:0e:80:c9:33:a3:2a:c1:0a:fa:63:a7:
                    c6:5e:eb:8d:28:cf:da:9e:f3:de:24:07:0e:40:45:
                    e1:31:ea:fb:40:5d:8d:ca:2f:22:84:f7:83:b3:26:
                    47:26:28:db:d4:87:8c:48:cf:0d:20:a7:c4:bd:5a:
                    98:66:28:dc:72:a6:e2:72:d9:1d:e2:49:d8:aa:8d:
                    8f:f6:26:a3:e6:54:c1:79:3c:77:c0:69:ea:12:d3:
                    10:34:5f:eb:62:0e:0b:e1:e2:90:db:19:ef:c4:9f:
                    68:3d:19:b7:a5:57:9c:de:b4:79:72:4f:19:3c:56:
                    38:cf:9a:f2:8c:11:89:26:28:4c:4c:d8:7b:f4:4a:
                    8c:2e:4f:44:73:55:7c:20:16:f0:bd:80:86:4a:ca:
                    fe:4a:cb:d7:12:0d:84:42:7c:94:25:52:ce:95:8e:
                    d8:4e:ed:e8:1e:23:e6:49:c5:ac:44:2e:96:0f:76:
                    55:30:71:23:31:0e:94:b7:a1:5f:d9:32:11:8c:ec:
                    b1:d6:79:58:73:10:1d:f0:60:4b:32:ec:be:e2:e6:
                    0f:bc:c1:e8:d0:12:f1:e9:2a:37:96:e4:24:69:48:
                    91:99:7b:a5:a7:d9:87:e7:8c:81:72:49:b6:5f:ae:
                    54:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:3B:A4:A4:8E:F1:2D:76:6A:DC:C5:B1:4E:C3:9D:F4:D5:1C:AC:66
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aa79bb18-b74d-4cc3-ba05-20af0f9435b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         92:de:97:26:01:4c:d5:c2:f2:47:9b:9f:7f:bd:5c:12:36:1e:
         1d:8a:8a:c4:7c:18:42:9e:46:97:ae:b6:3e:c1:cc:f2:b6:d6:
         f6:48:cf:f5:b9:ac:de:65:d1:11:b4:d2:5e:93:0c:4b:c5:09:
         dd:33:2b:41:73:b9:a5:0f:c3:fe:4c:33:c2:2d:37:b4:aa:c6:
         6f:5c:27:62:11:c5:de:fc:6a:74:ea:51:9f:90:8e:a7:8b:41:
         5c:3c:b4:cf:45:0e:be:cd:01:5c:bf:8e:3e:fc:c6:5e:96:0d:
         3c:c2:1b:75:23:bd:6c:b1:91:c7:37:57:6e:c3:b7:2b:9e:92:
         d8:5c:28:24:f8:91:a1:a8:ef:8a:33:8e:31:17:c7:b3:54:08:
         56:bc:c4:ad:b8:64:b7:6b:29:3b:81:50:45:64:2c:43:fc:5e:
         9f:0b:9f:82:8e:f5:b1:c7:82:78:aa:d2:c5:3d:e8:70:3d:60:
         ad:52:04:0b:ea:99:5e:6d:1a:ec:bb:48:0b:30:ad:a1:44:ae:
         a8:99:36:53:03:82:61:2a:93:34:02:a8:bc:86:ec:e5:77:cd:
         2f:10:6e:fe:1a:2a:82:93:83:c0:7b:e6:c4:7d:5e:b0:e6:bf:
         36:ac:cf:71:95:24:f0:23:f3:85:b4:28:f8:37:7b:8e:a2:11:
         ae:01:d8:b2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIURoClbtUHSkO2pm8QuyGl3f6M+AEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU1MzJaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDgwNmYyMmViZTQwNGI2NzNlYTY4MzZiMTVkOTk1M2VkNzFkODE1ZjBmNTkw
YzM1OTM1ZGIyYzJkNWE2N2RiODIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKYo7ovAhNiG+/A7WYYEDMpzhA6AyTOjKsEK+mOnxl7rjSjP2p7z3iQHDkBF
4THq+0BdjcovIoT3g7MmRyYo29SHjEjPDSCnxL1amGYo3HKm4nLZHeJJ2KqNj/Ym
o+ZUwXk8d8Bp6hLTEDRf62IOC+HikNsZ78SfaD0Zt6VXnN60eXJPGTxWOM+a8owR
iSYoTEzYe/RKjC5PRHNVfCAW8L2AhkrK/krL1xINhEJ8lCVSzpWO2E7t6B4j5knF
rEQulg92VTBxIzEOlLehX9kyEYzssdZ5WHMQHfBgSzLsvuLmD7zB6NAS8ekqN5bk
JGlIkZl7pafZh+eMgXJJtl+uVFcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTCO6Sk
jvEtdmrcxbFOw5301RysZjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWE3OWJiMTgtYjc0ZC00Y2MzLWJhMDUtMjBhZjBmOTQzNWIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAikDAN
BgkqhkiG9w0BAQsFAAOCAQEAkt6XJgFM1cLyR5uff71cEjYeHYqKxHwYQp5Gl662
PsHM8rbW9kjP9bms3mXREbTSXpMMS8UJ3TMrQXO5pQ/D/kwzwi03tKrGb1wnYhHF
3vxqdOpRn5COp4tBXDy0z0UOvs0BXL+OPvzGXpYNPMIbdSO9bLGRxzdXbsO3K56S
2FwoJPiRoajvijOOMRfHs1QIVrzErbhkt2spO4FQRWQsQ/xenwufgo71sceCeKrS
xT3ocD1grVIEC+qZXm0a7LtICzCtoUSuqJk2UwOCYSqTNAKovIbs5XfNLxBu/hoq
gpODwHvmxH1esOa/NqzPcZUk8CPzhbQo+Dd7jqIRrgHYsg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:47 2025 by rpki-client