Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b2048b1c-363b-4b59-9d56-dc72187194a3.roa
File:                     b2048b1c-363b-4b59-9d56-dc72187194a3.roa (raw, json)
Hash identifier:          z4xL9bqQrt0NBczbK3vWnHaKmBostQbRPz89ZJk8UtY=
Subject key identifier:   EC:71:66:C9:13:B5:B5:D3:A3:AB:22:99:E1:6F:F0:10:38:92:A2:6D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       088F13231F31018DF269778D1B799B632837FD2E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b2048b1c-363b-4b59-9d56-dc72187194a3.roa
Signing time:             Mon 13 Oct 2025 17:56:11 +0000
ROA not before:           Mon 13 Oct 2025 17:56:11 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:8f:13:23:1f:31:01:8d:f2:69:77:8d:1b:79:9b:63:28:37:fd:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:56:11 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=02744433f2b248bd8d0573aefa1d03ad5285bf772a09f576399034849cf0f5d8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ef:ea:c6:50:f8:33:e5:45:32:69:4c:27:4e:
                    cd:93:42:20:fb:22:5e:65:27:29:d6:68:42:be:05:
                    bd:1f:a9:26:ce:98:6b:8f:e0:b3:ba:2a:e9:2e:f8:
                    98:57:7f:a8:6a:4e:3f:68:e1:83:d6:40:61:58:7a:
                    fa:87:f1:3f:ad:22:a9:22:e6:ce:d8:4e:08:31:f1:
                    40:e2:6e:c6:e3:39:e1:1f:5a:dd:1f:0c:61:81:92:
                    12:53:f4:a2:59:bf:08:19:dd:6f:1c:0c:ba:79:ca:
                    88:b1:32:b9:bf:45:b8:15:1f:ff:e5:2e:a8:38:e4:
                    31:62:ba:82:59:70:2a:b1:85:fe:a4:ef:9b:79:0a:
                    f0:3f:fb:62:21:05:bd:00:b3:a6:f0:13:92:34:07:
                    4c:3f:69:4d:a6:e2:57:28:36:87:f4:c5:62:46:5a:
                    a6:6e:d8:b7:72:84:fe:15:93:c0:05:7d:41:8f:69:
                    15:20:55:6e:b6:57:f7:f6:ea:d0:e6:09:3f:2d:61:
                    6c:1b:8c:73:5a:88:7b:4c:ae:64:5b:45:ef:1a:cd:
                    d6:07:8e:72:0f:c3:ba:62:ec:b4:b9:8b:09:14:73:
                    6f:cf:22:77:75:28:64:c4:fc:2d:92:b9:72:1e:e5:
                    4c:00:8a:e3:15:5c:95:d5:d5:d5:1a:1b:56:37:a5:
                    26:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:71:66:C9:13:B5:B5:D3:A3:AB:22:99:E1:6F:F0:10:38:92:A2:6D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b2048b1c-363b-4b59-9d56-dc72187194a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:dc:53:d6:06:35:31:e0:77:23:93:13:75:2e:58:a3:2f:50:
         fd:f3:a3:19:84:84:40:d3:21:e6:4d:1f:14:5c:88:d2:23:a0:
         da:0a:6c:60:9d:4c:e6:89:5f:c4:40:0e:90:61:6e:db:97:b1:
         5a:a8:d7:f4:8c:35:e4:50:ae:fe:9c:46:57:e9:87:7c:38:3c:
         4e:3f:e3:c3:99:8c:ca:53:2a:94:58:08:41:d5:29:a2:ed:a8:
         ca:1c:fb:7d:8b:9c:73:ca:e1:96:b8:e3:57:5c:9b:b3:aa:ff:
         30:3e:ea:28:cd:45:2d:09:45:47:16:27:d4:a7:c8:f9:5a:6d:
         d3:52:6b:d1:a6:fa:11:bd:5b:e9:49:4c:58:aa:fb:8d:06:d4:
         29:b1:a4:a7:ce:30:3a:2d:52:c3:7b:36:d1:d7:77:e1:b2:78:
         be:76:1b:09:1f:35:61:2c:1a:ae:69:4c:f9:82:58:34:6d:4c:
         d6:35:c0:05:07:86:50:0a:e8:30:5c:9f:47:1b:1f:57:4e:dd:
         f9:29:69:65:ed:74:a4:d5:bb:c6:a8:de:c6:71:7a:7d:ac:44:
         41:b6:34:03:ec:23:e4:5f:21:31:f4:7c:19:a9:8a:44:15:30:
         da:f6:c8:47:86:ea:0d:ed:b5:a5:ad:e9:71:b1:e2:dd:0e:4b:
         a6:40:2d:51
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCI8TIx8xAY3yaXeNG3mbYyg3/S4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU2MTFaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDAyNzQ0NDMzZjJiMjQ4YmQ4ZDA1NzNhZWZhMWQwM2FkNTI4NWJmNzcyYTA5
ZjU3NjM5OTAzNDg0OWNmMGY1ZDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMbv6sZQ+DPlRTJpTCdOzZNCIPsiXmUnKdZoQr4FvR+pJs6Ya4/gs7oq6S74
mFd/qGpOP2jhg9ZAYVh6+ofxP60iqSLmzthOCDHxQOJuxuM54R9a3R8MYYGSElP0
olm/CBndbxwMunnKiLEyub9FuBUf/+UuqDjkMWK6gllwKrGF/qTvm3kK8D/7YiEF
vQCzpvATkjQHTD9pTabiVyg2h/TFYkZapm7Yt3KE/hWTwAV9QY9pFSBVbrZX9/bq
0OYJPy1hbBuMc1qIe0yuZFtF7xrN1geOcg/DumLstLmLCRRzb88id3UoZMT8LZK5
ch7lTACK4xVcldXV1RobVjelJn8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTscWbJ
E7W106OrIpnhb/AQOJKibTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjIwNDhiMWMtMzYzYi00YjU5LTlkNTYtZGM3MjE4NzE5NGEzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArAiFDAN
BgkqhkiG9w0BAQsFAAOCAQEAoNxT1gY1MeB3I5MTdS5Yoy9Q/fOjGYSEQNMh5k0f
FFyI0iOg2gpsYJ1M5olfxEAOkGFu25exWqjX9Iw15FCu/pxGV+mHfDg8Tj/jw5mM
ylMqlFgIQdUpou2oyhz7fYucc8rhlrjjV1ybs6r/MD7qKM1FLQlFRxYn1KfI+Vpt
01Jr0ab6Eb1b6UlMWKr7jQbUKbGkp84wOi1Sw3s20dd34bJ4vnYbCR81YSwarmlM
+YJYNG1M1jXABQeGUAroMFyfRxsfV07d+SlpZe10pNW7xqjexnF6faxEQbY0A+wj
5F8hMfR8GamKRBUw2vbIR4bqDe21pa3pcbHi3Q5LpkAtUQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:15 2025 by rpki-client