Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b2928b95-2f30-4b39-bb79-f70b43a46278.roa
File:                     b2928b95-2f30-4b39-bb79-f70b43a46278.roa (raw, json)
Hash identifier:          jrnmpZAxMf6GgYKEdjwsNRy11dBU+RnGbd6McMTjEQ8=
Subject key identifier:   FE:DD:34:AA:04:8D:13:AF:3C:86:19:16:6A:7E:36:96:F8:56:36:07
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       42A0AD7F304910CA6535D43FC75BBA2571EFD015
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b2928b95-2f30-4b39-bb79-f70b43a46278.roa
Signing time:             Mon 13 Oct 2025 17:56:07 +0000
ROA not before:           Mon 13 Oct 2025 17:56:07 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.32.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:a0:ad:7f:30:49:10:ca:65:35:d4:3f:c7:5b:ba:25:71:ef:d0:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:56:07 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=898f9b737c46c48b3b3ee9f33da5c4c90425ccaa521209ab0be7f78afcc7b79b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8c:96:cd:23:b2:a2:c4:2f:92:de:51:55:03:
                    54:d9:e9:dc:f7:71:1e:27:86:74:a0:97:aa:bb:e2:
                    6d:11:c2:63:f7:20:55:ae:c1:06:e8:9e:bb:2b:69:
                    48:c8:7a:86:af:70:00:73:23:56:17:bb:74:11:a5:
                    0e:71:99:12:87:32:f9:74:46:16:06:37:9a:1f:d3:
                    9c:dd:e5:8a:fc:f0:12:19:b3:d2:46:ae:79:bd:78:
                    9e:dd:f6:64:df:75:03:88:05:88:9a:e6:3b:5e:6f:
                    7d:6f:cf:8a:aa:95:c3:43:00:68:b5:2a:73:3b:ca:
                    91:69:f1:dc:7a:68:65:32:ae:fa:e4:11:cc:05:97:
                    23:18:76:e6:5f:0b:2f:8d:28:f4:10:64:bb:6c:91:
                    d1:6f:2f:de:81:d5:d7:cf:de:f9:8a:3b:c4:d1:be:
                    e6:5a:d5:78:9c:aa:1a:18:3d:cc:e4:f3:92:90:f4:
                    a1:ae:d5:8b:2e:cb:af:8f:39:23:43:77:72:e1:6c:
                    20:42:e0:7c:cd:f7:39:9e:bb:a0:9a:1e:bc:10:e0:
                    2e:2a:d2:c5:e8:a5:10:e7:1b:0f:d9:d3:b0:a9:63:
                    7c:7c:ae:6b:43:8a:3c:b4:8a:22:b9:29:2c:0a:05:
                    52:af:ab:8a:ca:b6:6c:ee:9d:ee:eb:ed:27:7a:85:
                    69:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DD:34:AA:04:8D:13:AF:3C:86:19:16:6A:7E:36:96:F8:56:36:07
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b2928b95-2f30-4b39-bb79-f70b43a46278.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:d8:e2:20:7a:44:b2:9c:db:fe:25:4a:82:10:7d:a6:02:fb:
         af:4e:ab:3d:fa:b6:97:a1:72:51:66:65:73:89:10:73:60:0b:
         c8:95:d4:07:a4:78:d9:16:51:71:b5:73:e6:c9:38:2e:f3:db:
         f5:8d:18:d8:19:f0:fb:05:ab:5d:27:68:3d:f0:45:08:5b:de:
         c1:5b:d0:d0:20:bc:88:a0:5a:13:de:81:5c:70:c1:36:dc:04:
         08:25:c4:9a:8e:54:43:31:05:1b:0b:38:57:47:2e:c2:c1:f6:
         85:7e:5a:82:6e:39:e2:0e:94:71:49:86:fe:f1:2c:fc:6c:9f:
         e2:f2:9d:c5:74:6a:89:d9:08:bf:e5:01:51:cb:40:48:c4:ac:
         06:34:46:cc:10:53:fb:97:9a:61:29:fd:7c:47:f6:f5:3e:31:
         58:87:66:cf:ed:84:e2:5d:7d:58:e0:67:4f:77:fe:10:78:f3:
         4d:3c:01:7f:3c:c2:4c:8b:6c:30:5f:a6:ec:14:85:b1:4e:c4:
         f2:bd:c7:20:06:f1:45:94:51:7a:04:e3:e0:8b:7c:0c:42:a8:
         a2:16:ea:ad:b1:b5:83:be:db:05:5e:80:67:53:7f:dc:6c:24:
         4a:5a:63:81:8e:61:73:e6:9c:6d:6f:3b:74:b3:e5:b3:aa:f2:
         38:d9:8d:12
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQqCtfzBJEMplNdQ/x1u6JXHv0BUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU2MDdaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDg5OGY5YjczN2M0NmM0OGIzYjNlZTlmMzNkYTVjNGM5MDQyNWNjYWE1MjEy
MDlhYjBiZTdmNzhhZmNjN2I3OWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKuMls0jsqLEL5LeUVUDVNnp3PdxHieGdKCXqrvibRHCY/cgVa7BBuieuytp
SMh6hq9wAHMjVhe7dBGlDnGZEocy+XRGFgY3mh/TnN3livzwEhmz0kaueb14nt32
ZN91A4gFiJrmO15vfW/PiqqVw0MAaLUqczvKkWnx3HpoZTKu+uQRzAWXIxh25l8L
L40o9BBku2yR0W8v3oHV18/e+Yo7xNG+5lrVeJyqGhg9zOTzkpD0oa7Viy7Lr485
I0N3cuFsIELgfM33OZ67oJoevBDgLirSxeilEOcbD9nTsKljfHyua0OKPLSKIrkp
LAoFUq+risq2bO6d7uvtJ3qFaZUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBT+3TSq
BI0TrzyGGRZqfjaW+FY2BzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjI5MjhiOTUtMmYzMC00YjM5LWJiNzktZjcwYjQzYTQ2Mjc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArAgVDAN
BgkqhkiG9w0BAQsFAAOCAQEAI9jiIHpEspzb/iVKghB9pgL7r06rPfq2l6FyUWZl
c4kQc2ALyJXUB6R42RZRcbVz5sk4LvPb9Y0Y2Bnw+wWrXSdoPfBFCFvewVvQ0CC8
iKBaE96BXHDBNtwECCXEmo5UQzEFGws4V0cuwsH2hX5agm454g6UcUmG/vEs/Gyf
4vKdxXRqidkIv+UBUctASMSsBjRGzBBT+5eaYSn9fEf29T4xWIdmz+2E4l19WOBn
T3f+EHjzTTwBfzzCTItsMF+m7BSFsU7E8r3HIAbxRZRRegTj4It8DEKoohbqrbG1
g77bBV6AZ1N/3GwkSlpjgY5hc+acbW87dLPls6ryONmNEg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:55 2025 by rpki-client