Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa
File:                     c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa (raw, json)
Hash identifier:          OIJUlg2aquxKZz5mYVg1eaFIVUAt3a4MAdB2qxhOr1M=
Subject key identifier:   D9:82:78:62:23:A9:D4:AE:AC:91:A6:71:71:E1:F5:2D:1D:CF:90:F7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       126DA9CE6D0AE0B643D63AF4F8E10B338F450A01
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa
Signing time:             Mon 13 Oct 2025 17:56:14 +0000
ROA not before:           Mon 13 Oct 2025 17:56:14 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.128.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:6d:a9:ce:6d:0a:e0:b6:43:d6:3a:f4:f8:e1:0b:33:8f:45:0a:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:56:14 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=27e90c763da70c7e62834ea355dd8f62b6c6f737bbf9de5d623b34dd20eff7d4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6f:45:ee:63:cc:80:dc:02:c5:3f:bd:d7:ce:
                    db:61:07:2a:a9:4e:d4:c3:1e:9f:ac:84:01:31:b5:
                    44:27:2c:f4:a5:44:69:b8:5e:8f:d1:0c:52:01:70:
                    24:70:28:3e:90:29:c4:db:ed:4a:2e:e3:86:f5:a7:
                    3e:d9:ee:f7:6f:76:6c:20:49:a3:54:26:c9:cf:93:
                    e5:21:ed:bb:50:1b:6a:00:1b:6b:af:0c:2a:73:94:
                    3c:9c:9f:bf:71:ab:9a:1c:e0:34:0b:47:25:eb:a0:
                    a4:f1:7a:b6:54:31:b6:93:97:16:4e:c4:f8:01:c3:
                    a6:b8:0d:79:cb:70:1c:b3:aa:83:ac:6f:25:c1:ff:
                    ff:6d:31:1a:f0:e9:fe:6a:bd:e7:fc:f7:79:6b:12:
                    ca:19:c1:b7:b5:b4:39:e4:d8:e6:b9:31:06:d9:f5:
                    01:9e:cd:ea:8f:a5:de:7b:47:5c:67:5d:b8:91:b5:
                    b1:cf:9b:2e:63:1d:2e:a3:5a:a3:e6:2e:f6:05:a3:
                    b8:55:1e:df:3c:7c:6d:b7:9c:24:ba:4f:f3:e6:a8:
                    f3:f1:2b:57:47:8f:a7:b4:b6:b5:eb:a2:4c:e3:47:
                    6d:32:46:b1:e8:12:d6:44:99:2d:2a:ef:39:22:43:
                    d5:e1:42:c9:16:6d:cd:5a:93:3d:33:e1:ad:7a:bf:
                    11:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:82:78:62:23:A9:D4:AE:AC:91:A6:71:71:E1:F5:2D:1D:CF:90:F7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2d:21:f2:fb:13:46:fe:df:47:c5:aa:a0:48:d1:91:38:e7:b8:
         00:ec:a8:e5:96:d4:a7:24:cc:5b:4f:d8:4e:2d:dd:00:b8:b8:
         5d:a1:20:c4:a9:12:a4:dc:61:69:c8:0a:bc:ff:a6:ec:15:72:
         1f:f4:e2:10:f0:4c:79:77:c6:7d:0b:96:33:c9:fc:bf:66:a3:
         a2:19:01:7e:69:f7:e8:fa:6f:05:64:ee:dc:90:e2:a6:f1:be:
         f1:42:54:c7:fb:d9:22:17:34:6b:3f:16:34:ee:69:d6:b7:f1:
         cb:a7:ee:55:f4:92:f3:4a:b5:ab:ae:e6:8b:98:47:b8:d8:88:
         a5:eb:0d:47:25:ad:5b:0b:f2:4d:f8:3c:f9:a6:e0:cc:1a:c0:
         0e:39:38:c0:04:21:64:3f:e9:89:87:bc:23:ad:59:96:6a:d6:
         9c:4e:bd:20:1d:99:b7:81:e3:b7:cb:49:5b:a8:3e:7c:69:ae:
         17:e4:74:da:70:1c:48:11:27:89:51:68:1e:8d:b5:a2:ca:f3:
         0f:eb:e2:e1:40:e9:2b:71:e9:84:c8:2a:22:85:aa:ee:db:e9:
         e2:68:de:42:ae:31:d3:20:67:85:88:e7:f1:34:21:79:86:66:
         c2:15:a0:72:bd:5a:e4:8d:43:8f:b4:c3:ee:fd:86:23:bb:bf:
         64:35:41:85
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUEm2pzm0K4LZD1jr0+OELM49FCgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU2MTRaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDI3ZTkwYzc2M2RhNzBjN2U2MjgzNGVhMzU1ZGQ4ZjYyYjZjNmY3MzdiYmY5
ZGU1ZDYyM2IzNGRkMjBlZmY3ZDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKVvRe5jzIDcAsU/vdfO22EHKqlO1MMen6yEATG1RCcs9KVEabhej9EMUgFw
JHAoPpApxNvtSi7jhvWnPtnu9292bCBJo1Qmyc+T5SHtu1AbagAba68MKnOUPJyf
v3GrmhzgNAtHJeugpPF6tlQxtpOXFk7E+AHDprgNectwHLOqg6xvJcH//20xGvDp
/mq95/z3eWsSyhnBt7W0OeTY5rkxBtn1AZ7N6o+l3ntHXGdduJG1sc+bLmMdLqNa
o+Yu9gWjuFUe3zx8bbecJLpP8+ao8/ErV0ePp7S2teuiTONHbTJGsegS1kSZLSrv
OSJD1eFCyRZtzVqTPTPhrXq/EQcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTZgnhi
I6nUrqyRpnFx4fUtHc+Q9zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzJjZDRkZGYtOWEzOC00MjVhLTgwMjEtYzQ1ZWQ5NmM1MGVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAigDAN
BgkqhkiG9w0BAQsFAAOCAQEALSHy+xNG/t9HxaqgSNGROOe4AOyo5ZbUpyTMW0/Y
Ti3dALi4XaEgxKkSpNxhacgKvP+m7BVyH/TiEPBMeXfGfQuWM8n8v2ajohkBfmn3
6PpvBWTu3JDipvG+8UJUx/vZIhc0az8WNO5p1rfxy6fuVfSS80q1q67mi5hHuNiI
pesNRyWtWwvyTfg8+abgzBrADjk4wAQhZD/piYe8I61ZlmrWnE69IB2Zt4Hjt8tJ
W6g+fGmuF+R02nAcSBEniVFoHo21osrzD+vi4UDpK3HphMgqIoWq7tvp4mjeQq4x
0yBnhYjn8TQheYZmwhWgcr1a5I1Dj7TD7v2GI7u/ZDVBhQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:16 2025 by rpki-client