Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/65fd1736-b3cd-4b5b-abca-9d430a70e064.roa
File:                     65fd1736-b3cd-4b5b-abca-9d430a70e064.roa (raw, json)
Hash identifier:          5xtd14lkg5Rcyaliwow1WuqmonZT8uQ2XJ6D8r9wZ0o=
Subject key identifier:   B5:CD:FC:3B:37:B0:9D:DA:9C:70:49:54:BF:D4:BF:5C:CC:00:D3:93
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0DB9D8DBF7C8B7F43419114C019088EA2A4ED60E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/65fd1736-b3cd-4b5b-abca-9d430a70e064.roa
Signing time:             Tue 01 Jul 2025 15:00:59 +0000
ROA not before:           Tue 01 Jul 2025 15:00:59 +0000
ROA not after:            Tue 05 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:b9:d8:db:f7:c8:b7:f4:34:19:11:4c:01:90:88:ea:2a:4e:d6:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul  1 15:00:59 2025 GMT
            Not After : Aug  5 23:59:59 2025 GMT
        Subject: serialNumber=3a62f61d6657986bd97ff4a8eae22058ef9274ec48cbcb504a008f961774d1ea, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a9:9a:f6:34:1a:6d:46:1d:fe:29:16:3c:06:
                    29:06:8f:80:58:56:da:3e:53:5d:61:46:2c:b4:f2:
                    0e:99:2f:34:30:cc:b9:52:55:88:e1:19:df:30:3a:
                    42:32:e6:9b:dd:02:3b:5b:ea:5a:5f:7f:f2:6d:86:
                    79:e1:26:7e:41:73:d5:48:a8:41:e5:24:a6:c7:e7:
                    c1:48:8a:e7:8c:dc:2b:64:b3:a1:56:a4:b5:ea:9f:
                    a6:4c:e9:62:84:aa:c5:c9:8b:f2:d9:d4:54:17:69:
                    eb:1f:7f:fb:6f:a9:10:21:fe:8e:99:84:ab:62:ec:
                    bc:3c:71:d5:79:c2:f5:9c:53:b9:9d:70:a1:2d:98:
                    94:3a:cc:53:a7:95:09:d6:b8:9f:65:33:13:15:75:
                    21:c3:9b:91:ef:ba:96:06:f8:60:60:86:4d:6c:f3:
                    02:3e:56:05:9e:a5:bd:3a:82:5c:0e:f3:5f:54:e7:
                    7a:a8:18:bb:39:ce:ad:ee:92:92:79:4d:4a:ed:82:
                    c5:33:4d:96:20:c9:39:41:2a:f1:d0:84:56:5f:e9:
                    69:ef:df:99:38:a8:f5:85:5c:ed:c3:8f:0b:4e:38:
                    75:a5:08:43:e5:d8:d6:49:f7:a7:76:b0:9f:b8:50:
                    55:05:5d:7a:91:8d:86:fe:8c:5f:e4:6b:5f:b2:17:
                    a5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CD:FC:3B:37:B0:9D:DA:9C:70:49:54:BF:D4:BF:5C:CC:00:D3:93
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/65fd1736-b3cd-4b5b-abca-9d430a70e064.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         8a:0f:63:2d:22:64:53:e5:3b:08:55:1c:5a:d6:cc:d7:b6:81:
         9b:7b:7b:14:5f:fa:54:24:97:f3:38:43:ca:48:30:f1:3c:b3:
         76:1c:09:d9:31:90:e9:9f:08:a8:d7:70:ea:5e:43:cb:d8:61:
         aa:36:f9:32:d5:f5:e0:79:28:fb:e3:96:29:58:c8:ad:f9:9c:
         7c:f1:40:ed:58:15:ce:82:d8:a2:2f:7a:34:7e:d0:7b:ba:6b:
         5c:e9:c4:6e:64:05:9f:4f:b5:2e:1d:40:39:96:46:8b:f2:05:
         5e:f5:8b:ca:e4:90:bf:9c:96:1d:1f:73:83:d3:0b:9c:25:cb:
         49:14:b8:4d:bf:c4:94:3e:aa:d0:1c:5c:48:9f:9f:2f:04:59:
         73:09:5b:ab:3c:00:97:9e:e8:90:b4:19:e7:a9:9f:f9:77:05:
         ce:9c:50:e4:73:37:21:47:c7:48:2a:72:00:4d:7c:b2:f3:d6:
         1d:e2:60:6a:34:9e:e2:be:ec:19:7e:c4:57:bb:d3:c1:24:49:
         78:39:df:b0:be:9a:11:37:19:31:ba:62:f5:cf:87:bc:42:38:
         a5:9f:0a:21:62:ad:c4:f2:77:a8:6b:81:df:dd:78:38:c1:b5:
         71:11:c6:85:10:bd:f9:49:c5:e4:e1:cd:33:d3:c1:4b:70:dd:
         a2:b0:bd:89
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUDbnY2/fIt/Q0GRFMAZCI6ipO1g4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDExNTAwNTlaFw0yNTA4MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNhNjJmNjFkNjY1Nzk4NmJkOTdmZjRhOGVhZTIyMDU4ZWY5Mjc0ZWM0OGNi
Y2I1MDRhMDA4Zjk2MTc3NGQxZWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKypmvY0Gm1GHf4pFjwGKQaPgFhW2j5TXWFGLLTyDpkvNDDMuVJViOEZ3zA6
QjLmm90CO1vqWl9/8m2GeeEmfkFz1UioQeUkpsfnwUiK54zcK2SzoVakteqfpkzp
YoSqxcmL8tnUVBdp6x9/+2+pECH+jpmEq2LsvDxx1XnC9ZxTuZ1woS2YlDrMU6eV
Cda4n2UzExV1IcObke+6lgb4YGCGTWzzAj5WBZ6lvTqCXA7zX1TneqgYuznOre6S
knlNSu2CxTNNliDJOUEq8dCEVl/pae/fmTio9YVc7cOPC044daUIQ+XY1kn3p3aw
n7hQVQVdepGNhv6MX+RrX7IXpVcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS1zfw7
N7Cd2pxwSVS/1L9czADTkzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjVmZDE3MzYtYjNjZC00YjViLWFiY2EtOWQ0MzBhNzBlMDY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBrAiwDAN
BgkqhkiG9w0BAQsFAAOCAQEAig9jLSJkU+U7CFUcWtbM17aBm3t7FF/6VCSX8zhD
ykgw8TyzdhwJ2TGQ6Z8IqNdw6l5Dy9hhqjb5MtX14Hko++OWKVjIrfmcfPFA7VgV
zoLYoi96NH7Qe7prXOnEbmQFn0+1Lh1AOZZGi/IFXvWLyuSQv5yWHR9zg9MLnCXL
SRS4Tb/ElD6q0BxcSJ+fLwRZcwlbqzwAl57okLQZ56mf+XcFzpxQ5HM3IUfHSCpy
AE18svPWHeJgajSe4r7sGX7EV7vTwSRJeDnfsL6aETcZMbpi9c+HvEI4pZ8KIWKt
xPJ3qGuB3914OMG1cRHGhRC9+UnF5OHNM9PBS3DdorC9iQ==
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:55:37 2025 by rpki-client