Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/00d32677-2dbe-47e3-a4b3-be1e601729bd.roa
File:                     00d32677-2dbe-47e3-a4b3-be1e601729bd.roa (raw, json)
Hash identifier:          +aPAFRiLs0ydE9pxaD3gk9TH8mYx+0dsH2i81seJOfg=
Subject key identifier:   55:F5:37:95:9A:21:07:1F:FA:69:92:60:73:F3:D1:38:30:BA:39:25
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       47443448ED04CE835AFD24A5C6E4497336FC949B
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/00d32677-2dbe-47e3-a4b3-be1e601729bd.roa
Signing time:             Sat 27 Sep 2025 00:53:09 +0000
ROA not before:           Sat 27 Sep 2025 00:53:09 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc5:9000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:44:34:48:ed:04:ce:83:5a:fd:24:a5:c6:e4:49:73:36:fc:94:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 27 00:53:09 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=cce3cb9865262f0a7da577c65e8cc7b4e5ebdd261fb8fcdf16a0d5ec2dd17d8a, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:95:41:62:fe:c7:e1:8a:48:f3:16:85:eb:d1:
                    7d:e4:04:3f:bd:fb:73:0c:37:1d:d1:d7:2b:d4:2a:
                    d5:37:14:fa:00:82:49:81:3d:67:a8:2a:98:98:d6:
                    00:bd:ba:93:de:ae:0b:4b:ff:17:d3:80:07:b9:31:
                    c1:00:0b:8e:ea:53:22:a6:a2:01:c5:5a:b3:03:d7:
                    9e:44:81:18:3d:b8:3c:4f:08:4c:c9:c5:3c:c4:73:
                    17:68:fa:63:77:53:13:e9:07:43:1c:24:dc:6f:3e:
                    28:ee:a1:98:01:3d:da:96:83:c4:f6:d3:31:f0:9b:
                    cb:5b:c1:b4:99:67:22:20:22:18:60:bc:1c:da:0e:
                    ef:4c:c7:4f:2c:22:4e:aa:80:62:01:30:99:ea:8d:
                    f4:24:a4:ec:07:aa:3b:76:8a:a3:a1:6e:93:0e:da:
                    88:70:f2:57:56:28:1a:64:bb:7e:b5:aa:73:3f:e0:
                    32:75:fc:46:2e:70:1d:c1:9f:7e:a8:eb:c5:d3:d6:
                    22:66:7c:b8:8f:6d:79:d1:85:ae:6e:ce:8e:dd:f2:
                    70:85:c0:1d:78:f2:0c:30:69:1a:c3:b2:79:b5:e1:
                    de:f1:8f:d2:50:ec:54:a6:5d:fb:78:45:ca:a1:69:
                    28:2e:4f:0a:6e:f6:d7:41:b2:81:af:8e:76:ef:19:
                    dc:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:F5:37:95:9A:21:07:1F:FA:69:92:60:73:F3:D1:38:30:BA:39:25
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/00d32677-2dbe-47e3-a4b3-be1e601729bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc5:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7e:85:eb:81:62:07:75:b3:52:9e:e4:a4:e1:5f:ba:81:58:cf:
         99:57:79:5c:2e:b3:da:35:05:96:ad:43:a0:b6:3e:44:c5:8f:
         f6:6e:1f:c1:6a:fe:0b:23:ff:44:d0:b9:ca:61:69:25:23:59:
         da:26:c8:18:71:d0:3f:43:84:81:51:3f:35:71:ec:9c:bf:be:
         46:03:16:b0:65:40:a2:e8:e6:3e:be:b3:4e:c4:23:79:50:4d:
         e0:05:24:4f:41:cb:41:01:d0:a2:33:44:4d:af:5b:74:fc:4a:
         35:b4:a4:75:b4:fd:06:ab:08:36:c8:3a:00:2a:a9:6b:c4:a4:
         ed:f6:2e:b9:de:35:d8:73:f2:56:c6:ec:a6:5c:04:b3:90:2a:
         c9:66:62:5f:b9:e4:84:6e:65:1c:aa:53:7e:07:fb:63:51:36:
         22:e3:d1:e9:40:c1:54:e5:5a:29:3a:0f:16:83:c0:63:38:94:
         aa:b9:32:71:3a:a8:bb:2c:8e:b7:5c:24:a1:b3:9f:4c:f7:20:
         40:05:a3:f3:2f:05:9c:89:e6:93:ee:cf:01:af:11:e0:a2:79:
         c7:f6:37:3c:a9:cd:ce:01:fe:de:b1:47:c4:d6:8f:b9:05:47:
         ae:87:2f:dd:39:de:85:26:ce:6f:c5:4f:a3:5d:a1:6a:9e:32:
         7e:9b:48:dd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUR0Q0SO0EzoNa/SSlxuRJczb8lJswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjcwMDUzMDlaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGNjZTNjYjk4NjUyNjJmMGE3ZGE1NzdjNjVlOGNjN2I0ZTVlYmRkMjYxZmI4
ZmNkZjE2YTBkNWVjMmRkMTdkOGExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqVQWL+x+GKSPMWhevRfeQEP737cww3HdHXK9Qq1TcU+gCCSYE9Z6gqmJjW
AL26k96uC0v/F9OAB7kxwQALjupTIqaiAcVaswPXnkSBGD24PE8ITMnFPMRzF2j6
Y3dTE+kHQxwk3G8+KO6hmAE92paDxPbTMfCby1vBtJlnIiAiGGC8HNoO70zHTywi
TqqAYgEwmeqN9CSk7AeqO3aKo6Fukw7aiHDyV1YoGmS7frWqcz/gMnX8Ri5wHcGf
fqjrxdPWImZ8uI9tedGFrm7Ojt3ycIXAHXjyDDBpGsOyebXh3vGP0lDsVKZd+3hF
yqFpKC5PCm7210Gyga+Odu8Z3DUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRV9TeV
miEHH/ppkmBz89E4MLo5JTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MDBkMzI2NzctMmRiZS00N2UzLWE0YjMtYmUxZTYwMTcyOWJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8WQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB+heuBYgd1s1Ke5KThX7qBWM+ZV3lcLrPaNQWW
rUOgtj5ExY/2bh/Bav4LI/9E0LnKYWklI1naJsgYcdA/Q4SBUT81ceycv75GAxaw
ZUCi6OY+vrNOxCN5UE3gBSRPQctBAdCiM0RNr1t0/Eo1tKR1tP0Gqwg2yDoAKqlr
xKTt9i653jXYc/JWxuymXASzkCrJZmJfueSEbmUcqlN+B/tjUTYi49HpQMFU5Vop
Og8Wg8BjOJSquTJxOqi7LI63XCShs59M9yBABaPzLwWcieaT7s8BrxHgonnH9jc8
qc3OAf7esUfE1o+5BUeuhy/dOd6FJs5vxU+jXaFqnjJ+m0jd
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:47:03 2025 by rpki-client