Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/06f5324f-fb2d-4212-b1f7-6ca0b172bf22.roa
File:                     06f5324f-fb2d-4212-b1f7-6ca0b172bf22.roa (raw, json)
Hash identifier:          Bhf4wM9mgQ+DIFXWfintOa/n06LAPJTB7WDJ5K8a/pY=
Subject key identifier:   6C:01:B0:51:CD:8E:33:AE:7D:F7:DE:0C:E4:8D:D6:94:0A:29:F4:94
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       56591E980256DDEF2ABA1B59D1C5D31C1748120C
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/06f5324f-fb2d-4212-b1f7-6ca0b172bf22.roa
Signing time:             Mon 29 Sep 2025 15:40:22 +0000
ROA not before:           Mon 29 Sep 2025 15:40:22 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc3:8000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:59:1e:98:02:56:dd:ef:2a:ba:1b:59:d1:c5:d3:1c:17:48:12:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:40:22 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=c643540e3c8fdad09bb3cc36bede6a97743590bdc93f47d0da5e48ee60d470e9, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c2:92:92:67:62:cb:b1:f1:d3:54:80:3d:c9:
                    40:7b:4e:7c:03:f1:bd:dc:ce:a3:27:d4:91:bf:7a:
                    1c:29:75:30:b0:b2:5f:dd:0c:a8:25:52:b3:1c:94:
                    64:c1:6d:ec:d6:96:ac:cb:08:c7:c4:50:01:38:55:
                    52:b5:32:7a:95:52:f1:f2:83:24:8b:4b:b6:bf:4f:
                    88:60:4a:b2:c6:ec:e9:a2:97:35:e6:d2:ca:c6:56:
                    86:b1:87:08:57:5e:28:0a:1a:eb:1c:e8:3b:85:70:
                    4d:ec:8d:98:74:05:b1:e9:e3:61:14:fd:1d:81:1f:
                    37:70:bf:8e:ee:01:1e:f5:61:b1:85:7e:55:76:3e:
                    71:d8:e4:65:b7:a8:d5:fd:74:5e:c0:c8:73:9d:e8:
                    7a:ee:41:98:79:89:e2:02:4e:4c:20:e1:d1:2b:08:
                    8f:d4:4d:1b:00:61:1b:47:6e:e7:3f:a0:67:96:00:
                    5a:87:e9:87:41:4f:5e:82:18:63:ec:bd:25:c4:27:
                    0f:3e:c6:16:14:6b:b1:8f:dc:1e:0d:72:e0:30:af:
                    cd:e8:69:52:45:31:0b:40:a2:e2:44:82:8f:a1:54:
                    ef:a7:9a:96:cb:9a:29:d7:1b:f9:6b:b9:fa:6d:7e:
                    a4:23:3f:d6:a7:b4:9a:bc:18:40:23:95:a1:18:00:
                    c4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:01:B0:51:CD:8E:33:AE:7D:F7:DE:0C:E4:8D:D6:94:0A:29:F4:94
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/06f5324f-fb2d-4212-b1f7-6ca0b172bf22.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc3:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7a:5d:4b:55:33:0a:5d:30:c3:d2:b9:38:be:ba:30:9e:a2:68:
         a0:29:e2:01:a9:24:dc:1f:59:d6:dc:d0:3f:1b:d4:64:10:43:
         f6:7a:ed:65:7e:5f:96:87:94:15:cd:f5:0b:04:d0:71:40:fb:
         be:9b:74:1c:3a:50:be:15:cc:ad:3b:71:4a:ff:01:96:ff:83:
         cf:c7:d4:e3:c6:96:f4:86:cf:11:29:f8:49:d3:2e:23:02:e2:
         a7:16:34:c3:bc:8a:cd:ea:26:33:1e:c5:bb:ec:85:5f:a5:46:
         f1:5a:60:62:cc:6f:9e:ec:e7:5a:f0:dd:1e:60:7c:e1:1b:b2:
         08:82:fb:91:03:51:14:a0:34:e5:18:66:0d:6d:91:d8:c1:15:
         74:8c:12:54:a1:3b:b9:fd:a4:ab:8e:89:0e:b7:86:a0:53:f8:
         b1:98:9b:32:d6:b6:d9:d8:a1:1c:3e:c3:b3:aa:9d:5d:22:b0:
         67:68:99:1d:52:c5:18:4a:ef:09:ab:85:9e:79:9b:ee:ed:a0:
         c5:91:e1:46:ca:70:9f:5c:73:8a:4a:6a:53:c2:e0:45:af:c0:
         42:28:0e:1a:12:e8:3a:0f:85:78:75:dc:1a:93:48:db:fb:91:
         39:da:3f:2e:14:92:f8:1f:ee:75:a5:49:8d:56:52:67:e2:be:
         8e:cb:bc:db
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVlkemAJW3e8quhtZ0cXTHBdIEgwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMjJaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGM2NDM1NDBlM2M4ZmRhZDA5YmIzY2MzNmJlZGU2YTk3NzQzNTkwYmRjOTNm
NDdkMGRhNWU0OGVlNjBkNDcwZTkxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALLCkpJnYsux8dNUgD3JQHtOfAPxvdzOoyfUkb96HCl1MLCyX90MqCVSsxyU
ZMFt7NaWrMsIx8RQAThVUrUyepVS8fKDJItLtr9PiGBKssbs6aKXNebSysZWhrGH
CFdeKAoa6xzoO4VwTeyNmHQFsenjYRT9HYEfN3C/ju4BHvVhsYV+VXY+cdjkZbeo
1f10XsDIc53oeu5BmHmJ4gJOTCDh0SsIj9RNGwBhG0du5z+gZ5YAWofph0FPXoIY
Y+y9JcQnDz7GFhRrsY/cHg1y4DCvzehpUkUxC0Ci4kSCj6FU76ealsuaKdcb+Wu5
+m1+pCM/1qe0mrwYQCOVoRgAxJECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRsAbBR
zY4zrn333gzkjdaUCin0lDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MDZmNTMyNGYtZmIyZC00MjEyLWIxZjctNmNhMGIxNzJiZjIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8OA
MA0GCSqGSIb3DQEBCwUAA4IBAQB6XUtVMwpdMMPSuTi+ujCeomigKeIBqSTcH1nW
3NA/G9RkEEP2eu1lfl+Wh5QVzfULBNBxQPu+m3QcOlC+FcytO3FK/wGW/4PPx9Tj
xpb0hs8RKfhJ0y4jAuKnFjTDvIrN6iYzHsW77IVfpUbxWmBizG+e7Oda8N0eYHzh
G7IIgvuRA1EUoDTlGGYNbZHYwRV0jBJUoTu5/aSrjokOt4agU/ixmJsy1rbZ2KEc
PsOzqp1dIrBnaJkdUsUYSu8Jq4WeeZvu7aDFkeFGynCfXHOKSmpTwuBFr8BCKA4a
Eug6D4V4ddwak0jb+5E52j8uFJL4H+51pUmNVlJn4r6Oy7zb
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:30 2025 by rpki-client