Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/07aa2549-9eea-428d-a23d-c0e66b59cdb0.roa
File:                     07aa2549-9eea-428d-a23d-c0e66b59cdb0.roa (raw, json)
Hash identifier:          8NFUdO2gmT/i4ljUuP3Z5dY7/tkGyqdpZiVc90fPwNA=
Subject key identifier:   83:9D:8F:72:92:FE:0B:8E:DE:E5:E7:25:E6:F3:81:AC:B2:4B:AD:AB
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       66ED1E6F20D1481985F705841BB534C32BDC98BE
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/07aa2549-9eea-428d-a23d-c0e66b59cdb0.roa
Signing time:             Mon 29 Sep 2025 15:39:56 +0000
ROA not before:           Mon 29 Sep 2025 15:39:56 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc1:8000::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:ed:1e:6f:20:d1:48:19:85:f7:05:84:1b:b5:34:c3:2b:dc:98:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:39:56 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=eb82f2358d13e6a81e38551aa9cef7f0dffa8dd6dbfa6e2ea5213075f6b3b53a, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5a:b2:5c:8b:8f:54:ec:b4:f9:40:c1:8a:86:
                    86:fc:f7:8b:18:01:69:ba:88:78:de:c4:d8:94:8b:
                    85:b9:0c:b5:d6:b3:f1:ef:c2:94:93:1a:69:f1:8f:
                    67:ac:bd:31:e8:a6:b1:a9:76:9c:2e:2f:97:87:78:
                    29:2e:5b:35:d1:3a:ad:61:79:de:56:cd:a0:e2:02:
                    d2:88:6f:8d:0a:75:27:03:6d:6a:30:64:dc:9a:4d:
                    7d:4e:13:6c:7d:0b:0e:3d:1b:6b:31:17:5f:92:04:
                    93:d8:fc:b7:e1:9f:20:4a:90:79:7c:24:e0:d3:01:
                    62:d4:41:ed:d4:34:52:1f:23:85:07:43:74:21:bc:
                    c2:64:96:c1:76:5d:fe:c4:89:e7:56:8d:c4:75:37:
                    c4:93:67:47:f1:be:dc:25:5d:ef:88:8b:86:88:09:
                    e7:9e:62:55:18:57:65:a7:83:c7:b2:af:5e:92:20:
                    59:5e:47:3e:74:b8:27:da:4b:d1:6b:3d:63:71:fb:
                    f6:97:0e:ba:a3:c3:e8:5b:48:16:07:d8:dd:06:6c:
                    e7:e3:fd:f4:9d:a8:84:05:57:78:5f:60:15:c8:2a:
                    64:68:96:1d:23:05:d9:2a:4b:e7:9e:72:21:02:0d:
                    bb:49:a0:88:c1:27:df:3f:d5:f1:90:18:7c:e8:b4:
                    2b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:9D:8F:72:92:FE:0B:8E:DE:E5:E7:25:E6:F3:81:AC:B2:4B:AD:AB
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/07aa2549-9eea-428d-a23d-c0e66b59cdb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc1:8000::/38

    Signature Algorithm: sha256WithRSAEncryption
         2f:46:bc:90:82:8f:fb:5c:06:f7:d5:c3:9d:8b:1f:63:9b:1f:
         bf:b8:8c:83:d0:4c:cf:44:34:77:77:8e:e6:4d:6c:1a:82:d2:
         bf:2d:99:89:3b:a9:0f:c0:c9:ce:c4:f5:7c:3a:cd:e6:1e:5e:
         a2:bc:03:65:56:77:30:e7:7c:e2:ad:54:db:e5:6e:3f:64:d6:
         a2:86:de:96:08:2a:7a:14:53:fd:ea:ea:ba:fe:e9:95:23:86:
         ae:6f:0c:95:e2:b6:a7:bc:7b:06:32:40:cd:46:77:dc:c3:4b:
         db:ef:7c:5c:5a:1a:51:7f:41:a2:c4:9f:71:5c:41:e3:a0:41:
         6f:d8:78:2e:6a:12:11:3c:f4:9a:85:19:5b:84:bf:49:a5:b6:
         af:c3:14:fb:f5:4e:61:5f:16:ba:d4:8d:8a:2f:00:7a:38:cf:
         50:c5:e6:aa:c2:b7:8e:8d:98:23:4f:bc:ee:fe:6c:e8:b1:77:
         b3:92:98:47:2c:cc:80:5f:ad:08:2c:48:40:d6:35:d5:5f:af:
         3f:90:16:a5:1b:de:ab:6b:cf:98:d6:92:0f:09:84:95:c0:00:
         ce:e0:10:11:08:c7:12:3f:0f:24:01:66:58:5b:0e:98:92:37:
         db:df:c0:5f:f1:9d:04:e9:a9:07:46:2f:4e:ce:97:bb:c5:b6:
         48:b7:e8:d8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZu0ebyDRSBmF9wWEG7U0wyvcmL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTM5NTZaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGViODJmMjM1OGQxM2U2YTgxZTM4NTUxYWE5Y2VmN2YwZGZmYThkZDZkYmZh
NmUyZWE1MjEzMDc1ZjZiM2I1M2ExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ1aslyLj1TstPlAwYqGhvz3ixgBabqIeN7E2JSLhbkMtdaz8e/ClJMaafGP
Z6y9Meimsal2nC4vl4d4KS5bNdE6rWF53lbNoOIC0ohvjQp1JwNtajBk3JpNfU4T
bH0LDj0bazEXX5IEk9j8t+GfIEqQeXwk4NMBYtRB7dQ0Uh8jhQdDdCG8wmSWwXZd
/sSJ51aNxHU3xJNnR/G+3CVd74iLhogJ555iVRhXZaeDx7KvXpIgWV5HPnS4J9pL
0Ws9Y3H79pcOuqPD6FtIFgfY3QZs5+P99J2ohAVXeF9gFcgqZGiWHSMF2SpL555y
IQINu0mgiMEn3z/V8ZAYfOi0K7MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSDnY9y
kv4Ljt7l5yXm84GsskutqzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MDdhYTI1NDktOWVlYS00MjhkLWEyM2QtYzBlNjZiNTljZGIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAiABP8GA
MA0GCSqGSIb3DQEBCwUAA4IBAQAvRryQgo/7XAb31cOdix9jmx+/uIyD0EzPRDR3
d47mTWwagtK/LZmJO6kPwMnOxPV8Os3mHl6ivANlVncw53zirVTb5W4/ZNaiht6W
CCp6FFP96uq6/umVI4aubwyV4ranvHsGMkDNRnfcw0vb73xcWhpRf0GixJ9xXEHj
oEFv2HguahIRPPSahRlbhL9JpbavwxT79U5hXxa61I2KLwB6OM9QxeaqwreOjZgj
T7zu/mzosXezkphHLMyAX60ILEhA1jXVX68/kBalG96ra8+Y1pIPCYSVwADO4BAR
CMcSPw8kAWZYWw6Ykjfb38Bf8Z0E6akHRi9Ozpe7xbZIt+jY
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:28 2025 by rpki-client