Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/2a82b03e-517c-4a81-96ab-2cf6049a7f3d.roa
File:                     2a82b03e-517c-4a81-96ab-2cf6049a7f3d.roa (raw, json)
Hash identifier:          7DB9MfvevHCxN9BPjKuGBqh+pQ6AVT1bygsVhsBfGtE=
Subject key identifier:   9F:DC:5C:64:D8:EA:10:8A:3C:DF:A3:C0:A5:AF:0D:CB:67:E6:39:A9
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       51140DD1701395A4048FBC80095B478D9A5B811D
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/2a82b03e-517c-4a81-96ab-2cf6049a7f3d.roa
Signing time:             Mon 29 Sep 2025 15:40:23 +0000
ROA not before:           Mon 29 Sep 2025 15:40:23 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc3:6800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:14:0d:d1:70:13:95:a4:04:8f:bc:80:09:5b:47:8d:9a:5b:81:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:40:23 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=182c5a859fac4e004109d6afd7aa2d2ba0f0a7e1f232ba50489d090f41fc8e4a, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:61:f1:6d:5f:98:a5:82:4f:5d:b6:64:c3:ec:
                    3b:9e:9e:15:2b:01:6e:2f:75:06:26:85:e9:48:c5:
                    c8:0d:4d:b0:a5:76:79:7b:4c:04:8a:2c:0e:14:be:
                    cd:85:63:a7:72:c2:9a:05:6f:1a:24:49:3a:cf:f5:
                    74:83:a5:9a:3c:7a:d2:f8:88:e4:e6:28:e7:c5:e2:
                    e4:6d:51:f3:ae:77:2f:fe:08:5e:e1:54:fd:ec:0d:
                    7d:02:ea:90:14:5d:07:cb:e7:a5:fd:7c:f4:ce:1f:
                    b1:2d:6b:f6:36:b8:bf:b4:4c:3b:51:39:e9:00:c1:
                    87:28:ee:71:ec:aa:23:7d:b9:10:89:ae:f3:e2:2d:
                    95:2a:fd:08:1c:57:5d:db:fc:1b:2c:2f:4d:d7:fb:
                    b9:ed:4c:49:9f:e8:cc:1c:95:7a:fa:71:d7:e8:e6:
                    92:fc:84:8e:d1:5e:2b:d8:dc:14:8b:80:38:fe:f6:
                    4b:02:d1:7e:fd:9a:0d:26:69:eb:ae:54:f8:f4:63:
                    5c:28:b3:09:1f:20:65:27:22:70:da:71:56:0a:4f:
                    88:2a:6a:f0:77:1e:c8:f4:d3:fe:45:c8:ae:89:d5:
                    b9:53:40:4e:ea:d5:96:22:d8:fc:22:80:01:02:6c:
                    a5:72:58:17:ff:7e:43:ba:03:15:cc:19:22:a3:bb:
                    5c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:DC:5C:64:D8:EA:10:8A:3C:DF:A3:C0:A5:AF:0D:CB:67:E6:39:A9
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/2a82b03e-517c-4a81-96ab-2cf6049a7f3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc3:6800::/40

    Signature Algorithm: sha256WithRSAEncryption
         53:4b:9a:b0:ff:78:3a:0d:a7:77:72:e9:9d:62:bb:77:3a:76:
         ed:fc:72:cc:62:6f:38:05:b2:90:4b:8a:21:13:68:32:52:be:
         0e:a4:dd:b8:83:45:7c:49:75:f8:10:65:f9:cb:18:01:a3:9a:
         bc:ea:4b:c6:16:92:94:de:dd:f1:4f:59:4d:56:a1:bf:cc:ef:
         00:8f:75:b9:9e:e1:7a:f0:d1:c4:3f:17:c1:a9:78:43:1f:c4:
         be:3a:f3:13:8f:4d:f0:d2:ea:59:11:35:d2:85:fc:d2:35:d2:
         81:81:64:a5:0f:96:f7:e4:f4:5d:3d:18:9d:fa:27:6a:34:c3:
         26:a5:9a:eb:e4:d3:87:c4:05:38:be:9d:b5:37:98:4d:d2:fc:
         72:c2:87:de:7c:64:7d:a3:ff:5d:20:0d:94:bb:f8:e6:22:78:
         ca:b6:66:d1:ba:ee:cc:c6:96:dd:e1:72:fb:82:5b:0d:28:7c:
         db:39:bf:a4:f6:f2:c0:29:ea:81:f3:e1:b4:1e:2e:f4:dd:35:
         e4:a2:49:74:a2:de:3a:29:bd:7d:9b:05:6b:8b:e6:55:db:0d:
         69:e4:c8:0d:9d:ed:dc:23:53:63:ff:4c:e6:b9:40:fa:84:f1:
         6b:3a:0a:33:31:ad:1b:e9:3e:a8:17:8d:63:49:6f:31:29:13:
         70:79:25:bd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUURQN0XATlaQEj7yACVtHjZpbgR0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMjNaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDE4MmM1YTg1OWZhYzRlMDA0MTA5ZDZhZmQ3YWEyZDJiYTBmMGE3ZTFmMjMy
YmE1MDQ4OWQwOTBmNDFmYzhlNGExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOxh8W1fmKWCT122ZMPsO56eFSsBbi91BiaF6UjFyA1NsKV2eXtMBIosDhS+
zYVjp3LCmgVvGiRJOs/1dIOlmjx60viI5OYo58Xi5G1R8653L/4IXuFU/ewNfQLq
kBRdB8vnpf189M4fsS1r9ja4v7RMO1E56QDBhyjuceyqI325EImu8+ItlSr9CBxX
Xdv8GywvTdf7ue1MSZ/ozByVevpx1+jmkvyEjtFeK9jcFIuAOP72SwLRfv2aDSZp
665U+PRjXCizCR8gZScicNpxVgpPiCpq8HceyPTT/kXIronVuVNATurVliLY/CKA
AQJspXJYF/9+Q7oDFcwZIqO7XMcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSf3Fxk
2OoQijzfo8Clrw3LZ+Y5qTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MmE4MmIwM2UtNTE3Yy00YTgxLTk2YWItMmNmNjA0OWE3ZjNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8No
MA0GCSqGSIb3DQEBCwUAA4IBAQBTS5qw/3g6Dad3cumdYrt3Onbt/HLMYm84BbKQ
S4ohE2gyUr4OpN24g0V8SXX4EGX5yxgBo5q86kvGFpKU3t3xT1lNVqG/zO8Aj3W5
nuF68NHEPxfBqXhDH8S+OvMTj03w0upZETXShfzSNdKBgWSlD5b35PRdPRid+idq
NMMmpZrr5NOHxAU4vp21N5hN0vxywofefGR9o/9dIA2Uu/jmInjKtmbRuu7Mxpbd
4XL7glsNKHzbOb+k9vLAKeqB8+G0Hi703TXkokl0ot46Kb19mwVri+ZV2w1p5MgN
ne3cI1Nj/0zmuUD6hPFrOgozMa0b6T6oF41jSW8xKRNweSW9
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:47:04 2025 by rpki-client