Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/2b3faf28-e8b7-4e39-99e4-e3cb6577dafb.roa
File:                     2b3faf28-e8b7-4e39-99e4-e3cb6577dafb.roa (raw, json)
Hash identifier:          fAmyRCPlTAqqPk+pslpkHg1G2ELJWbySFfLSYeXsaNo=
Subject key identifier:   F0:CC:C2:7D:24:EC:8F:81:37:C0:B1:B7:02:F3:3B:20:4B:1E:AE:81
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       2E419C1EE18B2ED89C229AEDACF34BA73B795E45
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/2b3faf28-e8b7-4e39-99e4-e3cb6577dafb.roa
Signing time:             Mon 29 Sep 2025 15:39:58 +0000
ROA not before:           Mon 29 Sep 2025 15:39:58 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2001:3fc4::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:41:9c:1e:e1:8b:2e:d8:9c:22:9a:ed:ac:f3:4b:a7:3b:79:5e:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:39:58 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=828b79c8957449bcbcebe9d1fece21068a8d284b3737b184635abd7a102c91fe, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:dd:f3:2c:34:1e:03:c8:51:62:e2:de:c7:71:
                    ca:db:61:65:cd:c3:a9:8a:f6:15:5f:17:b9:b0:4f:
                    99:3c:82:63:eb:41:2b:49:28:eb:f5:a1:63:75:80:
                    46:25:96:94:85:9a:31:a3:cd:d1:5d:df:7f:db:0b:
                    07:85:df:fb:13:dc:f1:55:05:ff:ca:e0:f3:ab:33:
                    74:0f:ad:06:cc:f2:9f:07:26:f5:2f:26:95:8e:ea:
                    b1:7b:ba:c8:d8:54:4f:46:36:95:86:71:56:b8:54:
                    1a:8d:5f:c4:62:57:33:cd:f0:29:b2:cb:e7:5e:2b:
                    ff:fc:66:56:9f:5c:78:24:f1:39:aa:26:38:ce:b6:
                    43:f3:3f:9d:ab:d9:bf:f2:50:b0:17:6a:ad:77:ff:
                    cc:5a:4c:54:0b:71:ea:91:e7:34:c0:61:94:dc:1b:
                    83:ba:b6:ca:f3:18:f4:7f:2d:e3:d5:45:79:48:6d:
                    3d:f2:48:8f:b0:ed:cb:35:e7:85:d2:82:20:95:12:
                    27:2a:56:3f:b2:d4:af:5d:d4:87:2c:ea:af:c9:bb:
                    5d:c2:f6:21:cb:64:b4:26:ae:76:d5:fc:78:d8:d8:
                    51:8a:1f:df:f4:bd:d3:20:f9:d9:d2:dc:a7:2c:81:
                    b3:2d:23:ba:bc:29:14:7a:33:64:a9:95:a6:b3:00:
                    4c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:CC:C2:7D:24:EC:8F:81:37:C0:B1:B7:02:F3:3B:20:4B:1E:AE:81
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/2b3faf28-e8b7-4e39-99e4-e3cb6577dafb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc4::/36

    Signature Algorithm: sha256WithRSAEncryption
         86:5a:9b:5e:7a:9c:65:51:79:bf:d0:c6:bf:50:ec:87:1c:df:
         0f:f9:9e:9d:2b:41:4d:70:be:a7:fb:18:23:e3:b4:82:f7:36:
         58:68:d3:bd:4d:81:b3:2e:21:32:4a:f8:c8:1f:19:48:25:86:
         d2:08:82:42:f8:a8:d9:0f:ec:1b:fa:8a:6c:20:95:5c:e9:29:
         b6:92:fb:ba:54:65:d1:c1:76:3a:b1:40:e9:ae:05:48:78:81:
         17:fb:fb:92:bd:43:83:62:69:bf:28:ae:d7:11:c9:9e:d0:ea:
         b3:31:20:cf:5a:5e:aa:86:99:b5:d8:28:07:ed:b3:e3:2b:44:
         ef:1a:18:02:ad:f7:dd:e3:38:f6:ac:6d:97:27:c2:0c:96:a7:
         ef:24:5b:b7:bd:d1:fa:3b:bc:c0:4f:15:57:f6:ed:ab:f1:15:
         df:22:30:dd:32:80:4c:65:67:10:43:b1:d3:6b:fa:d9:c4:f8:
         2f:aa:24:f8:ce:19:77:a9:56:9f:72:3a:cb:72:cb:da:ab:4e:
         e7:9a:4d:6c:79:cd:90:d0:90:8d:dd:92:4d:b5:a1:ec:e8:78:
         dc:40:f5:d9:1a:73:46:3f:33:a1:67:d8:64:fd:ec:2d:4a:dc:
         a1:22:81:81:f9:22:b9:88:21:9f:f8:42:63:25:25:77:42:d5:
         08:a4:f4:89
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULkGcHuGLLticIprtrPNLpzt5XkUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTM5NThaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDgyOGI3OWM4OTU3NDQ5YmNiY2ViZTlkMWZlY2UyMTA2OGE4ZDI4NGIzNzM3
YjE4NDYzNWFiZDdhMTAyYzkxZmUxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJTd8yw0HgPIUWLi3sdxytthZc3DqYr2FV8XubBPmTyCY+tBK0ko6/WhY3WA
RiWWlIWaMaPN0V3ff9sLB4Xf+xPc8VUF/8rg86szdA+tBszynwcm9S8mlY7qsXu6
yNhUT0Y2lYZxVrhUGo1fxGJXM83wKbLL514r//xmVp9ceCTxOaomOM62Q/M/navZ
v/JQsBdqrXf/zFpMVAtx6pHnNMBhlNwbg7q2yvMY9H8t49VFeUhtPfJIj7DtyzXn
hdKCIJUSJypWP7LUr13Uhyzqr8m7XcL2IctktCaudtX8eNjYUYof3/S90yD52dLc
pyyBsy0jurwpFHozZKmVprMATLsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTwzMJ9
JOyPgTfAsbcC8zsgSx6ugTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MmIzZmFmMjgtZThiNy00ZTM5LTk5ZTQtZTNjYjY1NzdkYWZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8QA
MA0GCSqGSIb3DQEBCwUAA4IBAQCGWpteepxlUXm/0Ma/UOyHHN8P+Z6dK0FNcL6n
+xgj47SC9zZYaNO9TYGzLiEySvjIHxlIJYbSCIJC+KjZD+wb+opsIJVc6Sm2kvu6
VGXRwXY6sUDprgVIeIEX+/uSvUODYmm/KK7XEcme0OqzMSDPWl6qhpm12CgH7bPj
K0TvGhgCrffd4zj2rG2XJ8IMlqfvJFu3vdH6O7zATxVX9u2r8RXfIjDdMoBMZWcQ
Q7HTa/rZxPgvqiT4zhl3qVafcjrLcsvaq07nmk1sec2Q0JCN3ZJNtaHs6HjcQPXZ
GnNGPzOhZ9hk/ewtStyhIoGB+SK5iCGf+EJjJSV3QtUIpPSJ
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:47:09 2025 by rpki-client