Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/40f9b1f2-5ad7-442e-b02a-156712d4fa19.roa
File:                     40f9b1f2-5ad7-442e-b02a-156712d4fa19.roa (raw, json)
Hash identifier:          hPGa67Ptq91KQkLBIA5Qm9KlXaaQX4WktBqi/4KjIAo=
Subject key identifier:   E5:D0:46:09:B1:C2:44:55:70:1E:7D:90:27:65:9A:F3:0E:4C:73:61
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       489788CA3601329D29816F77C71CB8145FC14AE4
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/40f9b1f2-5ad7-442e-b02a-156712d4fa19.roa
Signing time:             Mon 29 Sep 2025 15:39:32 +0000
ROA not before:           Mon 29 Sep 2025 15:39:32 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:5000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:97:88:ca:36:01:32:9d:29:81:6f:77:c7:1c:b8:14:5f:c1:4a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:39:32 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=f26b6a96331e062ed0c09902c2965a86177fc841a764dc15a185b93a7ae4048d, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d1:5e:43:f1:02:e0:70:bc:4f:e3:4c:a5:7c:
                    6d:a8:55:ab:d8:c3:96:c8:b5:45:0a:09:cf:30:67:
                    d7:3c:6f:73:2b:12:25:a0:f1:de:a1:8a:a1:c7:bf:
                    be:81:54:d8:a6:9f:2d:d4:f0:c9:54:84:0d:26:fd:
                    5c:f3:3c:2e:94:77:2c:f4:cb:a9:a9:f9:9b:fd:cf:
                    46:3c:b3:50:58:9c:79:7c:fd:6c:40:c1:af:9a:4b:
                    5c:a8:ba:50:1b:27:b3:37:11:96:8b:10:45:cd:b9:
                    1a:7d:dd:0a:73:50:1f:4b:e2:fa:1b:87:2e:2a:47:
                    f7:d9:eb:8d:0d:02:6c:77:e9:33:72:1b:88:10:e1:
                    a6:44:0f:60:e4:33:1c:fe:84:8e:58:0a:35:08:5d:
                    77:13:c3:21:df:71:70:95:ef:44:07:a9:d3:b6:97:
                    5c:af:6d:e4:af:72:d9:e8:0c:c7:52:a5:8d:7c:89:
                    a0:cd:cb:f0:01:84:66:ac:2b:b2:29:8f:d2:4e:a4:
                    52:ed:60:17:78:0b:ac:9c:dc:e3:91:12:37:3c:ea:
                    1c:52:18:b2:80:57:27:36:c9:b0:f9:e1:14:c9:a4:
                    3e:42:be:74:f8:b8:ac:f9:48:44:7a:8a:6e:3c:0b:
                    47:d1:ee:a6:66:67:c8:06:33:f8:bd:ae:b8:21:4f:
                    7c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D0:46:09:B1:C2:44:55:70:1E:7D:90:27:65:9A:F3:0E:4C:73:61
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/40f9b1f2-5ad7-442e-b02a-156712d4fa19.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         44:6b:ec:91:17:ce:29:7f:6a:54:ba:bd:a7:2a:e2:47:0b:07:
         12:64:92:62:c6:e5:a8:ee:9b:7c:76:3d:9e:df:90:cd:53:57:
         1c:9e:71:50:1e:ea:0f:2f:c3:bb:71:1e:5a:fb:19:0e:02:78:
         ba:b2:73:e0:7b:55:76:78:60:d6:8b:a3:08:04:bf:05:fc:35:
         1c:73:04:82:a3:ae:7e:2b:ee:d9:a8:6b:13:30:5f:70:bf:a1:
         7c:70:a8:41:8f:be:55:60:7e:c6:6f:ce:26:ec:ee:b3:34:5f:
         c4:5b:30:c9:12:0d:9a:57:97:8c:c5:81:d2:b0:8b:26:f4:cb:
         de:3e:92:d1:07:00:5d:af:cb:39:78:39:59:47:c6:57:24:80:
         7e:99:c3:d8:ef:60:3c:c2:e0:24:5e:cc:b9:7f:87:a9:e3:97:
         04:2a:5b:31:6d:fe:d3:9c:10:0b:7d:ef:e6:e1:8a:b8:fa:08:
         87:ab:eb:ed:d7:dc:5c:90:5f:b7:eb:0e:aa:8a:1d:05:50:af:
         1c:d1:ef:1e:b8:91:61:75:dd:56:20:e5:d5:c1:15:7a:04:4a:
         cf:81:38:d4:80:64:17:f1:cf:36:0e:f4:98:f0:93:59:3a:a2:
         d9:a1:c1:1c:8c:9d:5a:c9:24:21:19:32:a0:ac:84:c6:73:da:
         3e:f1:5f:ec
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSJeIyjYBMp0pgW93xxy4FF/BSuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTM5MzJaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGYyNmI2YTk2MzMxZTA2MmVkMGMwOTkwMmMyOTY1YTg2MTc3ZmM4NDFhNzY0
ZGMxNWExODViOTNhN2FlNDA0OGQxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKbRXkPxAuBwvE/jTKV8bahVq9jDlsi1RQoJzzBn1zxvcysSJaDx3qGKoce/
voFU2KafLdTwyVSEDSb9XPM8LpR3LPTLqan5m/3PRjyzUFiceXz9bEDBr5pLXKi6
UBsnszcRlosQRc25Gn3dCnNQH0vi+huHLipH99nrjQ0CbHfpM3IbiBDhpkQPYOQz
HP6EjlgKNQhddxPDId9xcJXvRAep07aXXK9t5K9y2egMx1KljXyJoM3L8AGEZqwr
simP0k6kUu1gF3gLrJzc45ESNzzqHFIYsoBXJzbJsPnhFMmkPkK+dPi4rPlIRHqK
bjwLR9HupmZnyAYz+L2uuCFPfOUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTl0EYJ
scJEVXAefZAnZZrzDkxzYTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NDBmOWIxZjItNWFkNy00NDJlLWIwMmEtMTU2NzEyZDRmYTE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBEa+yRF84pf2pUur2nKuJHCwcSZJJixuWo7pt8
dj2e35DNU1ccnnFQHuoPL8O7cR5a+xkOAni6snPge1V2eGDWi6MIBL8F/DUccwSC
o65+K+7ZqGsTMF9wv6F8cKhBj75VYH7Gb84m7O6zNF/EWzDJEg2aV5eMxYHSsIsm
9MvePpLRBwBdr8s5eDlZR8ZXJIB+mcPY72A8wuAkXsy5f4ep45cEKlsxbf7TnBAL
fe/m4Yq4+giHq+vt19xckF+36w6qih0FUK8c0e8euJFhdd1WIOXVwRV6BErPgTjU
gGQX8c82DvSY8JNZOqLZocEcjJ1aySQhGTKgrITGc9o+8V/s
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:46:05 2025 by rpki-client