Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50b0c8f5-9b03-4d00-b7bc-30a253b83be3.roa
File:                     50b0c8f5-9b03-4d00-b7bc-30a253b83be3.roa (raw, json)
Hash identifier:          ZrhGOgERvfXEZhOLPeLuyuM8tLP8eDkJttvcGkkrON0=
Subject key identifier:   EE:2E:A6:9B:00:BB:35:B0:20:AA:C8:14:E0:C6:19:50:D7:F3:9B:99
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       55C584DDD3C9CA6001B4152130876951C6476569
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50b0c8f5-9b03-4d00-b7bc-30a253b83be3.roa
Signing time:             Mon 29 Sep 2025 15:40:00 +0000
ROA not before:           Mon 29 Sep 2025 15:40:00 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:c000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:c5:84:dd:d3:c9:ca:60:01:b4:15:21:30:87:69:51:c6:47:65:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:40:00 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=5c6535cb5a04130b195c04334cbbbd74932b1259cbf79853268e23e21b8d65ee, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:46:df:bc:7f:e8:0f:1c:8c:49:f2:c5:43:17:
                    92:3e:b4:37:b7:9d:f1:83:a7:9a:32:66:e0:94:84:
                    1b:7d:2e:0f:1b:c0:2c:64:39:1a:8e:b4:0a:f7:41:
                    68:c0:97:13:11:5c:d1:39:88:6c:2e:8b:3b:28:54:
                    23:43:28:70:ef:96:90:5e:fd:20:c1:52:99:1b:ef:
                    74:ea:f1:60:29:6e:6e:f3:2e:c5:4f:b1:ec:97:cd:
                    b9:64:31:b9:0a:46:84:46:2b:3a:fe:97:1c:6f:a0:
                    db:17:63:68:a1:aa:ac:58:c1:20:bb:7e:f2:d4:9b:
                    65:68:82:54:6c:c6:20:17:69:f6:41:1b:43:40:5a:
                    2c:49:19:41:00:89:0d:a9:45:08:e4:ba:3a:3a:ac:
                    df:71:63:1f:ef:08:e0:68:1b:f5:73:6b:46:a7:68:
                    0a:85:b8:3a:a8:91:cd:86:8f:31:70:dd:cd:72:ee:
                    41:cc:7e:d5:92:93:06:44:65:31:2c:d0:e8:d0:d1:
                    c1:9d:39:8b:67:27:e4:44:9f:82:58:e9:a1:fe:9c:
                    6a:bd:9e:db:d8:fa:66:2e:7d:38:e3:4f:a5:a4:bb:
                    c8:6d:9b:99:45:c9:8a:72:65:95:f2:cc:5d:30:8d:
                    e5:e1:b5:be:6f:b7:e7:64:7c:2a:75:0c:6e:89:25:
                    75:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:2E:A6:9B:00:BB:35:B0:20:AA:C8:14:E0:C6:19:50:D7:F3:9B:99
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50b0c8f5-9b03-4d00-b7bc-30a253b83be3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:c000::/36

    Signature Algorithm: sha256WithRSAEncryption
         71:e3:f0:27:75:da:6a:d9:c5:b5:1a:74:60:e1:1e:55:01:5c:
         f8:d8:79:f9:f9:19:85:c7:57:de:dd:93:3b:fd:25:1f:cb:b9:
         46:35:86:65:55:2a:9a:b9:15:b8:18:c8:c0:ec:d5:fa:79:9a:
         54:78:1c:c1:04:15:53:1d:98:9d:30:38:6b:84:51:91:a4:d2:
         5b:55:02:4d:a8:72:72:61:22:82:4f:c1:d6:d6:e9:de:e5:c8:
         38:67:8e:bc:b8:81:e5:14:21:0c:9a:9d:b4:9a:a5:8d:5d:f4:
         04:3e:be:30:10:18:b5:87:3f:cf:57:cd:4c:73:67:16:de:01:
         af:fd:08:d5:48:85:8a:70:2a:18:97:27:22:71:ef:3d:7b:eb:
         d4:dd:2e:aa:b0:06:4b:8b:9d:e7:6c:f2:5b:bc:77:be:64:60:
         61:a4:20:5f:d2:ee:2c:9a:f4:57:61:d0:a1:91:fe:3f:d6:9d:
         78:26:ac:05:df:64:c5:99:d4:76:47:70:82:67:2a:fd:2b:65:
         c3:dc:21:7b:ad:7e:1c:ac:aa:24:3e:34:2b:78:b7:bf:22:21:
         c5:27:87:af:9a:9e:f9:31:40:59:97:e7:15:57:3d:f6:7c:33:
         19:a7:9a:a9:5b:67:d8:ff:31:de:91:a7:34:de:d6:a4:2c:f5:
         ac:59:64:91
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVcWE3dPJymABtBUhMIdpUcZHZWkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMDBaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDVjNjUzNWNiNWEwNDEzMGIxOTVjMDQzMzRjYmJiZDc0OTMyYjEyNTljYmY3
OTg1MzI2OGUyM2UyMWI4ZDY1ZWUxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJG37x/6A8cjEnyxUMXkj60N7ed8YOnmjJm4JSEG30uDxvALGQ5Go60CvdB
aMCXExFc0TmIbC6LOyhUI0MocO+WkF79IMFSmRvvdOrxYClubvMuxU+x7JfNuWQx
uQpGhEYrOv6XHG+g2xdjaKGqrFjBILt+8tSbZWiCVGzGIBdp9kEbQ0BaLEkZQQCJ
DalFCOS6Ojqs33FjH+8I4Ggb9XNrRqdoCoW4OqiRzYaPMXDdzXLuQcx+1ZKTBkRl
MSzQ6NDRwZ05i2cn5ESfgljpof6car2e29j6Zi59OONPpaS7yG2bmUXJinJllfLM
XTCN5eG1vm+352R8KnUMbokldd8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTuLqab
ALs1sCCqyBTgxhlQ1/ObmTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NTBiMGM4ZjUtOWIwMy00ZDAwLWI3YmMtMzBhMjUzYjgzYmUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fA
MA0GCSqGSIb3DQEBCwUAA4IBAQBx4/Anddpq2cW1GnRg4R5VAVz42Hn5+RmFx1fe
3ZM7/SUfy7lGNYZlVSqauRW4GMjA7NX6eZpUeBzBBBVTHZidMDhrhFGRpNJbVQJN
qHJyYSKCT8HW1une5cg4Z468uIHlFCEMmp20mqWNXfQEPr4wEBi1hz/PV81Mc2cW
3gGv/QjVSIWKcCoYlycice89e+vU3S6qsAZLi53nbPJbvHe+ZGBhpCBf0u4smvRX
YdChkf4/1p14JqwF32TFmdR2R3CCZyr9K2XD3CF7rX4crKokPjQreLe/IiHFJ4ev
mp75MUBZl+cVVz32fDMZp5qpW2fY/zHekac03takLPWsWWSR
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:46:37 2025 by rpki-client