Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50f59e85-50ab-4b5a-9119-096ba93f86f2.roa
File:                     50f59e85-50ab-4b5a-9119-096ba93f86f2.roa (raw, json)
Hash identifier:          4NvcOeKrHbXUIR5rWO5gfz2qaI+tqY3PlWXQHgtllLs=
Subject key identifier:   22:39:E8:FE:A9:1D:84:18:26:7F:7F:10:B5:C6:67:45:A1:6D:77:A9
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       05C5300E1DDF634AD512EE3071180F4CB803800A
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50f59e85-50ab-4b5a-9119-096ba93f86f2.roa
Signing time:             Mon 29 Sep 2025 15:40:37 +0000
ROA not before:           Mon 29 Sep 2025 15:40:37 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc3:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:c5:30:0e:1d:df:63:4a:d5:12:ee:30:71:18:0f:4c:b8:03:80:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:40:37 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=f302a40eaa131d28196b3dc097904e60c6a3761645d7f749e202652c789cb68f, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:7f:33:f1:47:fb:90:94:45:f7:e6:91:cd:97:
                    6d:89:87:ec:3e:e7:c1:f9:ac:85:49:cc:3a:8b:51:
                    8f:d9:39:c0:3a:d1:1c:d9:44:1f:53:c2:4c:d1:fb:
                    7a:31:d3:d4:2e:b0:6c:e8:bc:6f:69:33:69:04:8b:
                    48:b6:20:2e:2e:ae:64:48:4f:53:10:93:b7:3b:92:
                    a0:a5:a6:99:1a:61:64:52:fe:de:0f:47:eb:06:5b:
                    f4:b4:0a:5d:cc:27:f6:43:44:c8:c2:d7:48:54:fe:
                    cf:57:12:19:bb:e9:96:ad:4c:71:aa:9f:77:89:a9:
                    34:c4:a0:68:f9:ef:68:74:7b:14:a3:a2:4d:0a:fa:
                    d1:36:dc:e8:93:c5:f8:8b:ba:ae:3f:53:ef:c1:37:
                    8b:fc:4c:00:6a:09:f1:10:dd:b9:4e:ed:bb:e3:03:
                    77:5f:9a:cc:4f:0f:f7:ea:ed:48:f7:47:af:da:06:
                    17:18:50:b6:33:8d:5c:09:fc:0e:a4:12:28:22:7a:
                    44:c8:29:06:1f:d9:d2:b4:ae:0c:92:16:67:f2:ed:
                    24:b5:bf:f3:a8:d4:4c:f4:53:c4:00:fe:55:70:63:
                    19:aa:aa:4a:25:4d:15:63:d5:b8:4b:74:3b:91:e4:
                    3e:da:e8:fb:d2:66:dd:67:79:1f:c3:37:75:a6:8e:
                    48:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:39:E8:FE:A9:1D:84:18:26:7F:7F:10:B5:C6:67:45:A1:6D:77:A9
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50f59e85-50ab-4b5a-9119-096ba93f86f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc3:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a4:a8:f2:e9:b1:d2:3d:70:9b:64:b8:0d:26:6b:1c:cc:0f:8c:
         1a:bc:f9:6e:c0:be:b4:0c:93:ff:c4:88:ab:04:ee:a9:f4:bf:
         72:05:58:db:2e:5d:91:b9:5a:18:56:ae:c5:62:90:95:2a:03:
         f7:93:8b:32:27:f3:72:ab:34:22:3d:70:d0:6c:e6:23:f8:3d:
         2c:3d:f1:2c:79:ca:5c:5a:b6:c3:9a:d9:bb:b0:5d:98:0f:e1:
         38:60:ef:72:37:09:1f:b6:a6:67:e8:50:61:ba:a7:f6:6d:11:
         70:a4:53:db:52:4a:ab:71:05:10:9b:d7:d3:d4:22:4b:7a:b3:
         94:89:96:5e:70:14:a4:ac:85:28:24:43:70:87:8a:dc:c9:70:
         a0:1a:84:2b:c1:01:da:3e:27:85:97:0b:0c:de:69:02:de:88:
         b2:cb:09:03:28:ed:dd:54:73:7c:ba:84:d2:ac:b0:6a:b4:f9:
         5c:0c:9e:fe:b6:6b:e8:ed:77:46:ef:6b:63:42:c7:2b:58:7d:
         01:45:85:5c:fd:8b:89:be:92:90:56:4c:03:1e:86:f9:75:6e:
         a1:97:7b:68:50:71:d1:e5:eb:95:51:90:52:46:b9:dc:8f:d2:
         df:1d:6a:26:f2:ca:f6:77:1a:c7:fd:ab:cc:32:aa:85:9f:15:
         2a:d9:d2:86
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBcUwDh3fY0rVEu4wcRgPTLgDgAowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMzdaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGYzMDJhNDBlYWExMzFkMjgxOTZiM2RjMDk3OTA0ZTYwYzZhMzc2MTY0NWQ3
Zjc0OWUyMDI2NTJjNzg5Y2I2OGYxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJB/M/FH+5CURffmkc2XbYmH7D7nwfmshUnMOotRj9k5wDrRHNlEH1PCTNH7
ejHT1C6wbOi8b2kzaQSLSLYgLi6uZEhPUxCTtzuSoKWmmRphZFL+3g9H6wZb9LQK
Xcwn9kNEyMLXSFT+z1cSGbvplq1Mcaqfd4mpNMSgaPnvaHR7FKOiTQr60Tbc6JPF
+Iu6rj9T78E3i/xMAGoJ8RDduU7tu+MDd1+azE8P9+rtSPdHr9oGFxhQtjONXAn8
DqQSKCJ6RMgpBh/Z0rSuDJIWZ/LtJLW/86jUTPRTxAD+VXBjGaqqSiVNFWPVuEt0
O5HkPtro+9Jm3Wd5H8M3daaOSJMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQiOej+
qR2EGCZ/fxC1xmdFoW13qTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NTBmNTllODUtNTBhYi00YjVhLTkxMTktMDk2YmE5M2Y4NmYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8MQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCkqPLpsdI9cJtkuA0maxzMD4wavPluwL60DJP/
xIirBO6p9L9yBVjbLl2RuVoYVq7FYpCVKgP3k4syJ/NyqzQiPXDQbOYj+D0sPfEs
ecpcWrbDmtm7sF2YD+E4YO9yNwkftqZn6FBhuqf2bRFwpFPbUkqrcQUQm9fT1CJL
erOUiZZecBSkrIUoJENwh4rcyXCgGoQrwQHaPieFlwsM3mkC3oiyywkDKO3dVHN8
uoTSrLBqtPlcDJ7+tmvo7XdG72tjQscrWH0BRYVc/YuJvpKQVkwDHob5dW6hl3to
UHHR5euVUZBSRrncj9LfHWom8sr2dxrH/avMMqqFnxUq2dKG
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:32 2025 by rpki-client