Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/5a3e112d-c8b5-4a42-9b7a-a5c567b6db32.roa
File:                     5a3e112d-c8b5-4a42-9b7a-a5c567b6db32.roa (raw, json)
Hash identifier:          F9XZFFH2Z6YoNLzKhNfyw7+HLjFR7Le/FhS3cBtV9C0=
Subject key identifier:   5A:C7:C2:F0:38:19:06:62:C9:10:8B:EC:70:20:E9:25:D1:14:2E:F2
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       2C26830E841048A6F156E118A9CFFD573F7144F1
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/5a3e112d-c8b5-4a42-9b7a-a5c567b6db32.roa
Signing time:             Mon 29 Sep 2025 15:40:21 +0000
ROA not before:           Mon 29 Sep 2025 15:40:21 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc3:8800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:26:83:0e:84:10:48:a6:f1:56:e1:18:a9:cf:fd:57:3f:71:44:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:40:21 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=d3944717d7ce2a79fb67982208a143b6f7f43bd67150f5414b8a800c56e30b0e, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:fc:bd:40:6a:2c:42:c0:28:1f:59:04:f3:25:
                    8b:3d:09:23:1b:ba:40:11:42:4d:0d:e9:b6:78:b0:
                    79:c0:88:e1:b2:b2:4b:d8:48:91:42:1e:a9:5d:b9:
                    83:51:fc:dc:4b:c3:3e:6d:ec:05:bb:eb:25:e7:f8:
                    a8:b4:6f:0e:e1:36:d8:cf:dd:79:fd:70:52:7d:5b:
                    7b:8f:d4:07:13:60:dc:99:fb:f4:f7:7d:18:3d:0c:
                    b6:f1:95:d0:13:48:40:80:07:a5:fe:2c:eb:09:1b:
                    65:82:40:20:f1:9e:f4:87:12:24:6b:c8:ee:1c:df:
                    f7:aa:46:81:04:ea:b9:8a:a3:5e:02:33:47:c0:02:
                    40:f2:20:59:42:2f:6f:26:ec:67:13:76:56:6a:fb:
                    ca:e3:b2:8c:75:a8:4e:88:18:f1:87:95:31:80:66:
                    ab:ed:4a:c7:60:4f:d8:d4:aa:cb:00:8e:4b:a2:b7:
                    0b:bc:bd:12:0c:92:1f:86:01:ad:90:6e:5f:86:af:
                    f0:64:21:2b:10:0c:4c:3b:6e:e9:3d:56:a5:1a:f3:
                    e2:4b:15:54:49:27:6b:bb:05:eb:bc:8c:87:11:13:
                    08:e7:b1:4b:cd:7b:40:4e:e5:26:1e:b2:35:97:d9:
                    ff:6b:e3:a1:9a:85:87:71:f3:af:6a:03:f8:41:60:
                    01:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:C7:C2:F0:38:19:06:62:C9:10:8B:EC:70:20:E9:25:D1:14:2E:F2
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/5a3e112d-c8b5-4a42-9b7a-a5c567b6db32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc3:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         a5:35:30:1b:47:2d:d1:59:9e:0c:50:45:94:d2:b1:3e:44:c6:
         1d:a6:70:7d:ff:50:f1:61:11:23:e4:8d:06:d6:d0:3f:b6:5c:
         9e:e4:ed:3a:92:29:8c:d7:7d:23:b9:15:6d:d2:e6:be:6c:87:
         6f:32:bf:59:ab:e5:9e:69:64:be:10:a1:43:9b:6b:10:93:b2:
         5f:87:3d:bd:b6:16:2b:ed:b1:b2:54:d5:2b:64:03:58:fc:be:
         10:fa:a4:17:e0:ea:24:c5:ad:97:c1:cb:90:b4:6c:36:8a:f0:
         49:6f:b9:ee:2f:af:6c:6d:d8:d5:f2:b8:f2:0d:5d:c6:55:7b:
         b7:06:4d:f8:31:7b:92:65:fa:74:46:7e:18:75:c7:ba:07:9e:
         d5:61:ff:94:96:17:76:6d:bc:94:07:5d:0e:5a:f9:f9:40:e3:
         6f:1b:2b:ab:87:f9:a8:09:ab:ac:cf:17:cc:11:b8:07:6a:02:
         ad:0c:11:c9:eb:d9:3c:02:52:f2:6c:5a:c7:68:9e:f5:a6:47:
         9a:2b:a2:de:7b:65:3f:ec:c8:54:62:76:7d:f6:46:df:c9:f5:
         7c:3f:d0:c6:fe:d8:d2:14:3e:08:ec:3e:89:7b:d6:bd:6b:85:
         9c:6f:4c:25:95:b9:f7:46:34:8c:2a:8a:96:e7:37:24:48:d4:
         d5:12:c6:c4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULCaDDoQQSKbxVuEYqc/9Vz9xRPEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMjFaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGQzOTQ0NzE3ZDdjZTJhNzlmYjY3OTgyMjA4YTE0M2I2ZjdmNDNiZDY3MTUw
ZjU0MTRiOGE4MDBjNTZlMzBiMGUxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOz8vUBqLELAKB9ZBPMliz0JIxu6QBFCTQ3ptniwecCI4bKyS9hIkUIeqV25
g1H83EvDPm3sBbvrJef4qLRvDuE22M/def1wUn1be4/UBxNg3Jn79Pd9GD0MtvGV
0BNIQIAHpf4s6wkbZYJAIPGe9IcSJGvI7hzf96pGgQTquYqjXgIzR8ACQPIgWUIv
bybsZxN2Vmr7yuOyjHWoTogY8YeVMYBmq+1Kx2BP2NSqywCOS6K3C7y9EgySH4YB
rZBuX4av8GQhKxAMTDtu6T1WpRrz4ksVVEkna7sF67yMhxETCOexS817QE7lJh6y
NZfZ/2vjoZqFh3Hzr2oD+EFgAXUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRax8Lw
OBkGYskQi+xwIOkl0RQu8jAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NWEzZTExMmQtYzhiNS00YTQyLTliN2EtYTVjNTY3YjZkYjMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8OI
MA0GCSqGSIb3DQEBCwUAA4IBAQClNTAbRy3RWZ4MUEWU0rE+RMYdpnB9/1DxYREj
5I0G1tA/tlye5O06kimM130juRVt0ua+bIdvMr9Zq+WeaWS+EKFDm2sQk7Jfhz29
thYr7bGyVNUrZANY/L4Q+qQX4Ookxa2XwcuQtGw2ivBJb7nuL69sbdjV8rjyDV3G
VXu3Bk34MXuSZfp0Rn4Ydce6B57VYf+Ulhd2bbyUB10OWvn5QONvGyurh/moCaus
zxfMEbgHagKtDBHJ69k8AlLybFrHaJ71pkeaK6Lee2U/7MhUYnZ99kbfyfV8P9DG
/tjSFD4I7D6Je9a9a4Wcb0wllbn3RjSMKoqW5zckSNTVEsbE
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:47:03 2025 by rpki-client