Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/aee0ced2-04c3-4c6b-ab68-04adfb518909.roa
File:                     aee0ced2-04c3-4c6b-ab68-04adfb518909.roa (raw, json)
Hash identifier:          Xo9rqzu6ENmmy2LDlya0EPkBZ9AkQ0kxQn4UDc+j9aM=
Subject key identifier:   D9:61:5D:D5:AB:08:5F:FD:2E:71:11:0A:A2:73:83:2F:9A:2D:78:A7
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       796C2D8B22C938C42563A04C5609E338BE6350C5
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/aee0ced2-04c3-4c6b-ab68-04adfb518909.roa
Signing time:             Fri 17 Oct 2025 20:10:18 +0000
ROA not before:           Fri 17 Oct 2025 20:10:18 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:7000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:6c:2d:8b:22:c9:38:c4:25:63:a0:4c:56:09:e3:38:be:63:50:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Oct 17 20:10:18 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=3bab90f0f775b3ffa1ae0f7c812daa2b51b69d7a67c557ca35659e08c717d373, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:fa:7a:b7:39:74:4f:90:08:de:d4:5b:4b:2d:
                    72:5f:08:ad:c1:72:fc:e4:79:af:98:8d:99:63:07:
                    4f:ea:d6:9e:1e:15:87:58:0f:01:6a:e2:4c:4b:d7:
                    1d:67:3e:2a:43:e3:91:e8:c3:3c:a8:65:b0:c8:07:
                    b5:ed:c8:18:e0:7e:c2:7d:76:67:f9:24:a2:dd:14:
                    1a:41:81:bb:ec:37:5c:16:c9:2b:23:ec:87:06:12:
                    90:95:76:d3:be:4c:31:f3:5b:7b:e2:d0:60:3c:c1:
                    e1:8a:f8:af:30:2c:b7:e8:d8:ff:e0:ac:75:24:33:
                    90:9d:41:d3:fd:a3:61:b0:74:3c:cb:e2:69:f8:2d:
                    d6:77:a0:a1:a1:5c:7d:56:09:76:1e:8d:71:99:a3:
                    a1:92:42:a1:dc:4a:12:c7:08:b7:f6:e1:4b:38:6d:
                    bf:48:c4:22:5a:35:01:e2:fc:74:b4:dd:12:47:bf:
                    97:fb:74:4f:20:73:b9:8f:81:41:58:3f:f3:fb:5c:
                    17:39:02:d4:64:fa:da:44:df:22:a8:3b:a6:8f:67:
                    6d:74:ea:8d:fb:6e:3b:5e:b6:68:9c:1a:65:d1:91:
                    4d:77:c7:2f:56:82:6f:a6:f7:bf:0d:a0:40:f7:8c:
                    c6:c0:e3:19:62:84:1c:42:ef:b7:00:e8:4f:8d:84:
                    c2:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:61:5D:D5:AB:08:5F:FD:2E:71:11:0A:A2:73:83:2F:9A:2D:78:A7
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/aee0ced2-04c3-4c6b-ab68-04adfb518909.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:7000::/36

    Signature Algorithm: sha256WithRSAEncryption
         36:19:9a:9c:8b:ba:71:d6:0a:7c:a5:41:19:ca:09:2b:5e:4e:
         01:55:b6:63:d6:15:e5:fb:8a:d1:22:9e:e7:e1:4f:bd:13:63:
         f7:b4:88:0d:f0:09:49:0a:4e:8e:22:37:e0:60:24:43:e3:10:
         1a:f7:d3:a5:3f:12:2d:ed:ca:8f:f4:8d:e5:c0:a7:59:0e:31:
         eb:87:06:0c:6d:73:cf:b6:75:21:03:6a:0b:f3:cd:15:2e:7a:
         7b:f7:41:77:9d:e9:d7:a2:38:31:cd:94:ac:26:99:ce:49:f7:
         ac:6d:d2:dc:6b:b5:59:c7:7c:f9:2c:70:b5:4a:97:04:af:2c:
         db:69:17:9f:10:9e:14:c8:b8:43:a3:c0:1a:88:54:53:47:a5:
         51:dc:4c:28:99:5e:49:b0:ad:2c:27:4b:72:24:1a:c7:a2:2c:
         9b:fe:3b:b1:3c:86:de:a3:b5:1a:26:bc:c7:53:44:cd:43:fc:
         f1:0c:68:88:ea:5f:6b:f2:aa:1e:ce:4a:4c:12:f4:26:9c:cf:
         d2:28:d5:83:d6:21:ea:73:a3:f9:77:28:af:26:80:dd:cd:9e:
         e7:c4:41:8f:2d:3a:c3:59:44:d3:b0:a5:c0:02:e4:21:38:8b:
         61:68:0e:b5:e6:a6:04:ce:7a:64:3f:1b:69:8b:c6:ce:ea:07:
         c0:74:08:50
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUeWwtiyLJOMQlY6BMVgnjOL5jUMUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTEwMTcyMDEwMThaFw0yNTExMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDNiYWI5MGYwZjc3NWIzZmZhMWFlMGY3YzgxMmRhYTJiNTFiNjlkN2E2N2M1
NTdjYTM1NjU5ZTA4YzcxN2QzNzMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOX6erc5dE+QCN7UW0stcl8IrcFy/OR5r5iNmWMHT+rWnh4Vh1gPAWriTEvX
HWc+KkPjkejDPKhlsMgHte3IGOB+wn12Z/kkot0UGkGBu+w3XBbJKyPshwYSkJV2
075MMfNbe+LQYDzB4Yr4rzAst+jY/+CsdSQzkJ1B0/2jYbB0PMviafgt1negoaFc
fVYJdh6NcZmjoZJCodxKEscIt/bhSzhtv0jEIlo1AeL8dLTdEke/l/t0TyBzuY+B
QVg/8/tcFzkC1GT62kTfIqg7po9nbXTqjftuO162aJwaZdGRTXfHL1aCb6b3vw2g
QPeMxsDjGWKEHELvtwDoT42EwqcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTZYV3V
qwhf/S5xEQqic4Mvmi14pzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YWVlMGNlZDItMDRjMy00YzZiLWFiNjgtMDRhZGZiNTE4OTA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dw
MA0GCSqGSIb3DQEBCwUAA4IBAQA2GZqci7px1gp8pUEZygkrXk4BVbZj1hXl+4rR
Ip7n4U+9E2P3tIgN8AlJCk6OIjfgYCRD4xAa99OlPxIt7cqP9I3lwKdZDjHrhwYM
bXPPtnUhA2oL880VLnp790F3nenXojgxzZSsJpnOSfesbdLca7VZx3z5LHC1SpcE
ryzbaRefEJ4UyLhDo8AaiFRTR6VR3EwomV5JsK0sJ0tyJBrHoiyb/juxPIbeo7Ua
JrzHU0TNQ/zxDGiI6l9r8qoezkpMEvQmnM/SKNWD1iHqc6P5dyivJoDdzZ7nxEGP
LTrDWUTTsKXAAuQhOIthaA615qYEznpkPxtpi8bO6gfAdAhQ
-----END CERTIFICATE-----
Generated at Sun Oct 19 19:57:48 2025 by rpki-client