Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/bfd462bd-2e1f-485f-aa9c-e7e0c0bcb690.roa
File:                     bfd462bd-2e1f-485f-aa9c-e7e0c0bcb690.roa (raw, json)
Hash identifier:          Vmbgs1IR6l3tPOv8StJvgf8mhIj4lIdeIAfkPXLwePE=
Subject key identifier:   44:10:52:CB:09:F0:81:81:06:77:AF:A4:EB:B4:F2:6D:13:7A:78:7A
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       5C9613CEF47AF6602BA2CCDE4DAB00940B75E261
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/bfd462bd-2e1f-485f-aa9c-e7e0c0bcb690.roa
Signing time:             Mon 29 Sep 2025 15:40:01 +0000
ROA not before:           Mon 29 Sep 2025 15:40:01 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:a000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:96:13:ce:f4:7a:f6:60:2b:a2:cc:de:4d:ab:00:94:0b:75:e2:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:40:01 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=397bf2b732019ad9e7066a8c3f6f67ca1a289d02a640848c8b77bb86c035d6c3, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f7:1d:7a:5f:78:73:b5:c3:89:a9:43:a6:d5:
                    52:74:a9:e9:75:6e:73:2d:49:58:60:18:98:07:d2:
                    61:5d:78:a7:20:97:11:16:d4:28:f5:af:8e:ed:c7:
                    20:39:34:07:85:d3:a6:3a:7c:1a:3a:a0:42:29:96:
                    0e:fc:84:9a:74:57:9c:d6:e1:0c:23:57:89:a2:96:
                    c7:99:fa:16:af:b7:22:3f:b0:96:ad:79:b9:d1:4b:
                    c0:5f:ae:dd:e3:81:2b:8a:8a:56:19:60:75:0d:56:
                    f8:f7:ef:b9:e1:a5:6f:66:6d:95:ca:32:d0:b6:2c:
                    e1:19:dc:d7:20:38:16:44:b4:f3:e8:f5:60:5f:2a:
                    5b:d2:37:d0:3b:78:6f:7a:7b:cd:1c:fe:ec:ba:00:
                    18:62:c5:4a:c4:4f:3b:51:c1:96:2e:c5:8e:7b:55:
                    f6:62:9b:39:9c:49:9f:9e:53:b0:40:c7:73:67:ec:
                    13:e6:5a:fc:43:b2:0e:56:09:10:51:37:70:59:e1:
                    f2:a7:ab:ef:d9:e5:5a:ce:67:46:ab:cb:7e:af:ad:
                    dc:3c:27:8a:d6:6e:05:44:6c:bb:ad:ab:92:f1:0c:
                    9e:b6:f6:43:eb:1e:d9:a3:0b:7a:45:75:24:41:ae:
                    2d:af:b1:c0:95:a6:0f:5e:35:40:82:ce:92:f1:f7:
                    09:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:10:52:CB:09:F0:81:81:06:77:AF:A4:EB:B4:F2:6D:13:7A:78:7A
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/bfd462bd-2e1f-485f-aa9c-e7e0c0bcb690.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:a000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1e:fb:e6:01:25:57:a6:33:ad:1e:76:a9:5f:38:a0:ba:73:5a:
         54:95:4a:47:58:38:83:b8:f9:bf:ca:92:aa:cf:8b:40:ea:56:
         4b:9f:ca:6c:93:87:69:88:8a:6c:9a:e3:1f:ec:6a:62:6f:c2:
         f1:c8:74:0f:a0:9f:37:76:86:4f:94:c8:2a:b1:a5:6a:fe:20:
         96:22:c0:6f:ce:cd:66:7a:1a:44:3f:6e:1c:a3:52:ac:15:a4:
         56:71:83:d6:44:62:c1:79:e5:07:e4:18:49:cc:75:4f:2a:b2:
         d3:18:33:79:21:fc:ef:b3:53:84:17:40:2e:36:3e:cb:32:82:
         15:c5:3a:0e:cc:aa:d2:f2:30:ed:d0:98:d6:94:5e:f2:3d:0b:
         39:d5:11:fa:db:0d:d0:97:6a:de:d8:da:39:b8:08:b3:5e:7a:
         d8:85:82:a7:a8:e9:d7:41:28:c8:e2:3c:f3:66:27:33:64:14:
         47:20:1d:bc:87:a0:2b:46:19:43:87:f3:fb:f4:f9:86:c2:05:
         9a:2d:4f:cf:a6:ee:fd:14:79:6f:7e:97:39:11:77:a7:3e:71:
         2d:2d:f1:f5:99:a0:b2:af:a5:de:99:26:ef:94:3e:73:a2:65:
         fc:a2:da:31:db:6b:3c:aa:9c:3b:44:f6:68:16:f6:e8:fe:09:
         4e:d8:9b:ba
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXJYTzvR69mAroszeTasAlAt14mEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMDFaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDM5N2JmMmI3MzIwMTlhZDllNzA2NmE4YzNmNmY2N2NhMWEyODlkMDJhNjQw
ODQ4YzhiNzdiYjg2YzAzNWQ2YzMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALT3HXpfeHO1w4mpQ6bVUnSp6XVucy1JWGAYmAfSYV14pyCXERbUKPWvju3H
IDk0B4XTpjp8GjqgQimWDvyEmnRXnNbhDCNXiaKWx5n6Fq+3Ij+wlq15udFLwF+u
3eOBK4qKVhlgdQ1W+PfvueGlb2Ztlcoy0LYs4Rnc1yA4FkS08+j1YF8qW9I30Dt4
b3p7zRz+7LoAGGLFSsRPO1HBli7FjntV9mKbOZxJn55TsEDHc2fsE+Za/EOyDlYJ
EFE3cFnh8qer79nlWs5nRqvLfq+t3DwnitZuBURsu62rkvEMnrb2Q+se2aMLekV1
JEGuLa+xwJWmD141QILOkvH3CVMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBREEFLL
CfCBgQZ3r6TrtPJtE3p4ejAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YmZkNDYyYmQtMmUxZi00ODVmLWFhOWMtZTdlMGMwYmNiNjkwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8eg
MA0GCSqGSIb3DQEBCwUAA4IBAQAe++YBJVemM60edqlfOKC6c1pUlUpHWDiDuPm/
ypKqz4tA6lZLn8psk4dpiIpsmuMf7Gpib8LxyHQPoJ83doZPlMgqsaVq/iCWIsBv
zs1mehpEP24co1KsFaRWcYPWRGLBeeUH5BhJzHVPKrLTGDN5Ifzvs1OEF0AuNj7L
MoIVxToOzKrS8jDt0JjWlF7yPQs51RH62w3Ql2re2No5uAizXnrYhYKnqOnXQSjI
4jzzZiczZBRHIB28h6ArRhlDh/P79PmGwgWaLU/Ppu79FHlvfpc5EXenPnEtLfH1
maCyr6XemSbvlD5zomX8otox22s8qpw7RPZoFvbo/glO2Ju6
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:46:32 2025 by rpki-client