Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/c2e3ffab-b8ab-476f-9c6e-5e4842d705f6.roa
File:                     c2e3ffab-b8ab-476f-9c6e-5e4842d705f6.roa (raw, json)
Hash identifier:          9JcVeHOc+4LWGHxg4eA7CKx/3o4JyvsPvAMlF3q7Lic=
Subject key identifier:   5D:1C:FD:1E:C4:23:EB:C8:9A:95:4F:2E:28:F9:D3:B6:11:DB:66:A5
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       309AC1774266B4CD7A2F0E45CC064BDE70E18909
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/c2e3ffab-b8ab-476f-9c6e-5e4842d705f6.roa
Signing time:             Mon 29 Sep 2025 15:40:22 +0000
ROA not before:           Mon 29 Sep 2025 15:40:22 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:1800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:9a:c1:77:42:66:b4:cd:7a:2f:0e:45:cc:06:4b:de:70:e1:89:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:40:22 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=5e25a3df0989e796fd67ec0c96a524e2b1264a43ff0afd3513cbcd27132d64fc, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:32:00:f1:6a:d9:55:cd:2b:76:eb:4c:36:74:
                    53:cf:41:e3:07:32:77:24:df:8d:6f:ee:50:09:65:
                    26:ae:99:7d:41:f7:0c:b2:2a:fc:2b:45:f3:16:7e:
                    31:c6:f2:a4:76:0d:48:e4:06:d2:b4:1b:48:82:79:
                    a6:4e:88:5b:77:6d:7e:11:59:e5:08:f8:8b:42:f0:
                    e6:c6:d6:53:e8:db:1c:66:98:57:97:4c:9e:b1:25:
                    2e:8c:53:75:fb:23:d8:8e:52:ac:66:19:4b:76:f1:
                    54:ef:bf:53:dc:db:e3:2e:b2:3b:a9:9f:f1:8c:ea:
                    5b:69:30:80:14:c7:56:9e:5a:03:93:fa:57:ce:10:
                    87:54:9c:43:87:ff:1c:f7:6a:82:f7:fc:15:c5:d2:
                    dd:a3:35:d8:9f:2e:e6:90:16:20:f1:5d:1a:56:a0:
                    fb:9f:09:9d:f5:df:e3:fb:c3:f7:fd:40:6e:d1:13:
                    e6:d3:15:c4:8a:e2:ff:6f:42:d3:20:c4:f8:0e:c1:
                    da:07:29:99:45:d7:00:2f:54:bc:ce:0a:2d:e2:3a:
                    2d:c4:f3:cd:b5:35:42:39:e5:4c:37:ae:2f:e1:32:
                    7a:93:56:8a:05:bc:d6:c2:f9:9a:f4:a5:0d:e5:1a:
                    58:ed:af:8a:e7:47:01:36:cb:b8:fc:d4:4e:f6:46:
                    20:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:1C:FD:1E:C4:23:EB:C8:9A:95:4F:2E:28:F9:D3:B6:11:DB:66:A5
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/c2e3ffab-b8ab-476f-9c6e-5e4842d705f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:1800::/40

    Signature Algorithm: sha256WithRSAEncryption
         97:58:ae:9b:0a:99:82:04:0d:f1:f3:c8:bc:c5:06:de:0f:56:
         aa:a9:24:3f:a2:85:15:59:2a:61:cf:3d:20:a4:25:cf:95:75:
         3e:96:87:87:96:eb:e9:16:c9:4f:63:e9:c9:0f:ed:65:93:a1:
         ce:38:c0:4c:43:17:97:a3:85:bf:94:40:a0:69:46:e1:22:f4:
         07:9c:50:9c:d4:34:53:1f:12:78:6d:d8:47:2b:0a:3c:db:81:
         89:70:69:3a:e1:bc:e3:18:a1:d1:be:ef:8d:3c:98:4c:5b:42:
         1e:4d:20:32:fc:71:0c:30:b3:02:ef:8a:cb:19:09:8e:3c:65:
         d5:05:b4:78:00:9a:37:f5:23:6b:b0:c6:74:48:07:21:6e:06:
         61:39:e7:23:b9:57:28:85:f1:f0:d0:81:85:e8:b3:80:e8:f8:
         53:1d:a0:6c:8c:88:28:de:1a:3c:e6:21:f6:81:ca:5f:24:a2:
         44:6a:97:8c:d0:ba:7a:12:19:6e:a5:32:27:3c:f8:0e:0f:17:
         4e:cb:68:0a:7a:3d:46:8d:4a:fe:7f:79:94:88:60:ce:31:e7:
         31:ef:40:39:06:a4:90:f5:f3:da:0a:90:4f:e5:9c:4e:6e:79:
         dd:9c:37:6b:95:73:60:3d:5a:31:7a:25:52:e3:ee:42:e0:d5:
         d5:27:6c:55
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMJrBd0JmtM16Lw5FzAZL3nDhiQkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMjJaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDVlMjVhM2RmMDk4OWU3OTZmZDY3ZWMwYzk2YTUyNGUyYjEyNjRhNDNmZjBh
ZmQzNTEzY2JjZDI3MTMyZDY0ZmMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ4yAPFq2VXNK3brTDZ0U89B4wcydyTfjW/uUAllJq6ZfUH3DLIq/CtF8xZ+
McbypHYNSOQG0rQbSIJ5pk6IW3dtfhFZ5Qj4i0Lw5sbWU+jbHGaYV5dMnrElLoxT
dfsj2I5SrGYZS3bxVO+/U9zb4y6yO6mf8YzqW2kwgBTHVp5aA5P6V84Qh1ScQ4f/
HPdqgvf8FcXS3aM12J8u5pAWIPFdGlag+58JnfXf4/vD9/1AbtET5tMVxIri/29C
0yDE+A7B2gcpmUXXAC9UvM4KLeI6LcTzzbU1QjnlTDeuL+EyepNWigW81sL5mvSl
DeUaWO2viudHATbLuPzUTvZGIL8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRdHP0e
xCPryJqVTy4o+dO2EdtmpTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YzJlM2ZmYWItYjhhYi00NzZmLTljNmUtNWU0ODQyZDcwNWY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8cY
MA0GCSqGSIb3DQEBCwUAA4IBAQCXWK6bCpmCBA3x88i8xQbeD1aqqSQ/ooUVWSph
zz0gpCXPlXU+loeHluvpFslPY+nJD+1lk6HOOMBMQxeXo4W/lECgaUbhIvQHnFCc
1DRTHxJ4bdhHKwo824GJcGk64bzjGKHRvu+NPJhMW0IeTSAy/HEMMLMC74rLGQmO
PGXVBbR4AJo39SNrsMZ0SAchbgZhOecjuVcohfHw0IGF6LOA6PhTHaBsjIgo3ho8
5iH2gcpfJKJEapeM0Lp6EhlupTInPPgODxdOy2gKej1GjUr+f3mUiGDOMecx70A5
BqSQ9fPaCpBP5ZxObnndnDdrlXNgPVoxeiVS4+5C4NXVJ2xV
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:46:41 2025 by rpki-client