Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ccefeaa3-50fd-4fb5-a0d6-682ea894c5e1.roa
File:                     ccefeaa3-50fd-4fb5-a0d6-682ea894c5e1.roa (raw, json)
Hash identifier:          VEHjLAmqEFO3bn//LXjm0ieG3R4ASrL1p9nvIUERjgo=
Subject key identifier:   F4:DA:5C:7D:29:30:7D:9C:11:EE:9C:CB:F1:93:34:87:7F:F8:80:25
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       18FFE588F841DAF61958F2A12904C0A6BBC0FE98
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ccefeaa3-50fd-4fb5-a0d6-682ea894c5e1.roa
Signing time:             Mon 29 Sep 2025 15:39:32 +0000
ROA not before:           Mon 29 Sep 2025 15:39:32 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:5800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ff:e5:88:f8:41:da:f6:19:58:f2:a1:29:04:c0:a6:bb:c0:fe:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:39:32 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=3a75f105238164bed1d4f744f5ae9bcb37952d39858fcedf82dceb7fbfd7d5fe, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7b:48:05:f6:93:a8:6c:1e:de:65:89:7b:40:
                    45:a4:e7:ee:aa:8f:43:a0:71:d8:2b:b3:9f:47:04:
                    3c:85:c7:c7:e1:87:cc:a7:5f:49:12:f3:e5:b1:c8:
                    a5:2e:4d:9f:78:fd:56:84:60:24:6f:31:31:9b:f8:
                    f3:9e:46:6f:65:52:d2:0f:71:29:68:94:7e:e9:2a:
                    fc:79:07:b4:8e:52:b6:23:e5:80:94:e9:57:64:c9:
                    0a:07:e5:4b:9b:d9:88:eb:f5:1d:a6:03:b5:4f:ea:
                    f8:af:32:81:c4:dd:e8:93:d5:0b:6d:30:59:fc:1c:
                    a5:f4:fa:87:f7:4f:2a:4d:7b:5d:0c:33:8e:4d:81:
                    62:b1:d8:1a:fb:55:9c:67:df:98:31:08:b1:27:84:
                    b8:63:7a:de:62:9f:69:c9:c9:32:49:b7:3c:37:f6:
                    17:72:5a:a0:94:27:0e:17:90:ea:75:30:0e:50:9c:
                    a1:b6:70:32:87:2f:f0:86:76:f6:2d:38:ec:97:ed:
                    08:9b:84:b4:49:f6:20:42:0e:05:1d:9c:b1:c7:cb:
                    ff:00:2f:c9:a0:65:6d:9a:b6:3e:8b:69:50:d6:70:
                    d8:4c:cd:48:fd:72:6e:e9:1a:8d:fd:51:20:69:d8:
                    06:c5:32:9a:2b:ac:d3:02:2d:da:97:43:39:a7:21:
                    84:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DA:5C:7D:29:30:7D:9C:11:EE:9C:CB:F1:93:34:87:7F:F8:80:25
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ccefeaa3-50fd-4fb5-a0d6-682ea894c5e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:5800::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:da:21:59:40:72:4e:8a:9b:73:2a:41:4b:20:67:b5:05:c3:
         01:aa:9b:75:47:bf:30:0f:73:ac:74:04:92:2b:b5:4a:f9:61:
         ac:13:0b:6a:29:ca:ef:32:6e:40:32:25:75:9e:64:49:48:58:
         b4:e1:3e:49:a3:c3:0c:85:34:fd:6c:36:e2:fe:1f:5d:6c:ad:
         45:8c:80:66:40:64:48:b7:50:7a:2e:9e:53:6e:c9:d2:1d:ae:
         c4:09:b9:78:d6:83:ed:66:56:c8:54:7f:3e:40:37:d9:c7:10:
         7e:95:2c:68:f9:c9:96:81:82:5c:e9:5d:3f:b0:54:e6:58:f2:
         2b:d1:fd:53:bb:3a:07:63:94:51:2c:83:7c:10:17:14:98:3a:
         69:9b:e6:a5:64:ad:cf:b5:8c:0b:f3:24:e1:14:c3:d4:cb:27:
         44:ca:48:63:99:79:22:de:be:2a:72:bf:92:c2:b0:3f:d8:d6:
         69:e1:98:d0:d7:2d:cb:37:b9:88:6c:3a:3d:2b:af:07:de:8b:
         ad:a8:84:f2:65:64:4e:fe:0d:ab:75:c8:05:80:72:e9:03:d4:
         90:12:29:2c:ef:e4:af:aa:6a:a5:b3:f2:86:24:de:93:30:00:
         c1:70:b7:5d:28:17:6d:63:f5:7e:77:9b:e1:e8:8d:38:6e:0e:
         ed:ac:be:a3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGP/liPhB2vYZWPKhKQTAprvA/pgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTM5MzJaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDNhNzVmMTA1MjM4MTY0YmVkMWQ0Zjc0NGY1YWU5YmNiMzc5NTJkMzk4NThm
Y2VkZjgyZGNlYjdmYmZkN2Q1ZmUxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMt7SAX2k6hsHt5liXtARaTn7qqPQ6Bx2Cuzn0cEPIXHx+GHzKdfSRLz5bHI
pS5Nn3j9VoRgJG8xMZv4855Gb2VS0g9xKWiUfukq/HkHtI5StiPlgJTpV2TJCgfl
S5vZiOv1HaYDtU/q+K8ygcTd6JPVC20wWfwcpfT6h/dPKk17XQwzjk2BYrHYGvtV
nGffmDEIsSeEuGN63mKfacnJMkm3PDf2F3JaoJQnDheQ6nUwDlCcobZwMocv8IZ2
9i047JftCJuEtEn2IEIOBR2cscfL/wAvyaBlbZq2PotpUNZw2EzNSP1ybukajf1R
IGnYBsUymius0wIt2pdDOachhBUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT02lx9
KTB9nBHunMvxkzSHf/iAJTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
Y2NlZmVhYTMtNTBmZC00ZmI1LWEwZDYtNjgyZWE4OTRjNWUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8dY
MA0GCSqGSIb3DQEBCwUAA4IBAQAk2iFZQHJOiptzKkFLIGe1BcMBqpt1R78wD3Os
dASSK7VK+WGsEwtqKcrvMm5AMiV1nmRJSFi04T5Jo8MMhTT9bDbi/h9dbK1FjIBm
QGRIt1B6Lp5TbsnSHa7ECbl41oPtZlbIVH8+QDfZxxB+lSxo+cmWgYJc6V0/sFTm
WPIr0f1TuzoHY5RRLIN8EBcUmDppm+alZK3PtYwL8yThFMPUyydEykhjmXki3r4q
cr+SwrA/2NZp4ZjQ1y3LN7mIbDo9K68H3outqITyZWRO/g2rdcgFgHLpA9SQEiks
7+Svqmqls/KGJN6TMADBcLddKBdtY/V+d5vh6I04bg7trL6j
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:47:03 2025 by rpki-client