Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/cd8f07c9-abc1-41dd-bad4-c7e5bf0bd4c5.roa
File:                     cd8f07c9-abc1-41dd-bad4-c7e5bf0bd4c5.roa (raw, json)
Hash identifier:          zuOmisAk4FTXHBrlfGj4Yd7K/Yjtdlt4FuwdZymzg6c=
Subject key identifier:   27:12:17:3B:98:0C:BD:35:89:28:AE:D6:8D:C1:C5:A8:C5:F0:E6:05
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       4C0DBC9A7E1C925571BD2367C6ED7A55BFF1E8C0
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/cd8f07c9-abc1-41dd-bad4-c7e5bf0bd4c5.roa
Signing time:             Mon 29 Sep 2025 15:39:59 +0000
ROA not before:           Mon 29 Sep 2025 15:39:59 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2001:3fc4::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:0d:bc:9a:7e:1c:92:55:71:bd:23:67:c6:ed:7a:55:bf:f1:e8:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:39:59 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=78072bfc182dfa6460e6395705f32d55e1981780ce0fc043a2907a9bf6f8fc49, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9c:58:7b:25:52:f5:10:fc:3a:99:36:75:6b:
                    cb:54:6a:0f:70:55:a2:7b:bf:d3:92:4d:2c:9b:39:
                    51:13:8b:7e:16:94:28:6f:a9:6f:f3:c5:c2:78:84:
                    11:77:d7:38:5e:77:13:23:f6:6d:e4:a5:61:d3:a6:
                    60:44:2e:9e:f2:f5:ae:b2:c4:12:6d:55:d6:c9:4b:
                    39:d4:48:b8:30:0c:64:d1:97:f2:9d:ad:fb:58:8e:
                    e6:a9:cb:19:0f:b1:e1:2a:1f:ab:91:7e:43:5a:5a:
                    53:dc:62:c9:69:5a:63:d9:6a:c7:34:ba:0d:82:c1:
                    a4:e4:08:64:24:22:7c:df:a8:86:60:81:f7:e9:07:
                    b3:18:c5:61:85:78:21:8f:38:a8:f0:ac:bd:e2:6d:
                    ca:b7:a5:61:f5:ee:d0:4a:7e:93:9e:48:16:0f:6d:
                    2f:19:b8:20:8f:b4:19:e9:a6:46:88:9b:c2:3e:5b:
                    53:84:59:dc:c0:a3:52:b8:c7:b0:bf:18:b4:58:26:
                    79:0d:c0:e8:ae:17:a8:70:f1:58:43:00:b4:80:21:
                    a3:71:8c:1a:f2:20:2c:f2:82:d0:4a:64:db:64:25:
                    38:c6:62:c0:01:aa:f8:ec:2c:16:a7:ce:80:2f:27:
                    4c:3d:59:a3:8b:24:a6:3f:32:20:54:35:a2:51:8d:
                    4a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:12:17:3B:98:0C:BD:35:89:28:AE:D6:8D:C1:C5:A8:C5:F0:E6:05
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/cd8f07c9-abc1-41dd-bad4-c7e5bf0bd4c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc4::/36

    Signature Algorithm: sha256WithRSAEncryption
         18:4f:8a:08:5c:0c:d4:0c:0b:a4:8c:59:be:01:a3:c3:8f:03:
         3e:ea:3a:84:f4:bf:7c:e4:6b:65:0f:38:e9:d3:61:46:dd:65:
         5b:ea:70:35:e6:2d:fb:cf:8a:40:07:79:ce:02:8a:25:5b:b3:
         b5:2d:45:62:38:f1:4d:6c:e0:d5:7e:c7:42:46:7f:0d:8a:f6:
         60:85:e0:89:48:92:df:e5:f6:6f:08:c6:d1:a1:07:97:88:cd:
         5a:9e:9e:1e:78:a7:94:1c:4a:99:b6:ee:02:0d:cf:64:63:c8:
         ec:01:5a:0d:49:0d:66:7f:e9:c6:1b:7d:b3:52:1f:98:ba:c4:
         09:02:2d:c8:8d:2b:ba:e8:d5:34:d3:b4:63:7d:4f:ba:37:41:
         e0:55:ab:83:e5:65:b3:d7:fe:bd:b8:c9:84:7c:cf:79:e7:cd:
         68:38:2b:1d:97:88:99:0c:62:d9:1b:00:8a:ce:1d:53:5d:56:
         68:73:a0:f5:95:4b:78:e3:41:c3:f7:1b:c6:15:7e:b9:61:d8:
         04:b7:ff:f0:25:3d:13:5c:3f:6a:36:07:57:b4:a0:0b:9f:f9:
         2e:7e:ae:05:27:02:08:02:55:8e:74:2c:d2:24:b1:ef:a8:0b:
         4e:ae:a4:3c:52:48:cc:41:c8:7a:76:bf:fc:1c:26:06:dc:a6:
         99:2c:bb:73
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTA28mn4cklVxvSNnxu16Vb/x6MAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTM5NTlaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDc4MDcyYmZjMTgyZGZhNjQ2MGU2Mzk1NzA1ZjMyZDU1ZTE5ODE3ODBjZTBm
YzA0M2EyOTA3YTliZjZmOGZjNDkxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmcWHslUvUQ/DqZNnVry1RqD3BVonu/05JNLJs5UROLfhaUKG+pb/PFwniE
EXfXOF53EyP2beSlYdOmYEQunvL1rrLEEm1V1slLOdRIuDAMZNGX8p2t+1iO5qnL
GQ+x4Sofq5F+Q1paU9xiyWlaY9lqxzS6DYLBpOQIZCQifN+ohmCB9+kHsxjFYYV4
IY84qPCsveJtyrelYfXu0Ep+k55IFg9tLxm4II+0GemmRoibwj5bU4RZ3MCjUrjH
sL8YtFgmeQ3A6K4XqHDxWEMAtIAho3GMGvIgLPKC0Epk22QlOMZiwAGq+OwsFqfO
gC8nTD1Zo4skpj8yIFQ1olGNSncCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQnEhc7
mAy9NYkortaNwcWoxfDmBTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
Y2Q4ZjA3YzktYWJjMS00MWRkLWJhZDQtYzdlNWJmMGJkNGM1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8QA
MA0GCSqGSIb3DQEBCwUAA4IBAQAYT4oIXAzUDAukjFm+AaPDjwM+6jqE9L985Gtl
Dzjp02FG3WVb6nA15i37z4pAB3nOAoolW7O1LUViOPFNbODVfsdCRn8NivZgheCJ
SJLf5fZvCMbRoQeXiM1anp4eeKeUHEqZtu4CDc9kY8jsAVoNSQ1mf+nGG32zUh+Y
usQJAi3IjSu66NU007RjfU+6N0HgVauD5WWz1/69uMmEfM95581oOCsdl4iZDGLZ
GwCKzh1TXVZoc6D1lUt440HD9xvGFX65YdgEt//wJT0TXD9qNgdXtKALn/kufq4F
JwIIAlWOdCzSJLHvqAtOrqQ8UkjMQch6dr/8HCYG3KaZLLtz
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:42:12 2025 by rpki-client