Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/d0c16247-cad2-4748-8340-6fe2e6d8ce6f.roa
File:                     d0c16247-cad2-4748-8340-6fe2e6d8ce6f.roa (raw, json)
Hash identifier:          6CrINj7hebjQ7EmhoAsWKdnK3YDK73UiK1qa1di3MWA=
Subject key identifier:   1D:41:FA:28:5E:DC:A9:32:4A:B6:FC:64:80:CE:EA:27:34:C6:86:5F
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       4F4428E51949C662FCDF496C52FD60FA96046878
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/d0c16247-cad2-4748-8340-6fe2e6d8ce6f.roa
Signing time:             Mon 29 Sep 2025 15:40:15 +0000
ROA not before:           Mon 29 Sep 2025 15:40:15 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc3:800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:44:28:e5:19:49:c6:62:fc:df:49:6c:52:fd:60:fa:96:04:68:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:40:15 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=c3210099c1c910f7e8975cf3907eaaf027d5a8db21eea4ea6bec21acba4b9b1b, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:92:dc:9c:f9:6c:29:bd:b8:b3:b2:a4:14:5c:
                    e8:af:13:35:bb:dc:c4:9a:b5:0f:a5:b9:b6:f4:31:
                    de:ab:4d:43:89:e7:61:80:4f:d5:f5:19:e1:33:5c:
                    ec:9f:13:a8:1a:5c:3a:83:9f:c0:14:61:06:20:6c:
                    4c:c7:fd:8a:c1:c2:5c:63:d2:92:e8:60:e9:5a:85:
                    70:52:00:bb:be:04:df:48:27:4d:68:41:bf:11:40:
                    c9:40:2f:29:74:40:db:9c:68:c0:c8:4d:3b:52:bb:
                    b8:4f:9d:f4:c1:ae:fc:f3:93:6e:37:e2:9a:d3:09:
                    62:b0:b0:58:60:c5:46:e8:29:52:dd:a7:4b:5f:0b:
                    6e:4c:da:9d:0f:a0:8d:aa:df:e3:1e:e5:29:75:e0:
                    2e:0a:46:b0:15:f8:7e:af:ad:b5:93:7e:8e:22:a2:
                    ea:09:e2:fb:14:a9:28:cb:95:70:86:0b:02:f1:28:
                    66:ee:3f:00:e9:09:55:e7:6c:a2:81:02:74:4e:3a:
                    05:0a:16:14:9e:c5:e6:5e:48:63:4f:0c:91:2a:22:
                    4d:6b:73:2a:bb:dd:3f:62:cf:e0:54:1b:6c:f3:05:
                    37:3b:e9:a4:2e:99:11:b6:e3:73:dc:15:5d:ba:54:
                    03:88:9f:61:02:55:d3:15:61:b3:aa:0f:1f:9c:04:
                    ba:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:41:FA:28:5E:DC:A9:32:4A:B6:FC:64:80:CE:EA:27:34:C6:86:5F
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/d0c16247-cad2-4748-8340-6fe2e6d8ce6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc3:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         0e:74:ba:ec:5a:68:99:5a:a2:1e:32:07:5a:3c:e5:7f:05:60:
         52:2e:31:f7:5e:83:e6:89:bd:cc:c2:d5:9c:fb:18:ea:90:71:
         05:7a:05:8e:64:29:ac:38:bc:ad:4d:a2:0b:ab:60:7e:63:b2:
         46:0c:21:3d:16:4e:f3:89:40:44:59:80:04:09:e6:64:30:77:
         9f:11:6e:3d:ca:1f:be:d2:3f:e6:9e:11:0b:e2:60:01:17:84:
         ef:f5:3f:8f:86:6d:c5:8b:c0:05:f2:9c:60:8e:85:81:03:74:
         28:f4:c7:12:44:17:7e:d0:b3:20:6a:41:b8:0b:31:90:eb:31:
         48:53:a3:31:5c:a2:b9:aa:53:c2:f9:ef:91:b9:bb:3f:71:47:
         d4:46:02:ec:e1:d2:36:be:61:12:fd:c6:46:8f:40:c9:12:11:
         1f:67:0a:82:dd:0b:d5:e7:f8:59:d4:8d:f4:d6:6c:68:cf:34:
         ac:e0:79:b5:0d:5f:6a:54:9d:94:05:c9:68:0d:92:c7:6a:4c:
         1f:3c:12:b8:57:35:19:90:c1:0b:f1:86:c1:ae:40:94:06:4e:
         bd:8c:ce:b9:df:24:77:a8:41:6d:f9:90:0e:f9:6e:07:e9:17:
         23:ea:51:a9:ab:2c:8d:1d:56:ec:55:e3:99:96:c2:1e:8c:db:
         96:eb:54:5a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUT0Qo5RlJxmL830lsUv1g+pYEaHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMTVaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGMzMjEwMDk5YzFjOTEwZjdlODk3NWNmMzkwN2VhYWYwMjdkNWE4ZGIyMWVl
YTRlYTZiZWMyMWFjYmE0YjliMWIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSS3Jz5bCm9uLOypBRc6K8TNbvcxJq1D6W5tvQx3qtNQ4nnYYBP1fUZ4TNc
7J8TqBpcOoOfwBRhBiBsTMf9isHCXGPSkuhg6VqFcFIAu74E30gnTWhBvxFAyUAv
KXRA25xowMhNO1K7uE+d9MGu/POTbjfimtMJYrCwWGDFRugpUt2nS18LbkzanQ+g
jarf4x7lKXXgLgpGsBX4fq+ttZN+jiKi6gni+xSpKMuVcIYLAvEoZu4/AOkJVeds
ooECdE46BQoWFJ7F5l5IY08MkSoiTWtzKrvdP2LP4FQbbPMFNzvppC6ZEbbjc9wV
XbpUA4ifYQJV0xVhs6oPH5wEuvMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQdQfoo
XtypMkq2/GSAzuonNMaGXzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZDBjMTYyNDctY2FkMi00NzQ4LTgzNDAtNmZlMmU2ZDhjZTZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8MI
MA0GCSqGSIb3DQEBCwUAA4IBAQAOdLrsWmiZWqIeMgdaPOV/BWBSLjH3XoPmib3M
wtWc+xjqkHEFegWOZCmsOLytTaILq2B+Y7JGDCE9Fk7ziUBEWYAECeZkMHefEW49
yh++0j/mnhEL4mABF4Tv9T+Phm3Fi8AF8pxgjoWBA3Qo9McSRBd+0LMgakG4CzGQ
6zFIU6MxXKK5qlPC+e+Rubs/cUfURgLs4dI2vmES/cZGj0DJEhEfZwqC3QvV5/hZ
1I301mxozzSs4Hm1DV9qVJ2UBcloDZLHakwfPBK4VzUZkMEL8YbBrkCUBk69jM65
3yR3qEFt+ZAO+W4H6Rcj6lGpqyyNHVbsVeOZlsIejNuW61Ra
-----END CERTIFICATE-----
Generated at Sun Oct 19 19:57:35 2025 by rpki-client