Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/de498a1d-80b4-453c-aa67-020204ad5b6b.roa
File:                     de498a1d-80b4-453c-aa67-020204ad5b6b.roa (raw, json)
Hash identifier:          xusQAJvJfGvl3AdPhdep0tTLZTdsAuMslZUTdE02X2w=
Subject key identifier:   34:16:89:39:06:F9:D2:35:8E:BD:37:38:36:B8:3F:65:08:22:D9:05
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       611735E3F91B505276BF2E8E5F1C94E43FD57744
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/de498a1d-80b4-453c-aa67-020204ad5b6b.roa
Signing time:             Sat 27 Sep 2025 00:53:13 +0000
ROA not before:           Sat 27 Sep 2025 00:53:13 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        2001:3fc7:d000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:17:35:e3:f9:1b:50:52:76:bf:2e:8e:5f:1c:94:e4:3f:d5:77:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 27 00:53:13 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=ce8c0fbb2f07b2ac747c5c2352fcca42bfa5959578e5ca4f276066b224ac7a5b, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:05:e7:87:ae:fc:da:d2:ce:49:de:b6:d3:8b:
                    ba:f9:e3:68:da:01:5e:0f:02:2a:4f:62:54:a0:d0:
                    66:eb:46:df:9f:46:87:e0:e2:9f:05:c4:e0:12:e4:
                    ba:b1:f3:89:40:9f:94:eb:94:db:3c:58:1d:1e:dd:
                    d7:2b:29:99:ef:83:b7:d7:bb:e6:15:a3:b4:45:14:
                    1a:a3:a4:cd:0a:8e:10:8b:84:ca:ef:0f:3f:2a:d0:
                    9d:17:6a:ce:85:ca:46:b1:37:cf:ed:cb:e7:a7:9d:
                    e0:70:21:6f:1a:b4:c6:4b:91:b0:e7:72:2e:18:f7:
                    65:95:95:61:6b:a3:c5:79:ef:f7:58:6f:8e:b1:f9:
                    51:1d:be:25:bd:ca:fa:2d:38:90:32:2b:49:d9:fa:
                    3f:64:82:4c:3c:a5:f9:a3:89:34:1e:b0:f4:5e:7c:
                    84:bf:3d:b5:46:95:7f:6c:ce:f5:67:e7:21:0e:b7:
                    a1:8f:57:c0:24:6d:f9:3e:f6:ae:ff:5b:18:2f:cf:
                    6c:ec:d0:4e:ab:76:94:91:37:50:8c:73:ab:13:82:
                    92:13:e8:0c:8a:a2:4b:50:9a:4c:82:ce:51:10:cb:
                    c0:a9:8e:a5:25:a8:49:ec:60:97:be:98:ef:9b:25:
                    ec:82:c1:44:b9:0a:1f:9e:cc:a7:bc:9b:e1:9e:53:
                    87:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:16:89:39:06:F9:D2:35:8E:BD:37:38:36:B8:3F:65:08:22:D9:05
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/de498a1d-80b4-453c-aa67-020204ad5b6b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:d000::/36

    Signature Algorithm: sha256WithRSAEncryption
         6e:e7:98:b8:ed:93:08:1d:7a:e0:9e:b5:68:11:3e:01:e3:88:
         c6:0d:71:ba:66:81:02:6d:1b:c6:42:c2:35:14:04:22:2c:c2:
         39:ac:2a:53:2e:4b:05:a2:ef:78:41:18:c5:4d:00:b1:01:6e:
         a6:ca:f7:95:81:80:19:31:c7:b9:a9:e7:2b:3b:79:30:20:81:
         99:c5:c2:62:d5:e6:3a:22:19:a6:44:27:75:c3:f6:b2:f2:3a:
         8a:26:a3:41:5b:3e:51:55:2b:6f:0b:b4:55:9e:c1:7f:94:80:
         58:b1:e4:58:0d:d6:62:bc:55:c7:4d:9c:fc:1c:ca:53:19:da:
         00:36:3f:b9:8e:a7:88:d8:a9:89:34:7a:7b:29:e9:ab:a5:ac:
         f4:5c:1c:dd:24:32:ff:59:a2:41:bc:3f:56:bc:8b:05:d8:4e:
         54:56:f2:09:bb:e5:b9:83:50:2f:9d:5b:99:60:68:ca:27:a9:
         0b:0e:b2:15:84:45:40:9a:31:2a:e7:cb:f4:6c:11:df:78:f3:
         73:60:19:cf:f1:1e:7d:5b:e3:da:33:ce:1a:de:89:bf:6a:4f:
         37:74:e0:7c:c6:bd:97:a0:02:cc:c0:17:d8:56:7e:ec:89:7b:
         3c:e8:b2:02:c8:b0:9b:ae:49:40:d5:06:9c:22:39:da:14:77:
         9d:32:18:a1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYRc14/kbUFJ2vy6OXxyU5D/Vd0QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjcwMDUzMTNaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGNlOGMwZmJiMmYwN2IyYWM3NDdjNWMyMzUyZmNjYTQyYmZhNTk1OTU3OGU1
Y2E0ZjI3NjA2NmIyMjRhYzdhNWIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJsF54eu/NrSzknettOLuvnjaNoBXg8CKk9iVKDQZutG359Gh+DinwXE4BLk
urHziUCflOuU2zxYHR7d1yspme+Dt9e75hWjtEUUGqOkzQqOEIuEyu8PPyrQnRdq
zoXKRrE3z+3L56ed4HAhbxq0xkuRsOdyLhj3ZZWVYWujxXnv91hvjrH5UR2+Jb3K
+i04kDIrSdn6P2SCTDyl+aOJNB6w9F58hL89tUaVf2zO9WfnIQ63oY9XwCRt+T72
rv9bGC/PbOzQTqt2lJE3UIxzqxOCkhPoDIqiS1CaTILOURDLwKmOpSWoSexgl76Y
75sl7ILBRLkKH57Mp7yb4Z5ThzECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ0Fok5
BvnSNY69Nzg2uD9lCCLZBTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZGU0OThhMWQtODBiNC00NTNjLWFhNjctMDIwMjA0YWQ1YjZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBu55i47ZMIHXrgnrVoET4B44jGDXG6ZoECbRvG
QsI1FAQiLMI5rCpTLksFou94QRjFTQCxAW6myveVgYAZMce5qecrO3kwIIGZxcJi
1eY6IhmmRCd1w/ay8jqKJqNBWz5RVStvC7RVnsF/lIBYseRYDdZivFXHTZz8HMpT
GdoANj+5jqeI2KmJNHp7Kemrpaz0XBzdJDL/WaJBvD9WvIsF2E5UVvIJu+W5g1Av
nVuZYGjKJ6kLDrIVhEVAmjEq58v0bBHfePNzYBnP8R59W+PaM84a3om/ak83dOB8
xr2XoALMwBfYVn7siXs86LICyLCbrklA1QacIjnaFHedMhih
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:46 2025 by rpki-client