Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/e1d00d70-da0c-4922-8124-95401dba4efc.roa
File:                     e1d00d70-da0c-4922-8124-95401dba4efc.roa (raw, json)
Hash identifier:          4NmJOo7RB3mdEMzQosLemqDTvcEUye1DAFsxyDwwo2U=
Subject key identifier:   07:7F:BE:BB:DE:87:8E:55:4C:B5:C2:52:A4:AE:C4:6A:FA:EF:58:94
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       7BF88F1E0113DB28B05730C7EA0BF8BD20ECECD5
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/e1d00d70-da0c-4922-8124-95401dba4efc.roa
Signing time:             Mon 29 Sep 2025 15:39:27 +0000
ROA not before:           Mon 29 Sep 2025 15:39:27 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:f8c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:f8:8f:1e:01:13:db:28:b0:57:30:c7:ea:0b:f8:bd:20:ec:ec:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:39:27 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=8d7ac7596ff1ee3d0326031e2cc00562720639b7e503809487e8fe7df606685a, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:1c:df:9c:18:9e:0d:fb:e3:32:2a:e3:c2:a3:
                    24:1d:1a:e8:87:06:5e:aa:ff:85:f3:7c:a6:00:94:
                    52:23:b7:49:c5:46:fe:17:2b:49:ca:54:b7:72:0f:
                    e7:d9:a4:54:33:5f:7b:5b:42:c9:0a:43:15:f2:23:
                    86:80:fd:dd:9d:5e:da:c0:0f:db:54:b7:ba:0c:44:
                    46:87:b7:7a:e7:8e:6b:be:5b:9d:f0:64:aa:9f:6e:
                    a0:af:d9:b7:e0:38:4a:ec:87:3e:89:09:c0:a4:50:
                    6b:51:6a:f3:b7:02:8d:4e:57:39:33:36:d7:d7:b8:
                    aa:16:54:5b:9c:d4:f9:f7:44:c6:6b:76:77:98:7c:
                    04:92:e1:68:36:d7:d6:ae:51:75:b7:f8:6a:cf:2a:
                    ad:20:02:2d:72:22:da:ee:1d:31:6a:72:bc:48:97:
                    a4:46:72:03:d8:63:40:db:f2:da:f5:36:2e:76:64:
                    d8:53:4c:d7:1c:6c:a3:e7:13:a0:6d:ea:39:e7:cc:
                    15:7e:72:bd:30:b9:db:13:84:41:89:e6:19:43:85:
                    12:c2:2b:fe:d2:df:e6:9f:10:6d:67:78:2c:43:fb:
                    96:dc:02:ed:44:60:9a:69:58:60:6d:ff:f4:8c:d8:
                    3b:37:ac:99:87:e4:e9:e6:36:32:4b:4c:ed:b4:61:
                    b9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:7F:BE:BB:DE:87:8E:55:4C:B5:C2:52:A4:AE:C4:6A:FA:EF:58:94
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/e1d00d70-da0c-4922-8124-95401dba4efc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:f8c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:ff:67:a2:77:7c:bf:05:dd:62:b5:61:fa:fb:c7:d6:e7:31:
         9b:59:23:ea:d2:82:9f:c4:0b:e6:16:c8:23:0b:87:21:94:5f:
         13:58:0b:dc:c7:f8:0d:f8:7f:e7:b1:22:9f:03:44:37:f8:9f:
         12:da:43:de:5e:a3:6b:b8:d6:64:4f:b7:18:09:db:57:07:d7:
         d4:b1:fe:4b:75:55:3a:c6:04:b0:70:f3:b3:47:91:f7:9b:91:
         de:03:50:92:3d:cf:9a:7b:21:81:23:07:0b:b2:c6:87:5b:bd:
         a4:9a:dd:9f:38:0e:06:fb:1c:85:41:9a:f2:47:bd:81:41:dd:
         f2:32:73:ab:8b:a9:eb:8b:0b:9c:cb:eb:a9:fc:34:e6:0f:d5:
         73:7c:c8:d7:0a:2f:08:4b:e0:d3:51:5c:4b:73:52:46:8b:c7:
         e2:37:e3:37:bc:b5:29:ab:f7:bd:ce:76:4a:21:f2:69:79:59:
         ae:b2:ab:56:8d:7d:9d:a5:54:d8:d9:cb:15:0f:e6:b6:29:c2:
         12:1a:92:88:84:f4:3a:5a:61:aa:31:de:8f:4e:81:ad:c2:64:
         b5:67:8f:0e:9a:72:9b:8c:e3:8b:b5:d4:08:7c:c4:d8:17:d2:
         35:2c:84:32:c2:cc:5e:87:58:c9:5b:f3:41:58:55:fd:cc:02:
         a1:28:3d:5b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUe/iPHgET2yiwVzDH6gv4vSDs7NUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTM5MjdaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkN2FjNzU5NmZmMWVlM2QwMzI2MDMxZTJjYzAwNTYyNzIwNjM5YjdlNTAz
ODA5NDg3ZThmZTdkZjYwNjY4NWExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANUc35wYng374zIq48KjJB0a6IcGXqr/hfN8pgCUUiO3ScVG/hcrScpUt3IP
59mkVDNfe1tCyQpDFfIjhoD93Z1e2sAP21S3ugxERoe3eueOa75bnfBkqp9uoK/Z
t+A4SuyHPokJwKRQa1Fq87cCjU5XOTM219e4qhZUW5zU+fdExmt2d5h8BJLhaDbX
1q5Rdbf4as8qrSACLXIi2u4dMWpyvEiXpEZyA9hjQNvy2vU2LnZk2FNM1xxso+cT
oG3qOefMFX5yvTC52xOEQYnmGUOFEsIr/tLf5p8QbWd4LEP7ltwC7URgmmlYYG3/
9IzYOzesmYfk6eY2MktM7bRhuTcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQHf767
3oeOVUy1wlKkrsRq+u9YlDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZTFkMDBkNzAtZGEwYy00OTIyLTgxMjQtOTU0MDFkYmE0ZWZjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8f4
wDANBgkqhkiG9w0BAQsFAAOCAQEAW/9nond8vwXdYrVh+vvH1ucxm1kj6tKCn8QL
5hbIIwuHIZRfE1gL3Mf4Dfh/57EinwNEN/ifEtpD3l6ja7jWZE+3GAnbVwfX1LH+
S3VVOsYEsHDzs0eR95uR3gNQkj3PmnshgSMHC7LGh1u9pJrdnzgOBvschUGa8ke9
gUHd8jJzq4up64sLnMvrqfw05g/Vc3zI1wovCEvg01FcS3NSRovH4jfjN7y1Kav3
vc52SiHyaXlZrrKrVo19naVU2NnLFQ/mtinCEhqSiIT0OlphqjHej06BrcJktWeP
Dppym4zji7XUCHzE2BfSNSyEMsLMXodYyVvzQVhV/cwCoSg9Ww==
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:56 2025 by rpki-client