Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa
File:                     ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa (raw, json)
Hash identifier:          4ChtuGTP5suT4n0lA+pvuDiqCWh0OuBpaFJnQsk7pFw=
Subject key identifier:   0A:05:CD:32:E5:DE:04:DF:3F:E7:C4:81:F0:9B:81:45:E6:9E:85:6A
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       2488679D6E78F78227A23F0FA2F7A92F301BE6CC
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa
Signing time:             Mon 29 Sep 2025 15:40:23 +0000
ROA not before:           Mon 29 Sep 2025 15:40:23 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:88:67:9d:6e:78:f7:82:27:a2:3f:0f:a2:f7:a9:2f:30:1b:e6:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 29 15:40:23 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=75e342533b10fbc219a43ea9b0d159f76bf08b7394ad1e31543ff996da77a111, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d7:fa:88:4e:6b:00:0c:a4:68:35:c1:2b:7f:
                    69:50:5e:d5:93:2c:c5:95:1c:41:33:0e:be:ed:7b:
                    5a:56:4b:f0:eb:fd:ee:cb:02:1a:b9:fe:7a:41:75:
                    bb:6b:9b:ad:c7:8d:15:bf:01:14:7f:03:1c:32:c8:
                    35:1e:ad:fe:60:ea:61:7d:b9:d0:c8:0e:96:1f:09:
                    d2:be:8d:89:91:5f:8f:24:69:e4:33:47:e7:72:be:
                    e2:7d:ed:7c:2b:ae:fd:27:cc:32:27:27:03:c7:82:
                    e1:f9:eb:47:0a:fa:d8:cc:b4:e8:77:be:ba:01:cd:
                    34:aa:cb:a5:d5:f8:a1:a7:89:d5:31:d5:41:95:76:
                    70:b5:a6:21:9e:3c:08:c6:54:1d:3b:83:ad:8f:ba:
                    83:03:90:ac:3d:b0:37:f4:cf:65:2f:fa:cc:76:6a:
                    48:63:3b:be:2e:0b:0c:d0:32:86:01:dd:f6:5e:e9:
                    a6:9e:fd:f1:34:ec:24:cc:f1:75:10:c1:d5:96:23:
                    ee:86:c2:2b:7e:91:4d:9a:3d:46:6b:4f:2c:13:b9:
                    b4:d3:f6:d6:4a:77:91:0e:19:f8:35:e5:a9:c6:1b:
                    c9:17:c0:f2:c8:bc:30:ff:3a:2f:35:f9:50:c6:c0:
                    b8:e6:6d:37:bf:f5:72:42:39:80:cc:2a:d3:80:bc:
                    4f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:05:CD:32:E5:DE:04:DF:3F:E7:C4:81:F0:9B:81:45:E6:9E:85:6A
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         04:40:10:d4:76:5a:07:c8:96:f8:a5:ed:6e:10:3e:36:b1:57:
         35:7f:f6:f3:99:bc:e9:19:e2:5d:21:0c:27:bf:48:01:28:27:
         5c:79:3d:40:e6:fa:70:55:ce:54:1a:6d:77:3b:3f:4e:3e:98:
         2f:26:ab:37:c4:fc:a8:16:98:64:9e:41:7b:9c:09:0d:08:da:
         11:63:7c:83:e1:87:a0:60:81:f5:ea:b3:73:09:fe:6b:5f:d4:
         5d:25:1d:e9:75:14:6e:83:c1:45:b9:01:dd:67:7b:57:30:71:
         51:c2:a0:40:db:92:6b:6f:1d:c0:18:6a:64:65:28:cb:a5:d9:
         94:53:96:66:3b:67:ac:ad:d4:9e:40:e9:81:14:b8:63:6d:8b:
         2b:27:a2:fa:76:01:01:9e:e9:4a:55:5a:53:aa:bc:b1:41:66:
         2f:60:09:2b:38:de:db:e9:12:80:e4:29:aa:4c:09:e1:f9:8a:
         9f:2d:48:24:e2:d7:a1:b9:a3:2d:ed:61:79:e6:98:65:88:18:
         48:53:30:ea:55:ee:cb:1e:03:df:57:c9:85:26:bf:0e:38:2b:
         48:08:50:bf:ef:93:02:e7:ec:91:24:cb:0a:44:ae:c4:13:4a:
         63:03:68:96:db:99:3b:b1:70:ab:65:bb:d8:6d:03:b4:4b:bb:
         45:5d:db:19
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJIhnnW5494Inoj8PovepLzAb5swwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMjNaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDc1ZTM0MjUzM2IxMGZiYzIxOWE0M2VhOWIwZDE1OWY3NmJmMDhiNzM5NGFk
MWUzMTU0M2ZmOTk2ZGE3N2ExMTExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALvX+ohOawAMpGg1wSt/aVBe1ZMsxZUcQTMOvu17WlZL8Ov97ssCGrn+ekF1
u2ubrceNFb8BFH8DHDLINR6t/mDqYX250MgOlh8J0r6NiZFfjyRp5DNH53K+4n3t
fCuu/SfMMicnA8eC4fnrRwr62My06He+ugHNNKrLpdX4oaeJ1THVQZV2cLWmIZ48
CMZUHTuDrY+6gwOQrD2wN/TPZS/6zHZqSGM7vi4LDNAyhgHd9l7ppp798TTsJMzx
dRDB1ZYj7obCK36RTZo9RmtPLBO5tNP21kp3kQ4Z+DXlqcYbyRfA8si8MP86LzX5
UMbAuOZtN7/1ckI5gMwq04C8T50CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQKBc0y
5d4E3z/nxIHwm4FF5p6FajAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZWE2NWJjYzQtOWZjZS00YjZmLWE0OTMtNGExN2VmMTMwNmNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8cQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAEQBDUdloHyJb4pe1uED42sVc1f/bzmbzpGeJd
IQwnv0gBKCdceT1A5vpwVc5UGm13Oz9OPpgvJqs3xPyoFphknkF7nAkNCNoRY3yD
4YegYIH16rNzCf5rX9RdJR3pdRRug8FFuQHdZ3tXMHFRwqBA25Jrbx3AGGpkZSjL
pdmUU5ZmO2esrdSeQOmBFLhjbYsrJ6L6dgEBnulKVVpTqryxQWYvYAkrON7b6RKA
5CmqTAnh+YqfLUgk4tehuaMt7WF55phliBhIUzDqVe7LHgPfV8mFJr8OOCtICFC/
75MC5+yRJMsKRK7EE0pjA2iW25k7sXCrZbvYbQO0S7tFXdsZ
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:46:28 2025 by rpki-client