Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/eff6a3a5-b241-438e-ac29-04afb84fc11c.roa
File:                     eff6a3a5-b241-438e-ac29-04afb84fc11c.roa (raw, json)
Hash identifier:          pfZCeOx3b/NVcuVKS5jH9qA0ASbFJEdWDYzmgm72TMA=
Subject key identifier:   6C:CA:E9:10:17:16:9C:FE:BF:29:14:38:BD:17:38:50:F0:BC:06:B7
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       5397C68B0B9CFA69C4302970F202E6896088657E
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/eff6a3a5-b241-438e-ac29-04afb84fc11c.roa
Signing time:             Sat 27 Sep 2025 00:53:07 +0000
ROA not before:           Sat 27 Sep 2025 00:53:07 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2001:3fc5:9800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:97:c6:8b:0b:9c:fa:69:c4:30:29:70:f2:02:e6:89:60:88:65:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Sep 27 00:53:07 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=d15246085a9e6081e72781f46557ec0959c86e632d6f186d4831b93a7a8eb514, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a4:42:b5:08:e8:23:58:e6:6b:20:86:f9:d9:
                    b8:3e:31:8b:77:5f:18:4c:06:68:c5:31:ab:d2:97:
                    ef:5b:71:5b:ed:29:bd:be:cb:df:f5:09:15:6e:2d:
                    c8:1c:40:d3:b0:66:16:d0:6b:1b:ff:04:9c:36:09:
                    c5:9f:85:c8:f9:78:f2:89:e3:12:8e:6b:27:0c:b5:
                    dc:67:ee:a9:07:6a:9a:af:ff:76:91:ef:11:e3:41:
                    88:e9:57:24:0d:82:e2:b0:c9:b5:a4:2d:f2:bf:09:
                    41:36:ef:32:c9:37:c5:79:48:0d:f2:e6:f1:f5:c4:
                    77:db:fb:73:52:88:9a:fe:ea:30:23:90:0b:fb:40:
                    46:a8:af:29:d5:d9:6b:a7:10:9c:38:23:aa:d2:f1:
                    b3:ca:4c:43:4e:23:97:53:bf:74:c4:7e:fd:48:12:
                    e8:41:9f:f3:04:0d:02:c5:86:ac:22:a9:2a:a0:29:
                    1c:76:62:1b:d1:7c:1f:31:fe:98:23:ad:f7:55:32:
                    fc:ae:74:30:8a:e5:d2:73:d0:51:1a:fc:b6:27:d4:
                    c0:d6:73:fe:c0:2f:14:8c:a7:c7:b6:b9:61:03:c4:
                    ac:6a:63:98:c1:af:9f:c4:c4:7b:45:a9:6a:1b:9e:
                    d1:84:01:d8:ed:45:3e:2e:83:0b:d6:0d:3c:29:22:
                    2d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:CA:E9:10:17:16:9C:FE:BF:29:14:38:BD:17:38:50:F0:BC:06:B7
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/eff6a3a5-b241-438e-ac29-04afb84fc11c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc5:9800::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:df:c4:e3:2d:02:f4:e1:66:5e:aa:6f:2e:9f:1f:76:bf:da:
         59:ed:15:1e:1a:56:f9:04:3a:10:6e:be:3c:a4:09:1a:04:a5:
         86:d7:57:73:c3:f5:02:f1:87:d5:ac:9a:51:dd:68:f9:80:47:
         f3:8f:66:05:28:be:d2:db:70:1c:78:67:f0:84:c5:16:f6:82:
         3d:1b:04:a0:25:2b:d5:a9:ef:5b:a3:c5:b4:cf:05:fd:fc:4e:
         7b:92:f7:4f:bc:af:cf:94:6c:78:31:d1:a1:c0:b7:88:2c:f4:
         ec:11:b1:c9:de:5c:3d:8f:1c:98:84:81:1c:1d:72:a0:91:d3:
         6c:c1:29:ae:aa:b7:ad:f5:65:c3:91:4e:8f:7e:2d:a5:a7:d4:
         30:e0:ab:b2:78:4b:f1:a7:a6:0f:40:57:7b:f9:d2:7e:dc:3b:
         37:d7:58:a7:79:59:b8:62:40:2d:51:76:87:90:d5:95:0c:72:
         02:31:3d:b1:95:b6:f4:30:d1:6b:e5:17:84:48:ac:e7:41:cd:
         3f:7c:0c:38:76:fd:e6:bb:c1:83:b1:74:78:ad:03:53:c9:dd:
         c5:38:88:32:28:84:cb:32:c8:0d:e2:4e:f1:85:60:de:6d:8f:
         8d:20:e8:d7:4d:d0:62:4e:43:d2:3a:55:2b:b3:1f:be:63:41:
         b4:5d:7a:06
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUU5fGiwuc+mnEMClw8gLmiWCIZX4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjcwMDUzMDdaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxNTI0NjA4NWE5ZTYwODFlNzI3ODFmNDY1NTdlYzA5NTljODZlNjMyZDZm
MTg2ZDQ4MzFiOTNhN2E4ZWI1MTQxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmkQrUI6CNY5msghvnZuD4xi3dfGEwGaMUxq9KX71txW+0pvb7L3/UJFW4t
yBxA07BmFtBrG/8EnDYJxZ+FyPl48onjEo5rJwy13GfuqQdqmq//dpHvEeNBiOlX
JA2C4rDJtaQt8r8JQTbvMsk3xXlIDfLm8fXEd9v7c1KImv7qMCOQC/tARqivKdXZ
a6cQnDgjqtLxs8pMQ04jl1O/dMR+/UgS6EGf8wQNAsWGrCKpKqApHHZiG9F8HzH+
mCOt91Uy/K50MIrl0nPQURr8tifUwNZz/sAvFIynx7a5YQPErGpjmMGvn8TEe0Wp
ahue0YQB2O1FPi6DC9YNPCkiLS8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRsyukQ
Fxac/r8pFDi9FzhQ8LwGtzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZWZmNmEzYTUtYjI0MS00MzhlLWFjMjktMDRhZmI4NGZjMTFjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WY
MA0GCSqGSIb3DQEBCwUAA4IBAQAq38TjLQL04WZeqm8unx92v9pZ7RUeGlb5BDoQ
br48pAkaBKWG11dzw/UC8YfVrJpR3Wj5gEfzj2YFKL7S23AceGfwhMUW9oI9GwSg
JSvVqe9bo8W0zwX9/E57kvdPvK/PlGx4MdGhwLeILPTsEbHJ3lw9jxyYhIEcHXKg
kdNswSmuqret9WXDkU6Pfi2lp9Qw4KuyeEvxp6YPQFd7+dJ+3Ds311ineVm4YkAt
UXaHkNWVDHICMT2xlbb0MNFr5ReESKznQc0/fAw4dv3mu8GDsXR4rQNTyd3FOIgy
KITLMsgN4k7xhWDebY+NIOjXTdBiTkPSOlUrsx++Y0G0XXoG
-----END CERTIFICATE-----
Generated at Sun Oct 19 19:57:47 2025 by rpki-client