Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0869fd21-e07d-44bc-b068-73be998c5028.roa
File:                     0869fd21-e07d-44bc-b068-73be998c5028.roa (raw, json)
Hash identifier:          TMky9LBlx+thK+1nMbMTBTl/oZTYOWKtZi6Mpob4lA4=
Subject key identifier:   6C:F7:E1:B2:2E:28:D8:A1:8C:ED:48:B8:26:1B:0B:FB:03:05:35:A2
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       22FA4F1F65D6854E94AE11F7403891052B0B5596
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0869fd21-e07d-44bc-b068-73be998c5028.roa
Signing time:             Tue 15 Jul 2025 00:21:10 +0000
ROA not before:           Tue 15 Jul 2025 00:21:10 +0000
ROA not after:            Tue 19 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:f800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:fa:4f:1f:65:d6:85:4e:94:ae:11:f7:40:38:91:05:2b:0b:55:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Jul 15 00:21:10 2025 GMT
            Not After : Aug 19 23:59:59 2025 GMT
        Subject: serialNumber=257fe0c606bbf66ef2795a16236dcf7d4d951c74e20ed5899ecb9fe1c256279d, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a8:b7:df:51:ce:d6:46:2f:67:d1:eb:b1:45:
                    1e:bd:e3:8e:91:2e:cc:b1:56:27:9e:f4:80:c1:46:
                    b1:58:02:ec:b7:f3:88:48:03:5b:20:b1:52:da:03:
                    20:11:dc:2c:e1:02:e6:87:de:1a:72:b1:8c:79:bb:
                    d5:da:54:80:9f:86:db:d4:65:7b:8a:46:6d:c8:b4:
                    92:ee:8a:35:a1:49:a4:f9:58:d4:ac:6a:b5:32:fb:
                    fb:88:5c:12:a0:a0:7e:d4:c8:5e:f3:e1:46:d4:4b:
                    19:9f:89:6b:7d:1c:0e:70:6f:6c:f4:df:e2:53:54:
                    57:82:1e:b2:c1:1a:b5:af:e5:f2:0d:28:c2:d9:98:
                    e8:88:dd:f6:24:76:8f:f1:37:8a:a1:eb:c2:bd:16:
                    e9:f9:65:2d:5e:a6:d2:d7:6d:5d:d8:59:c4:c0:35:
                    67:99:0c:e1:60:dd:09:46:ed:0a:29:dc:06:a0:da:
                    04:07:e2:3a:2c:90:78:77:ef:80:98:a6:79:ce:3c:
                    62:8a:7a:f8:53:73:c9:c0:67:8d:5e:28:65:2c:08:
                    33:9f:c5:99:06:92:23:9c:97:c4:58:aa:8c:ef:e6:
                    c7:69:8e:29:2e:56:ed:51:e4:41:f2:fd:c2:e5:6f:
                    ed:aa:c7:8c:f1:cb:9d:04:a7:61:b7:8d:a9:f8:b8:
                    5a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:F7:E1:B2:2E:28:D8:A1:8C:ED:48:B8:26:1B:0B:FB:03:05:35:A2
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0869fd21-e07d-44bc-b068-73be998c5028.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:f800::/40

    Signature Algorithm: sha256WithRSAEncryption
         02:8a:2d:9d:55:05:9b:be:63:3d:27:68:8c:6e:e6:f9:f1:c8:
         2b:d6:c9:07:69:59:f2:0a:12:6a:e6:9f:e8:2b:f5:8c:81:d1:
         e9:e6:7a:7b:61:be:6c:c1:e1:19:4e:a8:c7:f9:76:2f:53:90:
         85:3a:47:bb:12:02:a9:d8:e7:e2:26:65:93:4f:43:50:a5:3d:
         03:a2:4b:f7:c4:d4:1f:01:34:30:5b:df:cb:72:21:da:42:b4:
         c4:aa:c0:9c:79:b4:15:7a:a3:98:94:b0:8b:2c:2d:38:a4:67:
         a0:40:51:6c:74:4a:ba:ce:16:a1:a0:d1:d7:ae:a5:1b:03:94:
         ab:25:f9:71:cb:33:2f:a6:4a:e4:38:bf:7c:13:0c:7f:de:15:
         65:59:c8:30:60:27:cf:fb:58:b5:7c:e7:eb:56:9c:37:c9:c3:
         8d:37:cb:17:aa:6a:9c:18:89:36:77:d1:1d:13:51:3a:4a:19:
         37:b2:14:33:18:16:58:08:14:73:44:d7:a6:d8:45:e3:9f:f9:
         a5:6c:fd:9f:e9:a4:86:a8:f7:6f:ed:cb:03:23:3b:0f:e4:44:
         28:ce:fa:89:cc:36:1e:e5:63:be:13:ec:44:00:64:77:4b:e8:
         2f:21:9b:50:10:45:4e:22:be:84:02:5b:6f:06:b5:1b:4d:b5:
         ab:31:0b:2e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIvpPH2XWhU6UrhH3QDiRBSsLVZYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MTUwMDIxMTBaFw0yNTA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQDI1N2ZlMGM2MDZiYmY2NmVmMjc5NWExNjIzNmRjZjdkNGQ5NTFjNzRlMjBl
ZDU4OTllY2I5ZmUxYzI1NjI3OWQxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALyot99RztZGL2fR67FFHr3jjpEuzLFWJ570gMFGsVgC7LfziEgDWyCxUtoD
IBHcLOEC5ofeGnKxjHm71dpUgJ+G29Rle4pGbci0ku6KNaFJpPlY1KxqtTL7+4hc
EqCgftTIXvPhRtRLGZ+Ja30cDnBvbPTf4lNUV4IessEata/l8g0owtmY6Ijd9iR2
j/E3iqHrwr0W6fllLV6m0tdtXdhZxMA1Z5kM4WDdCUbtCincBqDaBAfiOiyQeHfv
gJimec48Yop6+FNzycBnjV4oZSwIM5/FmQaSI5yXxFiqjO/mx2mOKS5W7VHkQfL9
wuVv7arHjPHLnQSnYbeNqfi4WgkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRs9+Gy
LijYoYztSLgmGwv7AwU1ojAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MDg2OWZkMjEtZTA3ZC00NGJjLWIwNjgtNzNiZTk5OGM1MDI4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8f4
MA0GCSqGSIb3DQEBCwUAA4IBAQACii2dVQWbvmM9J2iMbub58cgr1skHaVnyChJq
5p/oK/WMgdHp5np7Yb5sweEZTqjH+XYvU5CFOke7EgKp2OfiJmWTT0NQpT0Dokv3
xNQfATQwW9/LciHaQrTEqsCcebQVeqOYlLCLLC04pGegQFFsdEq6zhahoNHXrqUb
A5SrJflxyzMvpkrkOL98Ewx/3hVlWcgwYCfP+1i1fOfrVpw3ycONN8sXqmqcGIk2
d9EdE1E6Shk3shQzGBZYCBRzRNem2EXjn/mlbP2f6aSGqPdv7csDIzsP5EQozvqJ
zDYe5WO+E+xEAGR3S+gvIZtQEEVOIr6EAltvBrUbTbWrMQsu
-----END CERTIFICATE-----
Generated at Wed Jul 23 01:23:00 2025 by rpki-client