Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0921c3e8-5877-4b50-aeac-160b00663d91.roa
File:                     0921c3e8-5877-4b50-aeac-160b00663d91.roa (raw, json)
Hash identifier:          VOXXb1fsWBkbdb4q/MiMtg4sTFukfACP1yVUGKQ3NlQ=
Subject key identifier:   6F:1D:35:30:01:B5:39:0A:9D:BE:BE:4D:70:3D:3D:4E:6F:C8:14:E3
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       41B8696E98046348B064577942303C738AEC0A92
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0921c3e8-5877-4b50-aeac-160b00663d91.roa
Signing time:             Mon 14 Jul 2025 16:37:08 +0000
ROA not before:           Mon 14 Jul 2025 16:37:08 +0000
ROA not after:            Mon 18 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc5:9800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:b8:69:6e:98:04:63:48:b0:64:57:79:42:30:3c:73:8a:ec:0a:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Jul 14 16:37:08 2025 GMT
            Not After : Aug 18 23:59:59 2025 GMT
        Subject: serialNumber=ac596474ad2d8f0c46a0f03d30c046082049f2c55bebb0a8457dc7b8f9f5b5ec, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7f:c1:f4:5e:eb:6a:5e:f5:96:f2:dd:0c:5f:
                    b9:16:ea:5b:a0:ac:91:9e:7a:76:49:15:8e:b6:17:
                    36:2a:aa:f6:1e:35:d4:1b:8d:cc:bd:3e:50:75:00:
                    43:3d:9d:ba:72:05:e7:a7:5d:91:f4:fc:52:b1:9b:
                    21:11:b1:5e:c4:00:03:0e:e7:c9:80:1a:3c:7b:48:
                    25:77:1c:f3:64:51:99:e1:17:e9:fb:e1:ce:2c:cd:
                    16:50:80:84:29:69:5c:56:fd:cc:63:71:33:a7:bf:
                    b1:a7:fa:dd:18:d5:17:c3:ac:59:a7:0a:61:75:6b:
                    70:5b:cf:ee:33:e1:eb:35:45:11:c2:86:bd:b7:a4:
                    c4:87:e0:66:b2:6c:97:1f:9d:41:42:c7:62:7f:6f:
                    3b:57:43:5e:2f:f9:f9:e5:98:84:04:03:66:f0:fb:
                    da:5e:57:a6:03:e6:73:08:20:1c:86:e6:92:12:dc:
                    25:10:bf:05:c2:b0:5e:9f:c7:14:d9:2c:74:cb:b9:
                    71:64:54:dc:24:69:dc:23:4f:20:c2:60:e2:78:14:
                    5f:ea:f3:5a:17:d3:0f:ef:a6:de:10:66:d9:3c:56:
                    ef:61:b2:28:51:ad:a2:34:aa:db:4c:a6:e6:f3:90:
                    82:09:37:67:17:27:05:12:0b:45:66:1c:a3:de:dd:
                    32:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:1D:35:30:01:B5:39:0A:9D:BE:BE:4D:70:3D:3D:4E:6F:C8:14:E3
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0921c3e8-5877-4b50-aeac-160b00663d91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc5:9800::/40

    Signature Algorithm: sha256WithRSAEncryption
         2d:54:fb:79:71:36:86:e7:aa:22:25:00:f2:d5:7e:2b:53:9d:
         e1:a7:f3:cc:7b:1f:a4:59:04:c0:84:05:0b:96:e1:84:d9:bd:
         8b:f8:1a:42:24:f5:8d:73:62:ed:9f:55:16:29:c5:af:4f:15:
         4b:8d:00:79:89:0a:61:b3:1b:df:93:56:54:69:08:5f:d8:53:
         6e:15:63:46:68:34:15:19:ec:85:c2:ab:94:65:15:83:5b:b5:
         16:5b:fe:ec:47:8b:52:19:2a:65:7a:b7:b4:6e:95:08:83:7b:
         73:0e:24:7a:92:e8:10:c6:fb:28:e4:52:33:20:28:f5:0d:15:
         4f:9b:51:0c:b7:fd:49:ef:ea:6e:b8:fe:17:df:fb:cb:ec:da:
         5f:28:80:bc:5e:9c:c8:1b:3a:b8:98:36:57:39:bb:e8:cd:5d:
         8c:10:96:ac:35:dd:84:42:12:19:97:84:91:ab:96:e2:b3:0d:
         e8:0d:b3:3a:d6:01:62:57:fb:51:7b:1f:cd:d3:7d:50:8e:5e:
         f8:f1:5c:4b:c8:36:46:fe:66:a5:c9:86:f0:1d:b5:c1:17:28:
         24:33:1f:bf:8a:b8:5c:6d:43:e0:2d:61:33:c7:bf:7a:f8:7d:
         d0:2f:85:b3:87:23:16:f5:51:9e:c9:11:7f:37:eb:8f:13:df:
         c0:4c:d2:c4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQbhpbpgEY0iwZFd5QjA8c4rsCpIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MTQxNjM3MDhaFw0yNTA4MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQGFjNTk2NDc0YWQyZDhmMGM0NmEwZjAzZDMwYzA0NjA4MjA0OWYyYzU1YmVi
YjBhODQ1N2RjN2I4ZjlmNWI1ZWMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANZ/wfRe62pe9Zby3QxfuRbqW6CskZ56dkkVjrYXNiqq9h411BuNzL0+UHUA
Qz2dunIF56ddkfT8UrGbIRGxXsQAAw7nyYAaPHtIJXcc82RRmeEX6fvhzizNFlCA
hClpXFb9zGNxM6e/saf63RjVF8OsWacKYXVrcFvP7jPh6zVFEcKGvbekxIfgZrJs
lx+dQULHYn9vO1dDXi/5+eWYhAQDZvD72l5XpgPmcwggHIbmkhLcJRC/BcKwXp/H
FNksdMu5cWRU3CRp3CNPIMJg4ngUX+rzWhfTD++m3hBm2TxW72GyKFGtojSq20ym
5vOQggk3ZxcnBRILRWYco97dMtkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRvHTUw
AbU5Cp2+vk1wPT1Ob8gU4zAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MDkyMWMzZTgtNTg3Ny00YjUwLWFlYWMtMTYwYjAwNjYzZDkxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WY
MA0GCSqGSIb3DQEBCwUAA4IBAQAtVPt5cTaG56oiJQDy1X4rU53hp/PMex+kWQTA
hAULluGE2b2L+BpCJPWNc2Ltn1UWKcWvTxVLjQB5iQphsxvfk1ZUaQhf2FNuFWNG
aDQVGeyFwquUZRWDW7UWW/7sR4tSGSplere0bpUIg3tzDiR6kugQxvso5FIzICj1
DRVPm1EMt/1J7+puuP4X3/vL7NpfKIC8XpzIGzq4mDZXObvozV2MEJasNd2EQhIZ
l4SRq5bisw3oDbM61gFiV/tRex/N031Qjl748VxLyDZG/malyYbwHbXBFygkMx+/
irhcbUPgLWEzx796+H3QL4WzhyMW9VGeyRF/N+uPE9/ATNLE
-----END CERTIFICATE-----
Generated at Wed Jul 23 01:23:51 2025 by rpki-client