Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1e498054-99a2-4f2b-82cb-7448499c313c.roa
File:                     1e498054-99a2-4f2b-82cb-7448499c313c.roa (raw, json)
Hash identifier:          UE7BWdcx2QorJftAe/RVLU7WQ6zrAV002fkABK0U5Nw=
Subject key identifier:   46:F7:B1:D3:92:9C:90:D8:6B:DE:28:E2:4C:AC:F7:C1:D0:5E:5D:4A
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       0D20966B4BAD1D8A1729F0357E380B0D13DC76F6
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1e498054-99a2-4f2b-82cb-7448499c313c.roa
Signing time:             Tue 15 Jul 2025 00:30:33 +0000
ROA not before:           Tue 15 Jul 2025 00:30:33 +0000
ROA not after:            Tue 19 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:20:96:6b:4b:ad:1d:8a:17:29:f0:35:7e:38:0b:0d:13:dc:76:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Jul 15 00:30:33 2025 GMT
            Not After : Aug 19 23:59:59 2025 GMT
        Subject: serialNumber=fb671f28d0552f91ed23aa20fce97f5f6d4d19ca5577657d613dde98f0102387, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a2:53:1b:d1:d4:ea:73:6d:50:f9:2c:d7:29:
                    8f:c3:23:2f:20:5e:b7:e0:43:03:f8:70:b3:ac:e7:
                    73:fc:f9:7f:98:d3:dd:cc:23:d1:e9:96:99:67:3d:
                    08:ef:cb:fb:cc:4f:29:ef:a2:8c:3d:e4:60:0e:ae:
                    ad:3f:02:f9:45:de:e9:4a:ad:9e:d2:7a:4a:3f:f5:
                    1c:0b:53:2d:9d:d2:92:01:1f:a9:bd:eb:e7:df:77:
                    fb:5a:87:a7:1e:c2:bd:0b:20:46:14:92:29:8a:e1:
                    d2:3e:5a:c9:ae:ba:fd:10:58:ed:0c:49:72:4c:9c:
                    6e:48:48:66:c0:fb:aa:52:57:56:d3:ba:0e:de:0a:
                    e3:14:2e:3a:2a:73:61:d3:e8:81:41:ac:18:45:3a:
                    4a:54:17:74:4c:5d:20:59:56:5e:1d:02:43:d7:c5:
                    ee:fb:0c:ed:22:a8:39:67:e1:44:63:80:05:f0:ba:
                    18:f2:a5:ff:0e:0c:c7:be:bf:46:fe:04:b5:87:4d:
                    e4:66:62:9b:72:fa:86:14:87:a0:87:d9:44:fe:10:
                    be:bf:5a:c3:70:70:fb:4a:18:ef:3e:d3:f6:80:48:
                    63:50:c5:93:dc:59:09:35:e2:30:31:73:d6:b8:b5:
                    9a:4d:6a:0b:72:39:33:fc:59:59:de:61:d5:a5:8e:
                    20:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F7:B1:D3:92:9C:90:D8:6B:DE:28:E2:4C:AC:F7:C1:D0:5E:5D:4A
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1e498054-99a2-4f2b-82cb-7448499c313c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:e5:79:21:60:c7:95:1d:18:db:2f:fd:c4:e9:b5:cb:59:de:
         ef:28:f6:4d:be:13:d1:ec:18:bf:e3:3b:46:a7:8e:1d:3d:4e:
         f0:b9:2a:6c:1d:96:95:12:ef:1c:84:52:88:ca:7e:84:5f:c1:
         b5:bc:fc:dd:7d:c1:15:5c:f6:7e:cd:df:bd:e5:cf:02:9d:e4:
         f0:71:87:11:6c:a1:d4:6b:13:95:57:eb:a5:47:95:b2:7c:9f:
         25:12:d1:e3:d3:bb:a0:74:d7:45:e3:f3:52:eb:52:81:d8:9e:
         cd:fa:e0:b1:6e:d0:aa:9b:4f:7c:a0:bb:1c:30:4e:cd:1e:48:
         67:6b:df:68:0e:a8:72:7a:1f:2e:f1:de:56:44:29:50:03:2a:
         63:06:89:1f:cb:5a:2e:56:c3:ae:8d:24:54:33:64:d7:37:b3:
         8a:0d:f9:07:36:e8:26:2b:8c:94:0c:ff:a4:db:8e:12:fd:83:
         f5:87:6f:3d:d3:c1:c4:57:01:dc:d0:77:96:e9:d2:69:ca:b5:
         0d:a9:ad:fe:b4:08:a6:25:88:a4:86:84:06:39:37:93:9a:94:
         67:d8:95:ee:3f:dc:dd:72:47:c5:b8:5a:93:9e:e1:bf:6a:aa:
         bd:f2:c8:22:42:48:bf:ed:c2:87:62:92:b4:53:a8:0a:e2:3b:
         f4:a6:16:97
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUDSCWa0utHYoXKfA1fjgLDRPcdvYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MTUwMDMwMzNaFw0yNTA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQGZiNjcxZjI4ZDA1NTJmOTFlZDIzYWEyMGZjZTk3ZjVmNmQ0ZDE5Y2E1NTc3
NjU3ZDYxM2RkZTk4ZjAxMDIzODcxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK2iUxvR1OpzbVD5LNcpj8MjLyBet+BDA/hws6znc/z5f5jT3cwj0emWmWc9
CO/L+8xPKe+ijD3kYA6urT8C+UXe6UqtntJ6Sj/1HAtTLZ3SkgEfqb3r5993+1qH
px7CvQsgRhSSKYrh0j5aya66/RBY7QxJckycbkhIZsD7qlJXVtO6Dt4K4xQuOipz
YdPogUGsGEU6SlQXdExdIFlWXh0CQ9fF7vsM7SKoOWfhRGOABfC6GPKl/w4Mx76/
Rv4EtYdN5GZim3L6hhSHoIfZRP4Qvr9aw3Bw+0oY7z7T9oBIY1DFk9xZCTXiMDFz
1ri1mk1qC3I5M/xZWd5h1aWOICkCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBRG97HT
kpyQ2GveKOJMrPfB0F5dSjAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MWU0OTgwNTQtOTlhMi00ZjJiLTgyY2ItNzQ0ODQ5OWMzMTNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyABP8Aw
DQYJKoZIhvcNAQELBQADggEBABnleSFgx5UdGNsv/cTptctZ3u8o9k2+E9HsGL/j
O0anjh09TvC5KmwdlpUS7xyEUojKfoRfwbW8/N19wRVc9n7N373lzwKd5PBxhxFs
odRrE5VX66VHlbJ8nyUS0ePTu6B010Xj81LrUoHYns364LFu0KqbT3yguxwwTs0e
SGdr32gOqHJ6Hy7x3lZEKVADKmMGiR/LWi5Ww66NJFQzZNc3s4oN+Qc26CYrjJQM
/6TbjhL9g/WHbz3TwcRXAdzQd5bp0mnKtQ2prf60CKYliKSGhAY5N5OalGfYle4/
3N1yR8W4WpOe4b9qqr3yyCJCSL/twodikrRTqAriO/SmFpc=
-----END CERTIFICATE-----
Generated at Wed Jul 23 01:23:05 2025 by rpki-client