Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/89c562b8-1ff3-47cb-a104-ad1da28b42d7.roa
File:                     89c562b8-1ff3-47cb-a104-ad1da28b42d7.roa (raw, json)
Hash identifier:          vIhFbqDkQPhc3DvA28NN2y0kv2QiY0gOT4XkAqfNob0=
Subject key identifier:   5D:69:88:96:89:91:B2:36:2D:99:85:82:EE:3B:F8:42:23:6C:D4:AA
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       0AEAC1423B222755CA47AE2693AF8DE540092234
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/89c562b8-1ff3-47cb-a104-ad1da28b42d7.roa
Signing time:             Tue 15 Jul 2025 00:21:21 +0000
ROA not before:           Tue 15 Jul 2025 00:21:21 +0000
ROA not after:            Tue 19 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:7880::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:ea:c1:42:3b:22:27:55:ca:47:ae:26:93:af:8d:e5:40:09:22:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Jul 15 00:21:21 2025 GMT
            Not After : Aug 19 23:59:59 2025 GMT
        Subject: serialNumber=08faef8879c60e2a5aaff85889fc61d911131646f867cf8021ef13dfcd9fe863, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:61:ed:88:31:af:6d:c7:a0:e9:61:ba:68:04:
                    d2:2d:c7:86:1c:01:c8:bd:36:e4:9d:f3:de:73:3f:
                    23:29:19:0e:5b:89:cf:d7:a9:d8:ce:71:2c:15:55:
                    ba:27:d2:45:93:71:fd:b9:7c:4d:14:53:4d:7a:56:
                    08:61:f4:18:80:cc:0d:31:33:07:0e:9b:b7:83:56:
                    28:96:29:35:fd:e5:c0:1d:b1:5a:58:a8:d8:ab:43:
                    ab:45:17:a2:93:6f:a0:fb:2a:72:61:c9:1a:83:5d:
                    78:3c:33:a7:dd:a0:2c:a7:77:17:0a:48:69:16:a4:
                    da:bb:d9:14:f6:7c:31:90:da:4f:f0:7b:48:5f:35:
                    25:34:df:ae:b6:3d:02:70:c2:44:89:5b:43:b2:fc:
                    cc:c6:fe:68:69:55:84:f1:39:54:6b:56:e0:c8:1d:
                    07:a9:bb:20:d3:f9:d9:9e:1b:36:1c:13:7c:c5:cc:
                    a7:47:3b:bf:3d:be:12:9b:e5:48:a1:d6:d4:b8:52:
                    ac:d3:ba:ce:40:de:30:a3:74:4f:56:f9:30:94:57:
                    54:52:ce:74:a9:90:9a:45:64:bf:eb:42:33:71:81:
                    61:85:58:a2:22:19:94:0d:f7:dd:d8:dc:75:1d:c8:
                    6e:1d:7c:89:87:a7:64:52:1a:8e:89:cb:9e:d0:3c:
                    1f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:69:88:96:89:91:B2:36:2D:99:85:82:EE:3B:F8:42:23:6C:D4:AA
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/89c562b8-1ff3-47cb-a104-ad1da28b42d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:7880::/46

    Signature Algorithm: sha256WithRSAEncryption
         62:e8:01:7c:b9:e0:e6:c3:bb:bf:cb:fa:4c:fb:78:d8:0f:1b:
         a1:cf:d9:51:ea:45:52:c7:1c:28:30:0c:fe:ca:39:f5:4b:b9:
         43:44:38:01:ac:ad:a8:0f:89:03:fc:af:37:ea:b2:09:7b:52:
         38:51:1f:75:71:b1:24:bc:c8:d0:e9:86:81:a4:75:6b:b2:60:
         b3:60:e8:77:51:78:03:46:ee:3a:74:e6:fd:81:b9:16:0e:67:
         96:3b:32:f9:cd:bc:7a:b9:1f:01:77:d8:2e:f1:3a:c0:66:bb:
         39:6e:bf:48:a1:7b:87:a9:4b:9c:69:83:b6:88:b9:9e:64:d1:
         d4:10:7e:c2:2c:36:93:84:d1:33:a4:bb:92:29:fb:c4:c6:a5:
         13:75:b4:88:1c:d4:3a:27:57:a5:c5:3a:c6:9c:13:0d:39:18:
         38:fe:d3:a3:e0:19:b4:d2:e6:cc:4a:06:22:cb:18:08:2e:39:
         89:de:6b:5d:63:51:ea:a8:4c:51:4d:b6:4d:ed:df:6a:5f:a6:
         68:f0:f1:7a:0b:ab:8b:cc:57:bc:c8:2b:2a:67:13:9e:4d:d7:
         55:1d:0d:1a:35:d7:89:47:40:ab:30:5b:68:cb:a4:28:10:c7:
         8e:2a:cd:9c:6e:ca:d0:cf:69:b9:ca:b7:23:f7:a1:6d:c4:41:
         fb:77:25:3a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCurBQjsiJ1XKR64mk6+N5UAJIjQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MTUwMDIxMjFaFw0yNTA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA4ZmFlZjg4NzljNjBlMmE1YWFmZjg1ODg5ZmM2MWQ5MTExMzE2NDZmODY3
Y2Y4MDIxZWYxM2RmY2Q5ZmU4NjMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN1h7Ygxr23HoOlhumgE0i3HhhwByL025J3z3nM/IykZDluJz9ep2M5xLBVV
uifSRZNx/bl8TRRTTXpWCGH0GIDMDTEzBw6bt4NWKJYpNf3lwB2xWlio2KtDq0UX
opNvoPsqcmHJGoNdeDwzp92gLKd3FwpIaRak2rvZFPZ8MZDaT/B7SF81JTTfrrY9
AnDCRIlbQ7L8zMb+aGlVhPE5VGtW4MgdB6m7INP52Z4bNhwTfMXMp0c7vz2+Epvl
SKHW1LhSrNO6zkDeMKN0T1b5MJRXVFLOdKmQmkVkv+tCM3GBYYVYoiIZlA333djc
dR3Ibh18iYenZFIajonLntA8H/0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRdaYiW
iZGyNi2ZhYLuO/hCI2zUqjAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ODljNTYyYjgtMWZmMy00N2NiLWExMDQtYWQxZGEyOGI0MmQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAiABP8d4
gDANBgkqhkiG9w0BAQsFAAOCAQEAYugBfLng5sO7v8v6TPt42A8boc/ZUepFUscc
KDAM/so59Uu5Q0Q4AaytqA+JA/yvN+qyCXtSOFEfdXGxJLzI0OmGgaR1a7Jgs2Do
d1F4A0buOnTm/YG5Fg5nljsy+c28erkfAXfYLvE6wGa7OW6/SKF7h6lLnGmDtoi5
nmTR1BB+wiw2k4TRM6S7kin7xMalE3W0iBzUOidXpcU6xpwTDTkYOP7To+AZtNLm
zEoGIssYCC45id5rXWNR6qhMUU22Te3fal+maPDxeguri8xXvMgrKmcTnk3XVR0N
GjXXiUdAqzBbaMukKBDHjirNnG7K0M9pucq3I/ehbcRB+3clOg==
-----END CERTIFICATE-----
Generated at Tue Jul 22 19:30:45 2025 by rpki-client