Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9623dcba-6a97-4717-ac77-dd16d3c33f78.roa
File:                     9623dcba-6a97-4717-ac77-dd16d3c33f78.roa (raw, json)
Hash identifier:          Qr+8gnPn5qhkjxM8ymrf/WwqLbWxTYy2PasUSOFvD8c=
Subject key identifier:   BF:D5:7C:EE:2B:26:3A:D1:2F:53:BE:2F:2A:45:57:8E:39:36:61:6D
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       694AB97EC1AA06437D17AF34EDB19303BD2FC3E4
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9623dcba-6a97-4717-ac77-dd16d3c33f78.roa
Signing time:             Tue 15 Jul 2025 00:30:36 +0000
ROA not before:           Tue 15 Jul 2025 00:30:36 +0000
ROA not after:            Tue 19 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc5::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:4a:b9:7e:c1:aa:06:43:7d:17:af:34:ed:b1:93:03:bd:2f:c3:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Jul 15 00:30:36 2025 GMT
            Not After : Aug 19 23:59:59 2025 GMT
        Subject: serialNumber=c34f45d67e64b9bed48df2b6828cbd19c03018464c51aa540b3af24248431072, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e5:c4:8a:d5:ca:bf:44:a2:3f:0f:85:ff:e7:
                    67:6d:f6:f6:fd:a7:18:d5:47:37:d3:bb:fe:b6:28:
                    94:de:9f:49:bc:92:aa:91:8d:50:2a:31:10:d8:ad:
                    06:ef:a5:ab:89:6d:87:66:ac:76:20:8f:c0:e1:b8:
                    40:28:dc:d4:53:fd:c2:0b:33:c4:c8:ad:a6:bf:5e:
                    cd:f9:04:a5:1e:97:7f:06:7b:e1:76:fb:94:f9:1f:
                    cb:87:4c:4e:24:3d:3e:90:7c:cc:6a:39:c7:b7:3e:
                    3a:b5:60:7c:05:3f:d9:17:9f:6d:bf:e3:10:95:38:
                    35:2b:4c:ba:ce:40:cf:1b:92:fb:ff:b6:8d:b1:10:
                    d9:e4:32:85:c6:0d:9a:d9:a1:9c:9c:71:cd:ad:6b:
                    75:29:60:f6:31:27:48:00:e0:62:b9:a7:7a:b6:5d:
                    0c:34:de:b6:16:e4:3e:61:79:2b:ac:97:ca:10:5f:
                    6e:af:58:8a:cb:e2:84:89:48:c0:1c:34:3d:e1:45:
                    d4:40:8f:9a:01:42:b8:10:ca:97:85:88:ed:fb:16:
                    db:54:7f:51:2c:00:65:0f:3c:88:ff:5e:fb:c6:7d:
                    7b:83:cd:64:9e:5a:e2:7e:f9:97:dc:91:5d:25:e1:
                    3c:dd:b4:74:32:8d:34:36:ac:e3:ec:32:5a:0a:1a:
                    de:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D5:7C:EE:2B:26:3A:D1:2F:53:BE:2F:2A:45:57:8E:39:36:61:6D
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9623dcba-6a97-4717-ac77-dd16d3c33f78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc5::/36

    Signature Algorithm: sha256WithRSAEncryption
         1d:d7:2d:0f:a5:2f:14:e5:c1:ed:32:fd:9a:95:80:74:7c:4d:
         91:60:6b:de:c2:b5:bf:51:b7:d2:70:26:0d:be:9a:7a:11:57:
         8b:15:ed:3c:d1:9e:12:d6:85:c6:bc:7f:7e:24:22:d9:cd:b7:
         57:27:ec:e0:97:0e:a3:79:8c:ed:02:b1:91:eb:3b:d1:7f:a7:
         2e:b2:ec:23:c0:5e:78:b1:0d:79:d0:e3:8c:f2:e4:02:2a:2c:
         ad:48:2b:32:d4:18:ae:c0:a7:23:76:82:0e:46:4f:5d:0e:35:
         64:88:ec:8c:73:4c:22:df:32:33:ac:39:6c:a5:4e:52:6c:14:
         bb:44:97:cb:53:d4:e0:4c:54:81:e2:a0:58:7a:f3:a3:c5:a6:
         de:fa:81:b5:2c:a8:f4:01:82:cc:ae:5e:ba:9c:ce:e4:6f:2e:
         51:b2:8e:a2:af:6a:9b:c5:d2:1a:ca:b6:4c:ff:11:77:ee:ac:
         4f:41:9d:bd:1a:76:10:1f:d6:e6:8d:0a:7a:56:2f:21:31:52:
         b9:bd:bd:73:ed:0e:9a:0a:9b:e3:4a:34:9f:e8:e1:2a:3c:fa:
         d5:ae:35:83:5f:4c:dd:9d:53:01:dc:31:07:cd:04:c1:a1:f9:
         85:34:8d:05:92:a8:4b:f7:37:e3:97:22:57:84:f6:01:6a:44:
         fa:41:0f:61
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUaUq5fsGqBkN9F6807bGTA70vw+QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MTUwMDMwMzZaFw0yNTA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQGMzNGY0NWQ2N2U2NGI5YmVkNDhkZjJiNjgyOGNiZDE5YzAzMDE4NDY0YzUx
YWE1NDBiM2FmMjQyNDg0MzEwNzIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANHlxIrVyr9Eoj8Phf/nZ2329v2nGNVHN9O7/rYolN6fSbySqpGNUCoxENit
Bu+lq4lth2asdiCPwOG4QCjc1FP9wgszxMitpr9ezfkEpR6XfwZ74Xb7lPkfy4dM
TiQ9PpB8zGo5x7c+OrVgfAU/2Refbb/jEJU4NStMus5AzxuS+/+2jbEQ2eQyhcYN
mtmhnJxxza1rdSlg9jEnSADgYrmnerZdDDTethbkPmF5K6yXyhBfbq9YisvihIlI
wBw0PeFF1ECPmgFCuBDKl4WI7fsW21R/USwAZQ88iP9e+8Z9e4PNZJ5a4n75l9yR
XSXhPN20dDKNNDas4+wyWgoa3j8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS/1Xzu
KyY60S9Tvi8qRVeOOTZhbTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
OTYyM2RjYmEtNmE5Ny00NzE3LWFjNzctZGQxNmQzYzMzZjc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8UA
MA0GCSqGSIb3DQEBCwUAA4IBAQAd1y0PpS8U5cHtMv2alYB0fE2RYGvewrW/UbfS
cCYNvpp6EVeLFe080Z4S1oXGvH9+JCLZzbdXJ+zglw6jeYztArGR6zvRf6cusuwj
wF54sQ150OOM8uQCKiytSCsy1BiuwKcjdoIORk9dDjVkiOyMc0wi3zIzrDlspU5S
bBS7RJfLU9TgTFSB4qBYevOjxabe+oG1LKj0AYLMrl66nM7kby5Rso6ir2qbxdIa
yrZM/xF37qxPQZ29GnYQH9bmjQp6Vi8hMVK5vb1z7Q6aCpvjSjSf6OEqPPrVrjWD
X0zdnVMB3DEHzQTBofmFNI0FkqhL9zfjlyJXhPYBakT6QQ9h
-----END CERTIFICATE-----
Generated at Wed Jul 23 01:23:08 2025 by rpki-client