Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa
File:                     ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa (raw, json)
Hash identifier:          dLiHuxfvBoUXrXKKiSsspzG0xUkHgTFD47wSD9yYs0w=
Subject key identifier:   3B:AB:A0:BF:87:F8:0C:4B:8A:DF:D5:5E:DF:64:42:4D:31:E4:9B:FD
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       1E8A3F991E06557CA9F7F870447A4003812EB157
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa
Signing time:             Tue 15 Jul 2025 00:20:16 +0000
ROA not before:           Tue 15 Jul 2025 00:20:16 +0000
ROA not after:            Tue 19 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:8a:3f:99:1e:06:55:7c:a9:f7:f8:70:44:7a:40:03:81:2e:b1:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Jul 15 00:20:16 2025 GMT
            Not After : Aug 19 23:59:59 2025 GMT
        Subject: serialNumber=3d5f4460850436cc460373120b1620da2574e0e58e76eb4109f85db87be52e7f, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c4:b7:54:6a:74:1a:c9:e4:c4:1b:23:cb:00:
                    46:fa:fc:13:02:4c:ac:d3:f6:54:43:11:d8:aa:68:
                    bb:d1:8f:a7:94:c2:c3:f1:6c:8c:e8:42:db:f0:e6:
                    98:0b:38:c7:d3:1f:ca:bc:4f:c5:70:e1:f8:6c:73:
                    75:68:17:e3:c2:09:70:c9:66:24:d4:b5:0a:43:5b:
                    05:88:ee:a5:bd:ea:ac:c2:7b:ab:8e:e1:69:4a:01:
                    90:df:3f:a6:e8:25:82:7a:76:ca:62:94:ea:bc:ff:
                    38:70:84:6c:c7:a7:cd:9b:f3:68:4f:1a:8d:bf:e6:
                    75:ee:9e:58:da:3e:34:b6:0a:f6:25:0b:1b:c9:e1:
                    89:0c:9b:b7:1a:cc:79:e1:a5:54:de:5e:23:bd:16:
                    2a:80:95:d0:20:48:f0:bc:e4:df:3c:0d:c5:1d:53:
                    70:49:ac:60:62:8d:9e:df:d9:da:b9:d1:b3:e5:5f:
                    29:e3:f3:e5:7b:3a:86:72:61:63:1b:e0:03:42:25:
                    c4:d7:40:45:6a:24:e0:f7:17:88:ed:2e:63:ce:90:
                    57:7a:ba:7a:06:ea:0a:4e:47:9e:fb:18:ef:ed:12:
                    79:63:ed:48:22:7f:bd:21:5c:00:df:2b:2a:11:86:
                    0c:9f:6c:31:55:9f:cf:0f:dd:f8:6e:6a:91:e1:d5:
                    07:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:AB:A0:BF:87:F8:0C:4B:8A:DF:D5:5E:DF:64:42:4D:31:E4:9B:FD
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         5b:8a:36:df:b0:af:5a:2b:81:2f:39:d3:98:07:f7:97:17:42:
         91:e4:73:cf:75:fb:41:1a:c7:0e:04:ed:99:75:dc:b3:43:6c:
         b4:e0:cf:ce:90:c8:cf:12:e3:23:81:1a:07:00:7b:1c:99:58:
         56:16:13:9b:b6:3d:78:5f:b6:ed:45:fe:99:7d:9b:ea:ea:d8:
         e5:82:97:8a:94:18:0b:3f:45:f6:b6:ad:1a:7e:a0:d8:76:c6:
         af:5c:0d:d2:4e:f4:ed:a5:9a:4c:93:43:61:63:6e:67:5d:20:
         ea:70:c2:2b:17:f1:6b:b1:5e:f2:dd:11:aa:2e:79:ee:9a:17:
         5c:d1:f7:89:00:41:4c:77:7c:8c:b3:da:f3:c4:0d:ea:07:70:
         e4:3b:ff:3e:30:04:0a:7a:57:a2:84:79:97:cc:5b:e3:b9:57:
         58:bf:4a:d4:d0:18:9f:67:cf:86:5e:d0:5b:6b:e0:5e:c9:c6:
         b1:f6:1b:f0:35:11:b5:b2:97:95:9e:c1:82:41:96:e3:34:22:
         07:28:fb:ec:64:6d:95:76:0c:5a:76:56:ea:14:5f:2c:9c:1d:
         db:92:94:f2:4f:2b:84:4b:6d:96:5f:b1:13:4e:31:2e:4a:b0:
         47:1a:f8:c0:c9:a1:16:b4:c4:69:8d:de:4d:81:95:80:1e:84:
         ca:7b:b1:a7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHoo/mR4GVXyp9/hwRHpAA4EusVcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MTUwMDIwMTZaFw0yNTA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQDNkNWY0NDYwODUwNDM2Y2M0NjAzNzMxMjBiMTYyMGRhMjU3NGUwZTU4ZTc2
ZWI0MTA5Zjg1ZGI4N2JlNTJlN2YxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL3Et1RqdBrJ5MQbI8sARvr8EwJMrNP2VEMR2Kpou9GPp5TCw/FsjOhC2/Dm
mAs4x9MfyrxPxXDh+GxzdWgX48IJcMlmJNS1CkNbBYjupb3qrMJ7q47haUoBkN8/
puglgnp2ymKU6rz/OHCEbMenzZvzaE8ajb/mde6eWNo+NLYK9iULG8nhiQybtxrM
eeGlVN5eI70WKoCV0CBI8Lzk3zwNxR1TcEmsYGKNnt/Z2rnRs+VfKePz5Xs6hnJh
YxvgA0IlxNdARWok4PcXiO0uY86QV3q6egbqCk5HnvsY7+0SeWPtSCJ/vSFcAN8r
KhGGDJ9sMVWfzw/d+G5qkeHVB00CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ7q6C/
h/gMS4rf1V7fZEJNMeSb/TAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZWE2NWJjYzQtOWZjZS00YjZmLWE0OTMtNGExN2VmMTMwNmNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8cQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBbijbfsK9aK4EvOdOYB/eXF0KR5HPPdftBGscO
BO2ZddyzQ2y04M/OkMjPEuMjgRoHAHscmVhWFhObtj14X7btRf6ZfZvq6tjlgpeK
lBgLP0X2tq0afqDYdsavXA3STvTtpZpMk0NhY25nXSDqcMIrF/FrsV7y3RGqLnnu
mhdc0feJAEFMd3yMs9rzxA3qB3DkO/8+MAQKeleihHmXzFvjuVdYv0rU0BifZ8+G
XtBba+Beycax9hvwNRG1speVnsGCQZbjNCIHKPvsZG2VdgxadlbqFF8snB3bkpTy
TyuES22WX7ETTjEuSrBHGvjAyaEWtMRpjd5NgZWAHoTKe7Gn
-----END CERTIFICATE-----
Generated at Tue Jul 22 19:30:48 2025 by rpki-client