Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/34fb5c7e-e397-4649-893b-332ddda14bd0.roa
File:                     34fb5c7e-e397-4649-893b-332ddda14bd0.roa (raw, json)
Hash identifier:          v0/bHLYETCrgBRPBqnZwEVWh8aa6fxruTpyWhhdKLEM=
Subject key identifier:   4E:27:C2:AC:0D:00:E5:38:2B:65:22:22:BD:E5:DC:0D:12:F4:EA:5F
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       15487088DABCABBAFC956AC505828393CAE14E70
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/34fb5c7e-e397-4649-893b-332ddda14bd0.roa
Signing time:             Fri 01 Aug 2025 17:20:02 +0000
ROA not before:           Fri 01 Aug 2025 17:20:02 +0000
ROA not after:            Fri 05 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc6:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:48:70:88:da:bc:ab:ba:fc:95:6a:c5:05:82:83:93:ca:e1:4e:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Aug  1 17:20:02 2025 GMT
            Not After : Sep  5 23:59:59 2025 GMT
        Subject: serialNumber=833e4f265b6b8060d0c584a01f3a1e83e7001c8fda78494e99e755e1859b4062, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:59:85:b2:10:d7:bb:97:cb:30:e4:80:08:10:
                    35:8b:aa:6e:f7:b7:c4:20:fe:7c:3c:27:06:45:30:
                    c9:2e:0f:d6:8a:6b:4b:c7:88:5b:8a:23:43:53:61:
                    da:fe:5e:3c:87:da:7e:eb:a1:c5:27:18:af:59:59:
                    4e:54:4e:cf:bd:6f:d2:b1:bd:e3:9e:2e:7c:42:12:
                    a2:16:a6:94:a8:cf:a2:42:5c:51:52:5e:b3:d3:20:
                    c5:3d:38:22:9c:9e:48:5e:4a:be:47:2a:3e:47:e7:
                    e2:a0:56:b9:e6:dc:10:48:69:5b:da:c5:34:a9:59:
                    38:4b:90:9c:7e:bd:ce:e2:98:bf:44:a7:ec:77:f5:
                    e5:db:63:b6:38:bf:cb:06:ef:de:a5:87:8a:4e:4f:
                    fc:dc:db:d1:08:70:b8:7b:84:14:cb:77:ba:2a:72:
                    f7:fa:e0:c2:50:03:95:eb:68:86:ed:d8:1d:49:82:
                    22:85:40:9f:db:37:3d:94:cd:8a:76:b6:3e:12:bc:
                    72:15:fd:46:db:b0:ae:1a:64:c8:87:6a:72:80:37:
                    9f:75:bd:3e:b8:b5:5e:2b:9c:e4:ae:08:35:af:05:
                    9b:4d:fe:ec:25:6e:f8:c3:43:7c:77:24:0d:37:ed:
                    63:27:6e:37:83:f8:34:e6:3e:73:5c:23:46:a0:39:
                    9c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:27:C2:AC:0D:00:E5:38:2B:65:22:22:BD:E5:DC:0D:12:F4:EA:5F
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/34fb5c7e-e397-4649-893b-332ddda14bd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc6:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:53:2c:5d:07:cb:7e:7f:5c:2d:39:53:fe:5d:49:a4:e2:51:
         cd:15:98:6e:f4:5b:41:04:f6:fa:67:45:8d:03:13:c5:8c:38:
         09:38:f8:be:30:f1:e8:b6:eb:fb:65:bb:a5:35:83:d0:4d:77:
         87:1e:e8:da:d7:00:03:98:ce:0e:41:35:ec:8e:1f:56:29:47:
         f0:5d:2d:e7:db:db:9a:38:27:ce:cf:2d:a2:15:3f:b7:f4:e8:
         f5:34:a9:9b:b0:d3:54:50:c1:51:a9:ec:48:1c:7e:f8:d1:ff:
         f1:2b:ea:b4:cd:1b:b7:02:fd:ac:fe:b1:eb:40:0f:5a:0b:5f:
         16:1e:9b:a4:9d:cf:8f:7d:fb:bb:cf:3d:69:33:af:f2:2b:f6:
         2a:94:e6:3e:8b:5c:8d:d5:c1:55:da:93:8d:e6:98:53:21:30:
         1d:63:cb:71:b9:e8:e7:c3:3a:f2:b2:e7:bb:72:4e:c9:e9:5f:
         15:a4:22:8a:c8:dd:59:55:f4:29:c5:23:19:63:64:1d:24:81:
         a3:07:d7:6b:c2:4d:2a:d3:84:f0:5d:48:ee:98:53:40:dc:79:
         7a:0e:a4:39:d6:27:b3:f4:06:5c:ac:68:0d:7a:c0:8a:80:3a:
         15:62:2c:bc:19:2b:80:11:e4:8a:00:68:17:66:db:f3:9c:5b:
         fc:fd:2c:ae
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFUhwiNq8q7r8lWrFBYKDk8rhTnAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA4MDExNzIwMDJaFw0yNTA5MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDgzM2U0ZjI2NWI2YjgwNjBkMGM1ODRhMDFmM2ExZTgzZTcwMDFjOGZkYTc4
NDk0ZTk5ZTc1NWUxODU5YjQwNjIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANFZhbIQ17uXyzDkgAgQNYuqbve3xCD+fDwnBkUwyS4P1oprS8eIW4ojQ1Nh
2v5ePIfafuuhxScYr1lZTlROz71v0rG9454ufEISohamlKjPokJcUVJes9MgxT04
IpyeSF5KvkcqPkfn4qBWuebcEEhpW9rFNKlZOEuQnH69zuKYv0Sn7Hf15dtjtji/
ywbv3qWHik5P/Nzb0QhwuHuEFMt3uipy9/rgwlADletohu3YHUmCIoVAn9s3PZTN
ina2PhK8chX9RtuwrhpkyIdqcoA3n3W9Pri1Xiuc5K4INa8Fm03+7CVu+MNDfHck
DTftYyduN4P4NOY+c1wjRqA5nBcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBROJ8Ks
DQDlOCtlIiK95dwNEvTqXzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MzRmYjVjN2UtZTM5Ny00NjQ5LTg5M2ItMzMyZGRkYTE0YmQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8YB
ADANBgkqhkiG9w0BAQsFAAOCAQEAclMsXQfLfn9cLTlT/l1JpOJRzRWYbvRbQQT2
+mdFjQMTxYw4CTj4vjDx6Lbr+2W7pTWD0E13hx7o2tcAA5jODkE17I4fVilH8F0t
59vbmjgnzs8tohU/t/To9TSpm7DTVFDBUansSBx++NH/8SvqtM0btwL9rP6x60AP
WgtfFh6bpJ3Pj337u889aTOv8iv2KpTmPotcjdXBVdqTjeaYUyEwHWPLcbno58M6
8rLnu3JOyelfFaQiisjdWVX0KcUjGWNkHSSBowfXa8JNKtOE8F1I7phTQNx5eg6k
OdYns/QGXKxoDXrAioA6FWIsvBkrgBHkigBoF2bb85xb/P0srg==
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:44:31 2025 by rpki-client