Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/a4592271-0371-4e59-91d6-8cede30d6d9a.roa
File:                     a4592271-0371-4e59-91d6-8cede30d6d9a.roa (raw, json)
Hash identifier:          8tYmCFlnNRGdMlxRHjfCrqzj6S4iWhkUSw3EZ5L4sBo=
Subject key identifier:   D7:29:0E:F4:BC:02:95:3D:1A:3B:07:B5:27:4C:B4:63:85:B1:DD:49
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       054C901668469781109DC2F3E506044B442B5510
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/a4592271-0371-4e59-91d6-8cede30d6d9a.roa
Signing time:             Mon 26 May 2025 15:11:05 +0000
ROA not before:           Mon 26 May 2025 15:11:05 +0000
ROA not after:            Mon 30 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:b8c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:4c:90:16:68:46:97:81:10:9d:c2:f3:e5:06:04:4b:44:2b:55:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: May 26 15:11:05 2025 GMT
            Not After : Jun 30 23:59:59 2025 GMT
        Subject: serialNumber=5aab72c1df90b34ecfc03cb38153608e0276c7da11ace2792a94f403389b205c, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9c:1e:af:bb:80:aa:58:87:70:b1:70:9e:00:
                    26:a6:56:3f:7a:8c:2e:3e:4d:dd:56:38:c6:00:ce:
                    00:07:70:7f:dc:f4:7f:ec:a5:42:e8:77:ed:15:df:
                    c1:77:b6:0c:50:5c:fd:a7:5b:55:e1:10:7e:d5:d6:
                    55:ca:f7:0a:fd:7b:08:f2:55:8d:e4:2e:10:51:ec:
                    24:8d:8e:0f:c0:fa:cd:b1:b8:a7:bb:21:ba:b1:a7:
                    8b:f5:1a:22:c4:7d:a3:32:b7:5a:05:3c:1d:d7:2e:
                    b3:68:3b:6c:b6:f8:4b:ae:ec:2f:b2:f7:6f:49:30:
                    f6:04:aa:d3:cd:a4:22:f8:a2:d5:63:0e:30:b2:8b:
                    7d:08:d1:ba:ba:0d:77:94:f9:72:25:e2:5a:53:fe:
                    b2:9e:ab:e2:4e:8a:bb:ae:2c:70:18:ab:da:ff:e3:
                    fb:b0:60:90:41:40:7a:ac:f6:37:b3:22:29:35:f8:
                    d9:ea:6a:e4:5f:5e:b0:28:0d:00:0d:27:07:3e:2b:
                    17:75:c3:59:fc:0d:b4:11:95:b6:c1:58:97:84:e2:
                    78:90:12:f6:cd:3c:39:e5:56:05:c7:d5:38:42:a7:
                    1f:f2:8f:a4:38:78:03:64:eb:99:47:ce:43:07:61:
                    01:df:76:40:19:1d:14:38:98:3e:1b:64:17:b6:53:
                    6a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:29:0E:F4:BC:02:95:3D:1A:3B:07:B5:27:4C:B4:63:85:B1:DD:49
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/a4592271-0371-4e59-91d6-8cede30d6d9a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:b8c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         2d:16:30:ea:ac:2d:57:02:f9:f5:49:8a:57:de:80:e3:61:77:
         67:f4:8d:5c:0c:68:ea:80:d1:30:ec:9b:b0:c4:73:24:06:df:
         dd:f3:81:6f:97:08:25:a6:a9:62:ce:ba:4d:b4:46:da:24:d7:
         21:61:b0:29:16:ba:fb:2a:c1:51:2b:12:52:45:fc:1b:9d:40:
         7e:3f:a7:af:f3:d8:fd:d5:2a:ff:70:c8:0b:cc:8e:6f:04:42:
         bf:9d:93:b6:e8:e9:ee:6c:98:99:28:f6:3b:ee:de:dd:f8:ac:
         48:3f:0f:ac:49:1f:24:a2:72:23:db:73:c0:50:21:6b:72:f9:
         58:08:20:90:9d:d6:c0:a8:9d:47:f0:73:02:15:c0:03:d6:26:
         a2:86:2c:b2:25:4a:71:55:41:50:50:81:b5:4a:c2:65:41:3e:
         3d:a7:80:34:c5:11:20:df:b9:65:7b:f3:48:7e:d6:82:cc:75:
         b2:d7:81:4f:5e:53:93:e0:83:c4:8b:90:3b:d2:49:67:f1:92:
         47:4c:83:95:fe:d1:e8:8a:61:de:40:d5:a8:50:46:5a:f9:da:
         3e:8f:f5:6e:d3:bf:44:a8:d0:98:07:22:fd:d0:10:0e:e7:dd:
         e9:27:fc:da:ac:f0:16:cb:97:0b:af:48:07:ee:0b:36:57:ee:
         fe:03:85:8f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUBUyQFmhGl4EQncLz5QYES0QrVRAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA1MjYxNTExMDVaFw0yNTA2MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDVhYWI3MmMxZGY5MGIzNGVjZmMwM2NiMzgxNTM2MDhlMDI3NmM3ZGExMWFj
ZTI3OTJhOTRmNDAzMzg5YjIwNWMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMqcHq+7gKpYh3CxcJ4AJqZWP3qMLj5N3VY4xgDOAAdwf9z0f+ylQuh37RXf
wXe2DFBc/adbVeEQftXWVcr3Cv17CPJVjeQuEFHsJI2OD8D6zbG4p7shurGni/Ua
IsR9ozK3WgU8Hdcus2g7bLb4S67sL7L3b0kw9gSq082kIvii1WMOMLKLfQjRuroN
d5T5ciXiWlP+sp6r4k6Ku64scBir2v/j+7BgkEFAeqz2N7MiKTX42epq5F9esCgN
AA0nBz4rF3XDWfwNtBGVtsFYl4TieJAS9s08OeVWBcfVOEKnH/KPpDh4A2TrmUfO
QwdhAd92QBkdFDiYPhtkF7ZTarMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTXKQ70
vAKVPRo7B7UnTLRjhbHdSTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YTQ1OTIyNzEtMDM3MS00ZTU5LTkxZDYtOGNlZGUzMGQ2ZDlhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAiABP8e4
wDANBgkqhkiG9w0BAQsFAAOCAQEALRYw6qwtVwL59UmKV96A42F3Z/SNXAxo6oDR
MOybsMRzJAbf3fOBb5cIJaapYs66TbRG2iTXIWGwKRa6+yrBUSsSUkX8G51Afj+n
r/PY/dUq/3DIC8yObwRCv52Ttujp7myYmSj2O+7e3fisSD8PrEkfJKJyI9tzwFAh
a3L5WAggkJ3WwKidR/BzAhXAA9YmooYssiVKcVVBUFCBtUrCZUE+PaeANMURIN+5
ZXvzSH7Wgsx1steBT15Tk+CDxIuQO9JJZ/GSR0yDlf7R6Iph3kDVqFBGWvnaPo/1
btO/RKjQmAci/dAQDufd6Sf82qzwFsuXC69IB+4LNlfu/gOFjw==
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:56:08 2025 by rpki-client