Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/aee0ced2-04c3-4c6b-ab68-04adfb518909.roa
File:                     aee0ced2-04c3-4c6b-ab68-04adfb518909.roa (raw, json)
Hash identifier:          szY4+7fPP05W1GphOYPyHDtOFrwMT7tSzuSHGDJLljo=
Subject key identifier:   F2:52:34:55:37:F9:8C:E1:52:98:95:C3:6B:02:A6:3C:FA:02:5B:03
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       7A4C0361C81EA26E139906B6D13B4492A9AFAF91
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/aee0ced2-04c3-4c6b-ab68-04adfb518909.roa
Signing time:             Wed 30 Jul 2025 17:36:59 +0000
ROA not before:           Wed 30 Jul 2025 17:36:59 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:7000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:4c:03:61:c8:1e:a2:6e:13:99:06:b6:d1:3b:44:92:a9:af:af:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Jul 30 17:36:59 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=682bf643445a2a9a3d4c50e8a07c57b4578c5d813e6251e6b6f21387bc412eec, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:85:98:73:78:dd:d8:ad:3e:6a:a5:58:b0:bb:
                    4e:eb:91:0c:d2:16:fd:5d:a1:a1:76:d2:c5:ae:06:
                    f2:2e:29:7c:f8:f2:8d:8e:44:39:f7:7e:76:25:8c:
                    3f:86:ea:4a:2f:2a:bf:10:93:55:16:c9:21:57:e2:
                    0d:65:57:e9:6a:f3:dc:7b:98:a8:31:7a:de:bd:a9:
                    e8:eb:d5:51:7f:dd:12:01:c4:1b:cf:48:ae:94:8e:
                    2b:29:4f:3f:7c:50:05:d3:39:bd:93:c8:db:de:cb:
                    6a:26:40:61:6a:9f:26:9d:45:6c:81:1d:ca:f0:c3:
                    d4:05:56:98:2e:66:69:c9:bc:73:5e:a2:84:37:a7:
                    ee:86:57:aa:a9:dc:ed:d4:9f:3d:db:2c:fe:bd:48:
                    3f:1d:89:14:be:69:cc:bb:7e:47:c7:11:51:b2:55:
                    72:63:15:0d:37:a8:b3:00:bc:38:5b:97:75:d5:98:
                    cf:70:03:59:c5:70:c7:87:89:7d:31:3f:16:cb:98:
                    2c:f4:20:4a:07:6f:ed:5c:8d:fe:6b:6d:67:8b:95:
                    98:52:ea:8f:ad:ad:d7:3d:d3:fb:bf:82:fe:7c:b9:
                    ec:06:3e:89:f0:4c:b8:b6:09:ca:05:5b:0c:e6:33:
                    66:cf:50:e3:1e:96:bf:a9:8c:3d:d8:8b:95:41:be:
                    d5:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:52:34:55:37:F9:8C:E1:52:98:95:C3:6B:02:A6:3C:FA:02:5B:03
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/aee0ced2-04c3-4c6b-ab68-04adfb518909.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:7000::/36

    Signature Algorithm: sha256WithRSAEncryption
         53:e4:34:b5:2a:fb:69:6f:3e:6f:a4:6c:79:53:85:5a:85:83:
         16:d4:6e:9f:87:79:10:5d:7a:34:4f:b7:92:29:26:78:a6:0f:
         0c:54:00:46:18:f3:b3:ae:6e:34:43:08:73:c1:b8:70:66:20:
         51:f4:71:71:61:f7:99:43:99:9b:a4:4b:09:ae:e6:e4:7b:92:
         94:a1:4a:98:25:7a:f8:cc:ac:e9:aa:99:90:4e:67:d6:26:35:
         db:98:1f:71:61:39:c7:8c:29:03:68:c1:5f:00:27:ed:15:14:
         4e:9a:d9:26:66:61:ba:ab:cd:ee:b2:a6:11:bc:24:dc:78:35:
         d1:2f:d2:fe:c8:53:39:0a:80:7e:aa:4e:56:96:e6:77:1f:56:
         da:7f:dc:d6:41:8b:04:09:df:89:3c:9a:e6:84:a6:29:25:ef:
         1a:eb:62:24:6e:be:d9:d9:eb:d9:a7:65:c1:d2:c4:ff:9a:d0:
         d9:dd:b2:23:2e:07:aa:a7:74:45:01:4b:90:22:73:a2:cb:35:
         80:a0:c4:a7:bc:0a:50:3f:30:09:02:fe:12:0e:ac:ed:db:c0:
         f4:3a:e8:26:7c:f9:fb:b0:d9:06:54:37:26:3e:6b:d9:9d:1c:
         19:4f:0b:a7:dd:69:b5:ad:26:54:e7:a7:41:b2:48:ea:aa:73:
         e2:a1:50:e3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUekwDYcgeom4TmQa20TtEkqmvr5EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MzAxNzM2NTlaFw0yNTA5MDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDY4MmJmNjQzNDQ1YTJhOWEzZDRjNTBlOGEwN2M1N2I0NTc4YzVkODEzZTYy
NTFlNmI2ZjIxMzg3YmM0MTJlZWMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALCFmHN43ditPmqlWLC7TuuRDNIW/V2hoXbSxa4G8i4pfPjyjY5EOfd+diWM
P4bqSi8qvxCTVRbJIVfiDWVX6Wrz3HuYqDF63r2p6OvVUX/dEgHEG89IrpSOKylP
P3xQBdM5vZPI297LaiZAYWqfJp1FbIEdyvDD1AVWmC5macm8c16ihDen7oZXqqnc
7dSfPdss/r1IPx2JFL5pzLt+R8cRUbJVcmMVDTeoswC8OFuXddWYz3ADWcVwx4eJ
fTE/FsuYLPQgSgdv7VyN/mttZ4uVmFLqj62t1z3T+7+C/ny57AY+ifBMuLYJygVb
DOYzZs9Q4x6Wv6mMPdiLlUG+1cUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTyUjRV
N/mM4VKYlcNrAqY8+gJbAzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YWVlMGNlZDItMDRjMy00YzZiLWFiNjgtMDRhZGZiNTE4OTA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dw
MA0GCSqGSIb3DQEBCwUAA4IBAQBT5DS1Kvtpbz5vpGx5U4VahYMW1G6fh3kQXXo0
T7eSKSZ4pg8MVABGGPOzrm40QwhzwbhwZiBR9HFxYfeZQ5mbpEsJrubke5KUoUqY
JXr4zKzpqpmQTmfWJjXbmB9xYTnHjCkDaMFfACftFRROmtkmZmG6q83usqYRvCTc
eDXRL9L+yFM5CoB+qk5WluZ3H1baf9zWQYsECd+JPJrmhKYpJe8a62Ikbr7Z2evZ
p2XB0sT/mtDZ3bIjLgeqp3RFAUuQInOiyzWAoMSnvApQPzAJAv4SDqzt28D0Ougm
fPn7sNkGVDcmPmvZnRwZTwun3Wm1rSZU56dBskjqqnPioVDj
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:09 2025 by rpki-client