Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/00e367f0-18fe-4be3-8ccd-885f75baf0a5.roa
File:                     00e367f0-18fe-4be3-8ccd-885f75baf0a5.roa (raw, json)
Hash identifier:          zs+QEqIx3yS8q9a2soR4ySnF92CBL+ElDceyvEQrsBg=
Subject key identifier:   C6:73:C1:5D:EE:2F:5F:1F:FB:00:9A:B4:9D:E6:36:B6:C5:6C:3C:E3
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       354F5105F6483617B1801F18FB6D571C11DAFE8A
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/00e367f0-18fe-4be3-8ccd-885f75baf0a5.roa
Signing time:             Sat 05 Apr 2025 00:11:01 +0000
ROA not before:           Sat 05 Apr 2025 00:11:01 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc0::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:4f:51:05:f6:48:36:17:b1:80:1f:18:fb:6d:57:1c:11:da:fe:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:11:01 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:83:c6:20:77:c1:cc:c0:9f:7d:a0:fa:f7:60:
                    b9:cf:74:1f:1b:1d:9f:8a:34:14:41:22:a9:71:66:
                    55:29:56:94:6c:04:18:b9:35:97:c1:ed:57:15:7d:
                    42:7b:d2:88:e9:1b:c3:2c:8a:01:0e:10:7d:d5:7f:
                    14:5e:c8:aa:4a:01:ef:aa:6d:bf:1f:ad:14:7b:28:
                    8d:cc:27:80:f2:e9:4d:d4:b7:d5:ac:6b:a3:12:56:
                    d1:45:3f:aa:1c:64:5e:34:8e:e0:f3:e7:f4:6f:2e:
                    9e:66:27:4e:2e:5b:0c:ee:ee:f8:ab:68:69:a8:76:
                    d3:b1:b5:fe:7f:bd:1e:71:cf:4d:e7:75:aa:fc:13:
                    c8:0e:ee:c8:ec:9b:45:61:cd:a8:a0:3d:31:c7:8f:
                    46:ea:82:f7:f0:09:f5:8f:bf:9b:f0:fb:60:d5:ef:
                    62:c5:bd:e5:45:e3:12:24:c8:cc:25:28:c3:6e:da:
                    78:a8:93:f0:5b:94:f5:4f:a8:0f:8f:d3:b2:ba:84:
                    24:b3:44:70:f4:e1:93:f0:c2:32:ff:a0:94:b7:2a:
                    76:e4:f6:75:6c:2a:f7:7f:27:f6:93:8f:0f:f1:d6:
                    7c:e2:95:2f:fb:c0:e2:e8:ff:c9:1b:04:4b:74:18:
                    c6:f6:d3:c3:58:b5:ca:da:4d:de:08:a8:ad:46:1d:
                    c1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:73:C1:5D:EE:2F:5F:1F:FB:00:9A:B4:9D:E6:36:B6:C5:6C:3C:E3
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/00e367f0-18fe-4be3-8ccd-885f75baf0a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc0::/36

    Signature Algorithm: sha256WithRSAEncryption
         0e:f4:d4:94:fa:4e:90:0d:2f:e0:e2:5c:5c:8b:fb:e4:e0:dc:
         26:e5:ba:3d:db:af:8d:d6:5d:53:69:54:b8:72:8f:cb:28:85:
         1b:fb:b1:99:9c:52:fe:d5:c3:1e:40:1c:7f:7c:ef:41:9f:be:
         61:58:f0:f0:2c:19:fe:6e:09:1d:80:9c:0c:14:3d:b0:17:24:
         51:28:0c:6c:02:7e:ab:86:65:d1:10:cf:66:9c:3e:4c:c0:e2:
         9f:31:e8:65:f8:8c:26:d5:9c:4b:06:2f:47:65:ae:3b:cd:c9:
         8e:a1:28:6e:77:65:fe:c9:a2:12:69:7d:87:32:29:a2:3a:18:
         08:57:08:d0:12:44:36:8a:4f:92:5d:bd:29:fd:5a:3a:e1:b7:
         0f:d0:ef:36:ca:6f:14:55:38:0b:a8:f8:12:c7:21:69:bb:3c:
         c4:a1:5c:a8:61:48:4a:a9:57:e9:f5:45:18:ef:b5:fa:48:2d:
         56:47:38:32:4c:da:b3:63:3b:28:6f:3d:95:d4:6c:a3:9d:12:
         d2:26:2c:7a:32:d8:9c:22:71:43:12:c9:04:57:8c:6e:3a:50:
         9d:cd:04:d3:f4:8f:5f:88:8c:10:a4:20:14:9a:fc:3e:f2:9a:
         74:27:37:8f:a3:0c:f7:19:9a:a3:25:2a:f7:77:ba:05:4d:b0:
         3b:e9:b2:6b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNU9RBfZINhexgB8Y+21XHBHa/oowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDExMDFaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGRmOWVhZjRiYTc3MTMwNzZkODdmYjkwNzU0YzMxMDVkYzIwNjZhODJhMTQw
M2I3MDIwMmVjZjc0YTVmMzE0MjAxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJWDxiB3wczAn32g+vdguc90Hxsdn4o0FEEiqXFmVSlWlGwEGLk1l8HtVxV9
QnvSiOkbwyyKAQ4QfdV/FF7IqkoB76ptvx+tFHsojcwngPLpTdS31axroxJW0UU/
qhxkXjSO4PPn9G8unmYnTi5bDO7u+Ktoaah207G1/n+9HnHPTed1qvwTyA7uyOyb
RWHNqKA9McePRuqC9/AJ9Y+/m/D7YNXvYsW95UXjEiTIzCUow27aeKiT8FuU9U+o
D4/TsrqEJLNEcPThk/DCMv+glLcqduT2dWwq938n9pOPD/HWfOKVL/vA4uj/yRsE
S3QYxvbTw1i1ytpN3giorUYdwVcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTGc8Fd
7i9fH/sAmrSd5ja2xWw84zAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MDBlMzY3ZjAtMThmZS00YmUzLThjY2QtODg1Zjc1YmFmMGE1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8AA
MA0GCSqGSIb3DQEBCwUAA4IBAQAO9NSU+k6QDS/g4lxci/vk4Nwm5bo926+N1l1T
aVS4co/LKIUb+7GZnFL+1cMeQBx/fO9Bn75hWPDwLBn+bgkdgJwMFD2wFyRRKAxs
An6rhmXREM9mnD5MwOKfMehl+Iwm1ZxLBi9HZa47zcmOoShud2X+yaISaX2HMimi
OhgIVwjQEkQ2ik+SXb0p/Vo64bcP0O82ym8UVTgLqPgSxyFpuzzEoVyoYUhKqVfp
9UUY77X6SC1WRzgyTNqzYzsobz2V1GyjnRLSJix6MticInFDEskEV4xuOlCdzQTT
9I9fiIwQpCAUmvw+8pp0JzePowz3GZqjJSr3d7oFTbA76bJr
-----END CERTIFICATE-----