Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0b1379a0-a965-4871-ba33-de2086e8028e.roa
File:                     0b1379a0-a965-4871-ba33-de2086e8028e.roa (raw, json)
Hash identifier:          0BOZ/XZPyTDT88jnslD6dkA4R8YpiE0pFb2ByB0GW6c=
Subject key identifier:   4C:B8:3D:2D:2C:AD:80:97:1A:5C:E8:C6:95:90:1C:EA:5F:5A:F5:2E
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       3B7D08F415243AC04CCA9550E028EBD3E6FB1693
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0b1379a0-a965-4871-ba33-de2086e8028e.roa
Signing time:             Sat 05 Apr 2025 00:11:05 +0000
ROA not before:           Sat 05 Apr 2025 00:11:05 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:7d:08:f4:15:24:3a:c0:4c:ca:95:50:e0:28:eb:d3:e6:fb:16:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:11:05 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ff:fa:4e:ff:89:a4:bb:50:ca:47:56:ef:61:
                    f5:3c:0c:70:38:c4:13:98:ea:bd:4e:8c:d1:89:65:
                    f0:90:b8:6e:5b:f3:60:95:4a:3f:f4:4e:af:5f:b8:
                    2c:3e:22:33:27:0f:0a:25:e4:bb:22:cd:5e:a6:42:
                    1a:8a:1b:e0:e4:0c:a9:93:d3:1f:54:fc:78:60:8d:
                    f6:45:74:78:96:b0:60:b6:b3:0c:53:38:ae:1d:d6:
                    ca:02:20:41:91:4c:1a:10:8d:95:9d:64:0e:e1:b1:
                    26:e3:77:f9:b2:6d:fa:54:2c:cb:e6:ee:04:44:5f:
                    57:1f:3e:5e:9e:05:ed:95:bb:dc:52:b5:60:6e:e2:
                    2d:ec:96:22:20:58:a0:42:7a:1d:be:c4:8c:75:e7:
                    a8:58:c8:d6:b6:52:4f:57:6e:43:28:f7:b3:f5:8a:
                    b8:8e:76:06:7d:17:91:e2:a1:1b:4e:ac:e0:e2:74:
                    f3:50:49:e8:d8:cd:01:8f:15:2c:91:9d:55:cd:2c:
                    1f:32:29:14:32:23:0e:14:84:44:50:78:b5:73:95:
                    4f:5e:84:d1:a8:29:16:43:80:0b:b5:b6:29:70:d3:
                    3c:c8:51:65:2e:95:8f:13:ea:d3:6c:77:c4:bd:a8:
                    f4:cf:0e:65:46:81:5e:06:6b:8a:39:d0:a6:69:50:
                    85:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B8:3D:2D:2C:AD:80:97:1A:5C:E8:C6:95:90:1C:EA:5F:5A:F5:2E
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0b1379a0-a965-4871-ba33-de2086e8028e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         52:f9:36:0a:d4:4d:df:91:2e:77:11:5e:1a:e8:78:68:c1:3c:
         da:c8:bf:db:eb:bc:54:5e:9f:84:04:e1:4b:a9:e3:74:90:12:
         89:d5:ac:c6:3f:f6:83:60:51:c1:af:46:e5:dc:b1:f3:20:af:
         a0:f7:c0:73:42:c7:b1:7a:b2:3a:9b:03:5a:25:3e:09:a5:0b:
         17:ce:1c:21:63:c3:a6:2c:9d:5e:ef:aa:7f:f9:4f:0f:40:89:
         8a:ff:74:12:87:e6:79:f7:a3:56:3a:34:09:65:6a:14:20:c6:
         ed:1c:d5:a6:37:5a:fd:58:5d:2b:e1:5b:bd:c6:c3:e0:27:e6:
         9c:e2:82:93:1c:ca:c6:ea:5c:14:8a:bd:f1:13:56:f6:2d:84:
         2c:63:ee:55:c5:6a:28:95:2e:ed:35:4d:ec:cd:c1:d3:5d:4a:
         7a:78:c6:ec:c1:8f:3b:22:d0:9b:25:a3:58:f9:95:75:19:62:
         48:4d:dd:cd:72:6f:48:c1:5d:5e:88:c9:80:ee:81:38:73:95:
         0c:f8:9a:e7:fa:f5:73:a8:64:eb:77:bc:1a:8a:89:f5:bf:17:
         d4:21:99:38:43:81:cf:e2:c4:35:42:0b:a0:57:db:66:d9:3b:
         d5:fb:14:bd:a6:e0:7a:cf:25:96:c6:c4:61:ab:e2:7f:5f:2c:
         df:b6:58:a7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUO30I9BUkOsBMypVQ4Cjr0+b7FpMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDExMDVaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGMzOTlhMDI1YzVkNzE3MjZhNzcwNGFhMjA3YjQyOThhY2MxYTIzOTU3YmFi
YWI3Yjk5NzliNmZkMzZhNWYzMmUxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOb/+k7/iaS7UMpHVu9h9TwMcDjEE5jqvU6M0Yll8JC4blvzYJVKP/ROr1+4
LD4iMycPCiXkuyLNXqZCGoob4OQMqZPTH1T8eGCN9kV0eJawYLazDFM4rh3WygIg
QZFMGhCNlZ1kDuGxJuN3+bJt+lQsy+buBERfVx8+Xp4F7ZW73FK1YG7iLeyWIiBY
oEJ6Hb7EjHXnqFjI1rZST1duQyj3s/WKuI52Bn0XkeKhG06s4OJ081BJ6NjNAY8V
LJGdVc0sHzIpFDIjDhSERFB4tXOVT16E0agpFkOAC7W2KXDTPMhRZS6VjxPq02x3
xL2o9M8OZUaBXgZrijnQpmlQhfECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRMuD0t
LK2Alxpc6MaVkBzqX1r1LjAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MGIxMzc5YTAtYTk2NS00ODcxLWJhMzMtZGUyMDg2ZTgwMjhlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fw
MA0GCSqGSIb3DQEBCwUAA4IBAQBS+TYK1E3fkS53EV4a6HhowTzayL/b67xUXp+E
BOFLqeN0kBKJ1azGP/aDYFHBr0bl3LHzIK+g98BzQsexerI6mwNaJT4JpQsXzhwh
Y8OmLJ1e76p/+U8PQImK/3QSh+Z596NWOjQJZWoUIMbtHNWmN1r9WF0r4Vu9xsPg
J+ac4oKTHMrG6lwUir3xE1b2LYQsY+5VxWoolS7tNU3szcHTXUp6eMbswY87ItCb
JaNY+ZV1GWJITd3Ncm9IwV1eiMmA7oE4c5UM+Jrn+vVzqGTrd7waion1vxfUIZk4
Q4HP4sQ1QgugV9tm2TvV+xS9puB6zyWWxsRhq+J/Xyzftlin
-----END CERTIFICATE-----