Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/34fb5c7e-e397-4649-893b-332ddda14bd0.roa
File:                     34fb5c7e-e397-4649-893b-332ddda14bd0.roa (raw, json)
Hash identifier:          t7QH3zAFcXrbXylzEgGm2o4XCwEbfePV0e22E+5dds4=
Subject key identifier:   BD:56:13:C8:7B:8E:1D:65:8E:88:A8:A9:CA:36:16:D3:50:02:CD:CB
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       5E21EFFE4C2D5BEC6EA58A477685D5AE518007D6
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/34fb5c7e-e397-4649-893b-332ddda14bd0.roa
Signing time:             Tue 25 Mar 2025 23:07:11 +0000
ROA not before:           Tue 25 Mar 2025 23:07:11 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc6:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:21:ef:fe:4c:2d:5b:ec:6e:a5:8a:47:76:85:d5:ae:51:80:07:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Mar 25 23:07:11 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a2:9f:ba:76:20:b5:ef:62:66:f8:60:bb:96:
                    ed:07:34:86:11:8e:d7:ef:7a:19:3c:ab:50:a4:b5:
                    a0:bf:68:2b:5c:f9:8d:e8:cd:37:20:11:d5:f5:a7:
                    27:98:a6:c6:09:4c:d0:25:9e:91:4f:9c:1f:dc:df:
                    d0:4c:c7:42:0c:8d:ae:31:4f:55:59:6d:6b:38:71:
                    e3:a3:a2:32:d2:2b:c7:bf:20:aa:3c:c9:d8:cc:59:
                    4f:00:76:d5:5f:1a:2d:a2:30:af:15:eb:a1:cf:f3:
                    99:be:5c:4b:5f:26:12:9d:f0:aa:89:4c:ab:9b:f5:
                    15:b9:aa:7d:19:b8:45:00:17:f9:e5:1a:0f:05:54:
                    69:ba:c9:20:a1:e9:40:96:a5:8a:52:27:d4:bf:da:
                    3f:4c:7f:dc:49:3a:be:ff:24:0f:93:b3:19:95:68:
                    55:9a:95:b2:4e:6c:ca:27:69:0f:1c:77:19:8f:6b:
                    b1:4c:18:b9:b8:d3:81:1d:e1:e5:1c:3f:e6:32:e5:
                    bf:75:af:96:08:9e:c3:e9:26:2f:f6:44:fe:ab:c7:
                    ed:9a:fb:83:46:dd:d1:32:f5:e5:1b:cf:4f:12:3e:
                    4d:55:54:a0:34:7a:0a:4d:af:6e:aa:9e:12:52:fa:
                    8d:e0:a8:40:62:bc:c8:dc:d8:2d:bb:3f:81:8a:4a:
                    31:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:56:13:C8:7B:8E:1D:65:8E:88:A8:A9:CA:36:16:D3:50:02:CD:CB
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/34fb5c7e-e397-4649-893b-332ddda14bd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc6:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:d7:d5:e9:55:ae:ab:fb:f1:a6:29:b3:15:bf:d1:67:30:a8:
         ab:31:83:15:ff:2a:e4:51:0d:17:08:30:fc:99:a1:0e:d3:5c:
         9d:1e:21:51:80:8a:f2:58:dc:a0:66:26:bf:a1:fa:9b:30:f7:
         7a:0b:07:15:11:92:fb:63:d7:34:b1:86:63:a0:b4:d0:3f:47:
         cf:4f:f7:10:c3:fc:93:a7:2f:fa:80:bb:47:ee:68:f7:70:e1:
         ee:40:93:b4:8e:79:eb:53:a0:66:cc:d8:6c:4d:4c:59:46:94:
         b1:70:11:e0:94:e9:b1:d8:8b:d1:2a:2c:4c:f6:29:9b:59:e6:
         62:58:74:b7:dd:37:17:a5:0e:ae:0f:6e:f0:a5:e2:45:c2:63:
         91:70:66:ee:de:52:b8:6a:97:ff:8b:c0:bc:4f:c2:07:b0:9f:
         be:da:1e:39:2c:32:37:81:b7:6b:47:5a:d4:85:fc:32:bc:7f:
         4c:56:b7:28:0c:48:e7:ba:90:1a:77:ab:b0:75:ff:1d:a8:08:
         87:cc:70:bd:86:a2:53:3f:99:49:2f:d8:6a:5d:cd:93:47:81:
         c7:bf:fe:71:70:75:33:65:fe:7a:b9:d1:8d:c2:18:9c:c3:a8:
         7b:7b:8b:73:d2:72:cd:dc:ff:84:28:a5:f4:f0:0f:24:3d:a0:
         04:2e:63:6f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUXiHv/kwtW+xupYpHdoXVrlGAB9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTAzMjUyMzA3MTFaFw0yNTA0MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM2ZGUzYmQ5N2M0ODc2OTYwYTRmYWVkMDYyNTk0MzI2OGUyZmY3OTk5YzY3
OTg1NDQ0MWU1YjkyOWM4MWQwMTcxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKKin7p2ILXvYmb4YLuW7Qc0hhGO1+96GTyrUKS1oL9oK1z5jejNNyAR1fWn
J5imxglM0CWekU+cH9zf0EzHQgyNrjFPVVltazhx46OiMtIrx78gqjzJ2MxZTwB2
1V8aLaIwrxXroc/zmb5cS18mEp3wqolMq5v1FbmqfRm4RQAX+eUaDwVUabrJIKHp
QJalilIn1L/aP0x/3Ek6vv8kD5OzGZVoVZqVsk5syidpDxx3GY9rsUwYubjTgR3h
5Rw/5jLlv3Wvlgiew+kmL/ZE/qvH7Zr7g0bd0TL15RvPTxI+TVVUoDR6Ck2vbqqe
ElL6jeCoQGK8yNzYLbs/gYpKMd8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS9VhPI
e44dZY6IqKnKNhbTUALNyzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MzRmYjVjN2UtZTM5Ny00NjQ5LTg5M2ItMzMyZGRkYTE0YmQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8YB
ADANBgkqhkiG9w0BAQsFAAOCAQEAUdfV6VWuq/vxpimzFb/RZzCoqzGDFf8q5FEN
Fwgw/JmhDtNcnR4hUYCK8ljcoGYmv6H6mzD3egsHFRGS+2PXNLGGY6C00D9Hz0/3
EMP8k6cv+oC7R+5o93Dh7kCTtI5561OgZszYbE1MWUaUsXAR4JTpsdiL0SosTPYp
m1nmYlh0t903F6UOrg9u8KXiRcJjkXBm7t5SuGqX/4vAvE/CB7CfvtoeOSwyN4G3
a0da1IX8Mrx/TFa3KAxI57qQGnersHX/HagIh8xwvYaiUz+ZSS/Yal3Nk0eBx7/+
cXB1M2X+ernRjcIYnMOoe3uLc9Jyzdz/hCil9PAPJD2gBC5jbw==
-----END CERTIFICATE-----