Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/440b3734-74c6-4eea-9712-42440de9c3b4.roa
File:                     440b3734-74c6-4eea-9712-42440de9c3b4.roa (raw, json)
Hash identifier:          KC5ElNRRWeML7p5avrD3iy55PPu49oOT9Z/cnXClgH4=
Subject key identifier:   91:EC:72:1F:DC:97:79:B3:77:24:D5:7E:73:4D:0E:D6:33:F9:F4:5B
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       47E9CA5086AE18D50C78E7AEB29C196A68AE988D
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/440b3734-74c6-4eea-9712-42440de9c3b4.roa
Signing time:             Sat 05 Apr 2025 00:20:09 +0000
ROA not before:           Sat 05 Apr 2025 00:20:09 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:e9:ca:50:86:ae:18:d5:0c:78:e7:ae:b2:9c:19:6a:68:ae:98:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:20:09 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e0:dc:2a:66:90:26:4d:d1:2d:f2:88:c3:28:
                    24:cf:c9:ad:47:48:20:97:9d:9a:6f:1a:39:ae:2e:
                    d6:c6:96:12:a4:65:16:84:fc:15:05:b5:a5:3d:7e:
                    f4:eb:64:60:b5:10:2f:76:dd:36:52:4f:b8:4c:16:
                    a3:ff:37:d7:e5:7c:84:64:c1:4e:98:e1:71:44:85:
                    41:10:92:d4:70:55:19:fc:c6:ac:65:c7:58:b6:56:
                    f1:00:3f:a1:38:79:45:31:2a:0f:e4:0e:9b:c2:07:
                    7c:62:a8:97:30:c6:93:fb:c6:26:10:c3:ca:74:23:
                    21:21:09:e1:8d:63:d8:38:74:69:1a:3d:92:b4:94:
                    bb:74:b8:b8:23:c7:84:62:89:45:39:cd:12:2f:7e:
                    58:92:c0:d8:23:bb:00:f0:e3:73:a3:f7:77:94:f0:
                    66:65:b8:2b:73:7f:9f:96:76:ab:3a:d9:60:49:83:
                    18:43:21:5f:41:5a:60:7a:b6:ab:e5:8f:4a:27:5d:
                    9c:64:9f:66:29:05:eb:9c:b2:d3:a9:d9:2c:bd:d1:
                    f3:57:03:ff:9f:0a:ed:92:37:1b:b3:36:b5:71:0d:
                    0d:b1:e8:f0:b5:c5:54:7f:07:30:ab:4f:d8:26:e5:
                    da:72:66:f4:be:24:5b:fb:a4:b1:b1:a2:d7:e7:ea:
                    15:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:EC:72:1F:DC:97:79:B3:77:24:D5:7E:73:4D:0E:D6:33:F9:F4:5B
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/440b3734-74c6-4eea-9712-42440de9c3b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7::/36

    Signature Algorithm: sha256WithRSAEncryption
         1d:5c:4e:12:3c:04:ff:6b:2d:d2:15:0c:be:f7:46:41:2d:15:
         5f:0f:1e:2e:fd:8e:09:66:eb:1f:ff:c5:ba:db:7c:0e:9b:24:
         07:2c:31:3c:6f:fd:12:00:55:47:e4:b9:1f:7e:4d:49:ca:18:
         6d:67:62:ee:10:b6:dd:2e:80:13:00:4a:f5:24:b3:e4:d8:b2:
         1d:55:d2:e2:1c:45:35:ab:a1:58:c4:fb:a9:2a:dd:f3:c2:3c:
         fe:e7:65:58:ca:8f:39:4c:4d:c6:d1:3b:e1:84:ca:ed:db:da:
         c8:9a:34:2b:27:a2:75:8e:50:36:ea:1e:70:29:10:bc:c1:89:
         e1:85:ea:75:6c:ef:ca:ed:e9:72:f4:b2:77:c0:2e:61:dc:74:
         61:83:d7:e2:e6:f0:a5:5a:2f:b3:2a:6d:2b:50:26:ae:55:39:
         41:02:c6:f9:95:fa:c6:82:0c:4f:b9:4a:98:ec:26:74:cd:05:
         e8:7d:aa:89:97:e6:c1:07:d1:03:90:d5:64:5e:21:b2:08:d0:
         8c:79:d2:e0:bb:1a:77:c7:01:5b:29:18:48:35:5e:ff:84:50:
         29:f0:c1:56:23:68:ba:41:17:18:4f:8c:c6:5b:a2:f2:e7:64:
         4b:84:39:8d:b2:73:6f:bf:5f:3e:97:dc:e7:7e:94:81:09:2a:
         38:21:f2:77
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUR+nKUIauGNUMeOeuspwZamiumI0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIwMDlaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDM0ZWMyZTk2Mjk0YzBmZjMwMDJiZDQwMDIwZjc4NGVjNjNjODZlNjNjZDcz
OTQxMjc2N2Q2NDg2ZTg1M2IyNDYxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALHg3CpmkCZN0S3yiMMoJM/JrUdIIJedmm8aOa4u1saWEqRlFoT8FQW1pT1+
9OtkYLUQL3bdNlJPuEwWo/831+V8hGTBTpjhcUSFQRCS1HBVGfzGrGXHWLZW8QA/
oTh5RTEqD+QOm8IHfGKolzDGk/vGJhDDynQjISEJ4Y1j2Dh0aRo9krSUu3S4uCPH
hGKJRTnNEi9+WJLA2CO7APDjc6P3d5TwZmW4K3N/n5Z2qzrZYEmDGEMhX0FaYHq2
q+WPSiddnGSfZikF65yy06nZLL3R81cD/58K7ZI3G7M2tXENDbHo8LXFVH8HMKtP
2Cbl2nJm9L4kW/uksbGi1+fqFcECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSR7HIf
3Jd5s3ck1X5zTQ7WM/n0WzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NDQwYjM3MzQtNzRjNi00ZWVhLTk3MTItNDI0NDBkZTljM2I0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8cA
MA0GCSqGSIb3DQEBCwUAA4IBAQAdXE4SPAT/ay3SFQy+90ZBLRVfDx4u/Y4JZusf
/8W623wOmyQHLDE8b/0SAFVH5Lkffk1JyhhtZ2LuELbdLoATAEr1JLPk2LIdVdLi
HEU1q6FYxPupKt3zwjz+52VYyo85TE3G0TvhhMrt29rImjQrJ6J1jlA26h5wKRC8
wYnhhep1bO/K7ely9LJ3wC5h3HRhg9fi5vClWi+zKm0rUCauVTlBAsb5lfrGggxP
uUqY7CZ0zQXofaqJl+bBB9EDkNVkXiGyCNCMedLguxp3xwFbKRhINV7/hFAp8MFW
I2i6QRcYT4zGW6Ly52RLhDmNsnNvv18+l9znfpSBCSo4IfJ3
-----END CERTIFICATE-----