Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4723f2a2-88af-42fa-b700-a780f4cd2903.roa
File:                     4723f2a2-88af-42fa-b700-a780f4cd2903.roa (raw, json)
Hash identifier:          ChieiKlbtjBIptQeX544a7zp0X++16AXGTFjJ+PlTvQ=
Subject key identifier:   F7:E9:8F:4E:AF:F1:B3:29:37:49:18:9E:56:38:3C:A3:13:50:07:30
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       05794D594186B9606EF504824AFD12C3BA4E78BF
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4723f2a2-88af-42fa-b700-a780f4cd2903.roa
Signing time:             Sat 05 Apr 2025 00:21:18 +0000
ROA not before:           Sat 05 Apr 2025 00:21:18 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc3:a000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:79:4d:59:41:86:b9:60:6e:f5:04:82:4a:fd:12:c3:ba:4e:78:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:21:18 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:fb:25:c5:33:27:ad:36:a3:f3:a5:77:67:27:
                    a6:96:b4:a1:4b:4a:59:1f:09:b1:06:1f:5e:ce:99:
                    2f:cf:e3:ca:98:42:fb:04:0e:c3:70:87:ce:fb:45:
                    1c:f4:d4:6a:3a:3e:8f:ac:b1:41:3c:25:67:67:24:
                    73:95:92:f8:01:35:d9:b9:b7:63:74:1e:91:c4:d2:
                    e9:2c:76:32:7d:a9:23:ba:5e:e7:0f:e7:cc:a5:1e:
                    f4:75:ef:dd:4c:d7:a7:13:09:48:ec:2a:a7:e1:78:
                    ea:a3:ae:f1:64:17:b8:97:9f:ba:28:d6:d3:c7:c0:
                    4d:05:71:e9:c0:d4:83:a0:a7:74:db:1b:52:b3:18:
                    27:d7:e8:5e:54:77:53:22:77:33:74:8b:06:02:df:
                    77:18:af:2e:4d:e6:0f:3b:82:c9:55:a6:8d:42:91:
                    f4:ed:9e:b7:40:30:93:55:f6:c6:13:c5:a3:38:1b:
                    98:03:f7:67:0e:b0:38:93:de:c2:69:e3:c2:36:2b:
                    a4:13:91:15:c1:6a:54:75:60:2e:ed:0d:f5:33:3e:
                    6c:db:74:f5:d9:f6:32:4d:72:14:dc:aa:b7:5d:5d:
                    b3:1b:cd:df:9d:fa:1e:4c:9c:96:d5:4a:0c:a5:15:
                    8c:63:71:ef:19:18:5e:7f:ca:0c:b1:3f:2c:29:47:
                    0f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:E9:8F:4E:AF:F1:B3:29:37:49:18:9E:56:38:3C:A3:13:50:07:30
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4723f2a2-88af-42fa-b700-a780f4cd2903.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc3:a000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a8:c8:57:c6:83:41:c5:47:d3:cd:01:87:48:f9:80:39:49:61:
         e2:5f:9b:17:6e:a7:60:55:bf:48:b8:a0:75:33:1e:a6:ac:f1:
         f9:98:90:47:75:7b:f5:6f:96:ff:a5:c4:b6:86:33:e4:7a:2d:
         67:39:97:40:05:6e:3c:7a:61:c9:da:40:72:2a:b2:00:5e:c3:
         82:46:d4:8e:e9:c8:04:77:98:0f:25:37:ec:6c:ad:9f:f4:1f:
         1e:c8:91:a2:c3:f9:b5:52:aa:15:3d:29:09:e4:9f:50:82:93:
         4a:d9:c3:c7:9d:45:e4:65:12:67:be:68:f7:b1:d0:2e:6f:ee:
         ee:5e:cd:45:ac:74:ad:40:76:03:74:6c:61:16:ab:45:d2:ee:
         07:5e:1a:c1:18:24:84:c1:36:2c:f5:bf:1d:1d:fd:4a:68:4f:
         82:ca:e1:8e:54:44:4a:f4:96:48:da:99:97:6c:5d:86:73:b8:
         22:e1:6f:45:92:1b:a1:a7:4e:9d:10:76:e7:00:84:37:f3:ae:
         2d:da:b2:cf:a4:a3:16:cb:d4:db:42:3b:62:f4:ee:29:a7:c1:
         e5:e1:c1:44:40:ab:90:d2:01:a3:1b:02:2e:15:33:63:d3:b9:
         5d:1d:27:b6:d0:04:d3:b4:99:d5:34:6f:2f:5a:c1:15:d5:68:
         43:de:b0:bc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBXlNWUGGuWBu9QSCSv0Sw7pOeL8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIxMThaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiMzAzMGI4MWZiNTQ0OGRhODFmYmRiODljODYwNmU3NjE0N2ZmOWU2MjM3
Y2I4ODg3ZWFlODk0NGY0NGZhYjYxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMn7JcUzJ602o/Old2cnppa0oUtKWR8JsQYfXs6ZL8/jyphC+wQOw3CHzvtF
HPTUajo+j6yxQTwlZ2ckc5WS+AE12bm3Y3QekcTS6Sx2Mn2pI7pe5w/nzKUe9HXv
3UzXpxMJSOwqp+F46qOu8WQXuJefuijW08fATQVx6cDUg6CndNsbUrMYJ9foXlR3
UyJ3M3SLBgLfdxivLk3mDzuCyVWmjUKR9O2et0Awk1X2xhPFozgbmAP3Zw6wOJPe
wmnjwjYrpBORFcFqVHVgLu0N9TM+bNt09dn2Mk1yFNyqt11dsxvN3536HkycltVK
DKUVjGNx7xkYXn/KDLE/LClHD9cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT36Y9O
r/GzKTdJGJ5WODyjE1AHMDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NDcyM2YyYTItODhhZi00MmZhLWI3MDAtYTc4MGY0Y2QyOTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8Og
MA0GCSqGSIb3DQEBCwUAA4IBAQCoyFfGg0HFR9PNAYdI+YA5SWHiX5sXbqdgVb9I
uKB1Mx6mrPH5mJBHdXv1b5b/pcS2hjPkei1nOZdABW48emHJ2kByKrIAXsOCRtSO
6cgEd5gPJTfsbK2f9B8eyJGiw/m1UqoVPSkJ5J9QgpNK2cPHnUXkZRJnvmj3sdAu
b+7uXs1FrHStQHYDdGxhFqtF0u4HXhrBGCSEwTYs9b8dHf1KaE+CyuGOVERK9JZI
2pmXbF2Gc7gi4W9Fkhuhp06dEHbnAIQ3864t2rLPpKMWy9TbQjti9O4pp8Hl4cFE
QKuQ0gGjGwIuFTNj07ldHSe20ATTtJnVNG8vWsEV1WhD3rC8
-----END CERTIFICATE-----