Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4c3a78bf-d9cf-418f-8a3a-8c3e72470c1c.roa
File:                     4c3a78bf-d9cf-418f-8a3a-8c3e72470c1c.roa (raw, json)
Hash identifier:          E21a+Zv7OSCAOealZv3yde5nhe6YWTC5bxL5dQJ5aco=
Subject key identifier:   AF:4E:E2:B6:9E:3E:7A:A9:A4:6F:13:3D:55:DE:15:F2:A0:C1:AB:0C
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       7FE442BF3181536E5AAF7F9EEC983E315360EBBC
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4c3a78bf-d9cf-418f-8a3a-8c3e72470c1c.roa
Signing time:             Sat 05 Apr 2025 00:11:07 +0000
ROA not before:           Sat 05 Apr 2025 00:11:07 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc0:840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:e4:42:bf:31:81:53:6e:5a:af:7f:9e:ec:98:3e:31:53:60:eb:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:11:07 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f6:f1:20:02:de:29:37:12:12:55:9f:a9:92:
                    43:cb:53:7c:5f:0e:32:ad:d0:09:96:87:ee:b4:aa:
                    e1:c7:fb:21:ef:8d:f1:09:9a:4b:48:19:d1:f1:92:
                    ad:06:cf:fa:71:aa:16:91:88:5d:91:e9:3f:7a:37:
                    0e:c9:90:f5:fc:c7:23:6f:eb:e1:9e:73:b6:33:f6:
                    45:73:18:84:40:13:21:6b:d6:cf:14:15:c9:29:37:
                    49:31:c8:47:51:7c:3d:38:93:42:f7:c5:58:29:cd:
                    7e:07:34:b1:c3:6b:72:2a:2d:2f:e5:53:b9:7b:1b:
                    66:e2:2d:ff:2b:db:4f:61:73:64:d6:47:9c:2b:a0:
                    d5:ed:01:d0:22:03:3b:a2:c9:29:15:9a:73:98:cd:
                    13:db:94:e8:60:18:9d:87:fe:17:ec:b8:1d:f0:24:
                    91:99:43:db:9f:a3:ba:ee:21:3c:96:8c:da:65:30:
                    d7:46:a7:e1:b6:91:89:f6:48:74:47:2e:b8:5e:23:
                    c3:e6:4a:ae:a0:b2:93:22:78:f9:13:2b:34:ef:bf:
                    2a:b4:cb:55:67:5d:94:7b:9a:ea:c0:60:19:50:16:
                    76:61:10:55:68:91:43:18:fa:5e:0d:13:3e:c1:d3:
                    e5:c7:db:b6:37:72:f4:a9:53:96:e1:ed:a6:2e:f9:
                    a7:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:4E:E2:B6:9E:3E:7A:A9:A4:6F:13:3D:55:DE:15:F2:A0:C1:AB:0C
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4c3a78bf-d9cf-418f-8a3a-8c3e72470c1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc0:840::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:4a:ee:d3:4f:ac:85:50:d6:5b:92:7b:14:61:27:a3:09:49:
         8b:32:7e:69:45:5a:31:97:7b:a6:30:e6:4e:c8:84:db:db:ae:
         70:8c:65:ed:0b:8f:b4:70:c5:62:95:2c:8b:15:f7:c9:df:f2:
         ef:5b:67:3e:2f:da:20:27:b6:40:47:8a:d7:1f:48:b7:0b:8a:
         be:09:d7:c6:39:8a:3a:5a:3a:44:a0:19:2b:75:55:92:1a:63:
         55:24:9c:70:06:d8:64:ba:41:76:ac:93:41:a5:14:c6:b1:c3:
         1b:26:a2:bc:f0:bd:5a:bc:15:b9:e1:6d:c5:f1:09:78:76:a4:
         6c:70:be:49:4c:64:ea:19:82:23:22:93:15:46:ef:f1:9c:f0:
         a1:bb:ef:32:db:36:65:75:36:6d:f4:26:fc:11:23:80:4f:a5:
         dd:59:db:fc:44:5a:4a:1c:65:10:1a:cb:0f:49:21:b2:60:92:
         ae:e9:28:8c:3f:6c:dd:02:94:6b:80:d2:67:bd:1f:18:0c:c9:
         73:f3:dc:d3:b5:c2:95:a3:34:45:ab:79:6e:da:37:79:91:f3:
         6c:8f:52:25:75:6a:4f:c1:7b:b0:00:bf:7e:dc:e6:d7:30:09:
         18:0b:bd:a3:a7:1b:0b:2d:18:50:3a:2d:59:1c:62:2e:78:f2:
         19:3d:a7:8e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUf+RCvzGBU25ar3+e7Jg+MVNg67wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDExMDdaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA0NDljZTdkMjBjZDhkM2IzMDE1OWQzNjM0MDE4ZTcxYTk1ZGMyZGRiOGE2
Yzg5NWI4MjgwZTIzNGI4NDE5NGMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMX28SAC3ik3EhJVn6mSQ8tTfF8OMq3QCZaH7rSq4cf7Ie+N8QmaS0gZ0fGS
rQbP+nGqFpGIXZHpP3o3DsmQ9fzHI2/r4Z5ztjP2RXMYhEATIWvWzxQVySk3STHI
R1F8PTiTQvfFWCnNfgc0scNrciotL+VTuXsbZuIt/yvbT2FzZNZHnCug1e0B0CID
O6LJKRWac5jNE9uU6GAYnYf+F+y4HfAkkZlD25+juu4hPJaM2mUw10an4baRifZI
dEcuuF4jw+ZKrqCykyJ4+RMrNO+/KrTLVWddlHua6sBgGVAWdmEQVWiRQxj6Xg0T
PsHT5cfbtjdy9KlTluHtpi75p4UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSvTuK2
nj56qaRvEz1V3hXyoMGrDDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NGMzYTc4YmYtZDljZi00MThmLThhM2EtOGMzZTcyNDcwYzFjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8AI
QDANBgkqhkiG9w0BAQsFAAOCAQEABkru00+shVDWW5J7FGEnowlJizJ+aUVaMZd7
pjDmTsiE29uucIxl7QuPtHDFYpUsixX3yd/y71tnPi/aICe2QEeK1x9ItwuKvgnX
xjmKOlo6RKAZK3VVkhpjVSSccAbYZLpBdqyTQaUUxrHDGyaivPC9WrwVueFtxfEJ
eHakbHC+SUxk6hmCIyKTFUbv8ZzwobvvMts2ZXU2bfQm/BEjgE+l3Vnb/ERaShxl
EBrLD0khsmCSrukojD9s3QKUa4DSZ70fGAzJc/Pc07XClaM0Rat5bto3eZHzbI9S
JXVqT8F7sAC/ftzm1zAJGAu9o6cbCy0YUDotWRxiLnjyGT2njg==
-----END CERTIFICATE-----