Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50b0c8f5-9b03-4d00-b7bc-30a253b83be3.roa
File:                     50b0c8f5-9b03-4d00-b7bc-30a253b83be3.roa (raw, json)
Hash identifier:          IZ9Vk0JcHs2COWjQpBQA3fX0qj4b6pk3pf6XSSfYwc0=
Subject key identifier:   11:F2:92:18:97:BF:FE:85:00:E3:7A:90:33:51:A8:B8:35:72:F5:31
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       536463666BD2709253BF7D3EFC2D2B1AE3719E5C
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50b0c8f5-9b03-4d00-b7bc-30a253b83be3.roa
Signing time:             Sat 05 Apr 2025 00:20:40 +0000
ROA not before:           Sat 05 Apr 2025 00:20:40 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:c000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:64:63:66:6b:d2:70:92:53:bf:7d:3e:fc:2d:2b:1a:e3:71:9e:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:20:40 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:88:a0:a6:76:9a:c7:ae:7e:30:24:e1:f3:6b:
                    f8:1d:2e:73:6d:58:1c:df:c9:7c:33:81:a6:8c:f9:
                    e1:1a:c1:e1:0e:f2:30:9d:ce:ca:57:4d:7f:c1:c5:
                    88:d1:e6:15:68:3e:a9:30:88:9d:20:c6:8d:b6:f2:
                    ab:df:69:3c:85:e7:85:12:db:d1:ae:4f:d3:e3:20:
                    87:c6:f2:00:a9:8e:98:88:61:dd:ae:c6:0f:45:51:
                    7b:aa:ed:6e:07:a4:43:04:c3:62:9e:38:a0:39:8b:
                    0a:03:2a:00:4f:1b:d5:77:46:77:60:a4:eb:79:c4:
                    0f:75:ea:8c:68:e4:b4:67:f0:b3:fc:d9:80:dc:06:
                    e2:0b:b2:a9:95:d7:0a:bf:ef:bc:b1:01:f6:d4:20:
                    29:7f:6f:5a:51:e2:a8:a7:3e:f0:0d:3c:92:ad:52:
                    4b:65:20:49:82:0d:7c:65:79:9b:7f:b4:e2:7c:6a:
                    66:cf:7a:41:5c:31:7d:4d:e9:ad:17:30:06:da:50:
                    4f:1a:bd:96:15:b4:8f:1e:40:02:6e:c4:ea:60:99:
                    b7:fc:45:31:9c:19:1d:30:65:4a:16:81:10:ae:99:
                    7d:49:03:3b:12:ef:86:fa:83:24:13:0c:46:a2:48:
                    55:bf:af:ac:8e:85:3a:ea:a1:cf:34:b9:96:31:cc:
                    fd:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F2:92:18:97:BF:FE:85:00:E3:7A:90:33:51:A8:B8:35:72:F5:31
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50b0c8f5-9b03-4d00-b7bc-30a253b83be3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:c000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1e:69:56:77:65:0c:89:8f:54:18:7f:9e:e8:bd:93:d7:02:26:
         b4:11:1e:8d:85:b7:65:4b:1a:7a:57:1c:de:cb:28:e1:dd:4c:
         c8:50:36:2d:b0:fa:f5:96:b3:f9:b9:98:73:85:da:78:a9:01:
         fe:0c:45:fa:83:47:f6:ee:a3:26:b8:51:64:3f:22:a2:23:54:
         9d:77:6e:38:4c:c7:b2:97:33:fc:47:c3:4f:07:a5:6f:66:85:
         aa:32:2e:77:27:73:a6:56:c6:90:46:1a:e5:99:2d:f0:41:95:
         ea:70:83:02:96:56:49:b0:34:4e:d7:da:db:00:94:97:77:6c:
         95:c1:c8:f4:18:d5:fd:76:45:69:51:da:31:16:4b:3b:3a:b4:
         30:86:95:c2:f8:ae:67:7a:1e:d0:dd:83:e1:43:22:d4:0a:46:
         26:98:ef:af:df:85:45:68:4a:c9:cc:16:f2:b9:78:b5:05:42:
         0f:d2:0a:6c:01:0d:2b:8f:7f:34:f5:1f:94:4b:8e:57:f4:f1:
         29:f8:38:2f:fe:66:74:07:62:38:74:a6:61:a5:c8:b8:ec:aa:
         a1:a2:6f:c8:ac:5f:cd:f7:59:64:54:19:e7:3c:6f:80:73:3e:
         e9:77:ef:fc:c5:f2:26:fe:47:54:34:e3:47:3d:56:63:a9:f5:
         f6:b8:89:a9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUU2RjZmvScJJTv30+/C0rGuNxnlwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIwNDBaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiZGE0YmNjYWJmNWViNTVkNjhlMjViMTQyZTA0YWU2NmUyYjI2MWY5NmQ0
MWYzODQwYzdiNGJjMmZkMjhkNWYxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKCIoKZ2mseufjAk4fNr+B0uc21YHN/JfDOBpoz54RrB4Q7yMJ3OyldNf8HF
iNHmFWg+qTCInSDGjbbyq99pPIXnhRLb0a5P0+Mgh8byAKmOmIhh3a7GD0VRe6rt
bgekQwTDYp44oDmLCgMqAE8b1XdGd2Ck63nED3XqjGjktGfws/zZgNwG4guyqZXX
Cr/vvLEB9tQgKX9vWlHiqKc+8A08kq1SS2UgSYINfGV5m3+04nxqZs96QVwxfU3p
rRcwBtpQTxq9lhW0jx5AAm7E6mCZt/xFMZwZHTBlShaBEK6ZfUkDOxLvhvqDJBMM
RqJIVb+vrI6FOuqhzzS5ljHM/UcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQR8pIY
l7/+hQDjepAzUai4NXL1MTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NTBiMGM4ZjUtOWIwMy00ZDAwLWI3YmMtMzBhMjUzYjgzYmUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fA
MA0GCSqGSIb3DQEBCwUAA4IBAQAeaVZ3ZQyJj1QYf57ovZPXAia0ER6NhbdlSxp6
Vxzeyyjh3UzIUDYtsPr1lrP5uZhzhdp4qQH+DEX6g0f27qMmuFFkPyKiI1Sdd244
TMeylzP8R8NPB6VvZoWqMi53J3OmVsaQRhrlmS3wQZXqcIMCllZJsDRO19rbAJSX
d2yVwcj0GNX9dkVpUdoxFks7OrQwhpXC+K5neh7Q3YPhQyLUCkYmmO+v34VFaErJ
zBbyuXi1BUIP0gpsAQ0rj3809R+US45X9PEp+Dgv/mZ0B2I4dKZhpci47Kqhom/I
rF/N91lkVBnnPG+Acz7pd+/8xfIm/kdUNONHPVZjqfX2uImp
-----END CERTIFICATE-----