Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50f59e85-50ab-4b5a-9119-096ba93f86f2.roa
File:                     50f59e85-50ab-4b5a-9119-096ba93f86f2.roa (raw, json)
Hash identifier:          4omWeBUyaVg3I2XByO6R3fOs+2Tp326tRc/9+uUJ2uE=
Subject key identifier:   E5:40:55:24:B0:EA:79:D4:9B:7A:8F:20:54:A7:C2:2A:0F:DF:AA:7F
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       693682915DC5E3BFBD01ECEC9B06B4574FAC02D2
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50f59e85-50ab-4b5a-9119-096ba93f86f2.roa
Signing time:             Sat 05 Apr 2025 00:20:14 +0000
ROA not before:           Sat 05 Apr 2025 00:20:14 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc3:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:36:82:91:5d:c5:e3:bf:bd:01:ec:ec:9b:06:b4:57:4f:ac:02:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:20:14 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:75:1f:f6:e9:96:a5:67:7a:eb:e7:1f:31:fc:
                    09:9c:02:98:a8:f7:b3:47:c1:b8:7e:17:7f:f9:c6:
                    34:b8:18:7a:55:02:98:e7:a4:80:23:bf:f3:cd:eb:
                    f5:44:65:86:15:8f:fb:37:ce:ac:c9:88:f9:02:3b:
                    cc:56:35:b0:d0:f7:4c:c7:28:d5:28:2d:2b:d0:f7:
                    cc:29:05:69:bd:8a:c8:54:b7:90:7f:bb:7a:55:9f:
                    58:ae:3c:bb:78:ae:83:0f:57:40:20:f3:5b:07:4a:
                    4a:9e:e6:f8:a4:00:31:1a:91:44:af:0b:a2:19:4b:
                    42:57:ce:b8:7a:8f:ae:17:57:48:61:51:b0:55:14:
                    28:e1:41:8b:87:30:33:b9:7f:fc:83:89:10:14:47:
                    0a:50:72:1a:e4:ee:90:0f:f4:31:56:f0:e9:ca:14:
                    84:cf:0a:0c:2a:43:35:7d:96:64:af:90:cc:71:45:
                    24:39:c9:5a:8f:6d:5f:d5:d8:5c:93:b4:59:d1:d7:
                    18:d6:de:ab:98:df:68:1a:f4:9e:bf:10:f1:48:c7:
                    59:f4:99:f5:b6:af:bb:78:a9:f2:26:b1:99:e6:c3:
                    c6:cc:9b:f2:a3:7f:eb:77:7d:c2:c3:99:7e:00:aa:
                    b7:6d:0f:c1:b4:1a:2d:fb:c3:45:05:2e:29:6b:6b:
                    08:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:40:55:24:B0:EA:79:D4:9B:7A:8F:20:54:A7:C2:2A:0F:DF:AA:7F
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/50f59e85-50ab-4b5a-9119-096ba93f86f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc3:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         2a:0e:4a:78:c1:4f:52:20:8a:6f:79:e1:35:43:69:6a:f1:f5:
         af:3e:56:cf:ab:fb:a2:6b:65:d4:07:04:4a:4a:61:cc:ac:3b:
         d5:3e:41:63:56:da:09:74:a2:d3:fb:8c:70:8c:d2:4f:06:d7:
         e5:33:3b:89:d6:75:bf:de:77:f4:8d:e6:10:ed:85:c0:96:65:
         c8:63:27:bb:77:7a:26:b0:c9:bc:2a:a0:84:89:ef:89:87:b1:
         2a:63:2c:74:b0:1f:55:3e:ae:04:cd:7e:70:c0:b0:f4:eb:ab:
         11:71:98:4f:3a:d8:98:73:5c:f3:35:b5:4d:72:27:0a:dd:29:
         45:93:84:e8:a7:32:d6:95:8e:a9:18:ba:c3:6c:38:0c:7c:0f:
         1b:a0:18:26:5f:06:f6:64:5a:22:a7:eb:16:df:66:86:b6:e2:
         ce:ec:17:b6:2a:3d:b7:b1:80:9c:20:0e:c5:aa:63:74:9c:7b:
         c4:ca:5c:71:f9:48:33:89:b8:41:c5:3a:c6:42:80:0c:8d:8e:
         13:16:62:b9:ce:f7:72:1f:24:85:19:77:4a:7a:31:53:e7:ca:
         07:b1:68:88:f0:e1:8e:60:d4:c3:ec:38:60:a4:6c:05:51:35:
         81:01:c1:49:e5:c0:1d:33:24:80:31:94:1b:59:af:e2:59:b9:
         91:aa:aa:87
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUaTaCkV3F47+9Aezsmwa0V0+sAtIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIwMTRaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGEzODAxYzRiMTQwNWM0MWY3MGY5ZjFhNzNlY2M3YWUzMTcxZjI2NjczMjMx
MzExOTBlNTg5ZWE5MzViMjJlOWYxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANB1H/bplqVneuvnHzH8CZwCmKj3s0fBuH4Xf/nGNLgYelUCmOekgCO/883r
9URlhhWP+zfOrMmI+QI7zFY1sND3TMco1SgtK9D3zCkFab2KyFS3kH+7elWfWK48
u3iugw9XQCDzWwdKSp7m+KQAMRqRRK8LohlLQlfOuHqPrhdXSGFRsFUUKOFBi4cw
M7l//IOJEBRHClByGuTukA/0MVbw6coUhM8KDCpDNX2WZK+QzHFFJDnJWo9tX9XY
XJO0WdHXGNbeq5jfaBr0nr8Q8UjHWfSZ9bavu3ip8iaxmebDxsyb8qN/63d9wsOZ
fgCqt20PwbQaLfvDRQUuKWtrCPUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTlQFUk
sOp51Jt6jyBUp8IqD9+qfzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NTBmNTllODUtNTBhYi00YjVhLTkxMTktMDk2YmE5M2Y4NmYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8MQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAqDkp4wU9SIIpveeE1Q2lq8fWvPlbPq/uia2XU
BwRKSmHMrDvVPkFjVtoJdKLT+4xwjNJPBtflMzuJ1nW/3nf0jeYQ7YXAlmXIYye7
d3omsMm8KqCEie+Jh7EqYyx0sB9VPq4EzX5wwLD066sRcZhPOtiYc1zzNbVNcicK
3SlFk4TopzLWlY6pGLrDbDgMfA8boBgmXwb2ZFoip+sW32aGtuLO7Be2Kj23sYCc
IA7FqmN0nHvEylxx+UgzibhBxTrGQoAMjY4TFmK5zvdyHySFGXdKejFT58oHsWiI
8OGOYNTD7DhgpGwFUTWBAcFJ5cAdMySAMZQbWa/iWbmRqqqH
-----END CERTIFICATE-----