Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/89c562b8-1ff3-47cb-a104-ad1da28b42d7.roa
File:                     89c562b8-1ff3-47cb-a104-ad1da28b42d7.roa (raw, json)
Hash identifier:          aB7TsqqrnYehby7FcUcyhGdqTcE+4dkRs/OeGnRttFA=
Subject key identifier:   67:34:16:2D:CE:D5:FB:EF:AA:C6:49:A7:66:A8:42:DC:DB:B2:47:15
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       3422A126E2CE155395184F326A43F59457CDD100
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/89c562b8-1ff3-47cb-a104-ad1da28b42d7.roa
Signing time:             Sat 05 Apr 2025 00:11:16 +0000
ROA not before:           Sat 05 Apr 2025 00:11:16 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:7880::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:22:a1:26:e2:ce:15:53:95:18:4f:32:6a:43:f5:94:57:cd:d1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:11:16 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:26:ff:dc:04:5b:34:ab:93:fd:15:c8:70:91:
                    94:1b:fe:72:04:75:04:4e:c4:84:bf:2a:65:10:2c:
                    a3:40:17:ea:1a:16:cd:02:38:74:5e:00:e2:93:77:
                    40:e3:a9:5d:2f:fc:3b:4c:37:6e:69:ec:45:3b:92:
                    18:1e:50:5e:20:25:8c:43:08:97:0c:05:d2:0d:a3:
                    71:b5:4f:cd:85:3d:11:3f:73:3c:08:39:a7:5e:b1:
                    5c:8e:52:88:97:d9:15:00:85:1b:1e:64:71:43:2f:
                    e7:c9:d5:9b:da:50:e0:19:6a:ec:53:26:97:fa:14:
                    8c:f2:b7:2e:84:9c:c8:d8:5c:4b:04:44:0d:09:c3:
                    e3:40:83:cb:5f:7c:2e:b7:32:df:8a:6c:fd:27:bb:
                    ca:1e:8a:43:ce:24:01:43:99:12:0c:9a:45:49:1e:
                    7b:0a:8e:59:06:2c:9e:3e:90:87:4b:4f:18:a7:8c:
                    55:ab:6e:85:fe:bd:31:ce:15:58:07:56:35:7d:6d:
                    97:23:d6:43:25:1d:18:e4:0d:c0:5b:4f:c7:a4:b9:
                    d7:1c:1f:64:29:3f:75:17:bf:bf:ba:6a:c8:9c:d9:
                    f9:23:7f:0e:1a:fb:69:ba:c5:91:b7:bc:b3:ef:4e:
                    66:37:a3:99:ab:81:65:9d:75:78:b0:b9:5f:65:80:
                    fd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:34:16:2D:CE:D5:FB:EF:AA:C6:49:A7:66:A8:42:DC:DB:B2:47:15
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/89c562b8-1ff3-47cb-a104-ad1da28b42d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:7880::/46

    Signature Algorithm: sha256WithRSAEncryption
         42:7e:6d:36:4d:ff:26:95:07:71:68:0e:35:a9:36:b4:36:95:
         16:f0:73:6f:72:27:e4:52:d0:e5:3b:b4:d4:f4:de:c5:55:62:
         84:5d:57:cb:6f:7b:8c:b9:3c:dc:f9:42:09:b6:d7:cf:b4:76:
         2b:86:c9:e4:98:8a:e0:c5:67:59:63:b3:b5:7e:59:ce:e7:05:
         06:cb:5c:62:c0:3c:f9:ce:03:0e:1d:0d:e3:97:95:67:d7:12:
         18:a1:7f:6e:83:e8:47:53:af:3b:1f:cc:8c:80:44:dc:ef:59:
         36:d2:64:2a:4c:1b:b6:14:d8:78:d5:20:eb:bb:ad:1e:35:6d:
         c4:8f:04:fa:f8:3e:cc:2b:aa:82:37:17:1b:a5:22:b0:b2:10:
         5c:e7:fc:2e:0e:8d:b5:0b:93:b0:c0:d4:62:34:f7:9f:cb:1f:
         5f:78:93:0b:94:b4:0c:7a:59:16:e9:fb:de:63:51:ef:b6:44:
         7c:73:b5:b9:c4:9e:f7:0c:df:23:e8:37:09:36:c7:8e:fe:f9:
         3a:50:8e:e7:e1:96:b3:29:0d:0b:bc:6c:13:98:e1:1f:9d:bd:
         3f:e9:ec:b5:d7:97:db:f5:da:eb:e3:e1:7e:f4:25:cb:a4:e6:
         92:16:95:fa:79:ae:da:67:3e:d4:ae:61:fc:57:ac:f2:55:0d:
         bd:1f:21:8b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNCKhJuLOFVOVGE8yakP1lFfN0QAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDExMTZaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGVjOWI4MzhlNDBiMzc2NzU5NzllM2RmZmIxMjVhZjI1OGU1MmU3NjlhYzMz
YTEwN2QzZGI2NzZkMjBjNDJmNTcxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkm/9wEWzSrk/0VyHCRlBv+cgR1BE7EhL8qZRAso0AX6hoWzQI4dF4A4pN3
QOOpXS/8O0w3bmnsRTuSGB5QXiAljEMIlwwF0g2jcbVPzYU9ET9zPAg5p16xXI5S
iJfZFQCFGx5kcUMv58nVm9pQ4Blq7FMml/oUjPK3LoScyNhcSwREDQnD40CDy198
Lrcy34ps/Se7yh6KQ84kAUOZEgyaRUkeewqOWQYsnj6Qh0tPGKeMVatuhf69Mc4V
WAdWNX1tlyPWQyUdGOQNwFtPx6S51xwfZCk/dRe/v7pqyJzZ+SN/Dhr7abrFkbe8
s+9OZjejmauBZZ11eLC5X2WA/SkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRnNBYt
ztX776rGSadmqELc27JHFTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ODljNTYyYjgtMWZmMy00N2NiLWExMDQtYWQxZGEyOGI0MmQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAiABP8d4
gDANBgkqhkiG9w0BAQsFAAOCAQEAQn5tNk3/JpUHcWgONak2tDaVFvBzb3In5FLQ
5Tu01PTexVVihF1Xy297jLk83PlCCbbXz7R2K4bJ5JiK4MVnWWOztX5ZzucFBstc
YsA8+c4DDh0N45eVZ9cSGKF/boPoR1OvOx/MjIBE3O9ZNtJkKkwbthTYeNUg67ut
HjVtxI8E+vg+zCuqgjcXG6UisLIQXOf8Lg6NtQuTsMDUYjT3n8sfX3iTC5S0DHpZ
Fun73mNR77ZEfHO1ucSe9wzfI+g3CTbHjv75OlCO5+GWsykNC7xsE5jhH529P+ns
tdeX2/Xa6+PhfvQly6TmkhaV+nmu2mc+1K5h/Fes8lUNvR8hiw==
-----END CERTIFICATE-----