Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9195a704-de86-4692-95c9-30d458a106d5.roa
File:                     9195a704-de86-4692-95c9-30d458a106d5.roa (raw, json)
Hash identifier:          8YRhCeJwteJctlZFfj4HQ/HsLzu7Z3srWf4ihzgzi78=
Subject key identifier:   60:59:63:E2:16:3D:A6:5B:D4:EF:6E:76:57:FE:CE:F6:7C:6E:6C:92
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       5F199D4348FA30BE7C20B87B3F047137F6913FFE
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9195a704-de86-4692-95c9-30d458a106d5.roa
Signing time:             Sat 05 Apr 2025 00:21:19 +0000
ROA not before:           Sat 05 Apr 2025 00:21:19 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc1:8000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:19:9d:43:48:fa:30:be:7c:20:b8:7b:3f:04:71:37:f6:91:3f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:21:19 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5b:e0:a3:0f:f2:ed:a5:fd:dd:76:d8:58:5c:
                    93:40:b7:44:53:34:09:bd:01:eb:1d:02:1d:22:cd:
                    83:49:6b:84:5a:a8:17:20:0a:fd:28:69:b1:3f:d5:
                    cd:c3:13:b1:43:90:e3:2e:be:66:85:68:bf:08:21:
                    de:66:7c:1b:fa:e3:f2:98:a9:63:12:dd:7a:df:e5:
                    c3:e4:fb:85:52:0e:fe:10:8e:f1:f1:5c:48:52:99:
                    1d:9e:f9:66:84:28:53:38:a7:17:71:29:d7:8f:5a:
                    a7:5a:64:19:d0:6f:e0:57:74:5b:d0:18:ee:9d:7d:
                    f6:cd:0a:ed:ea:5c:62:8f:a1:fc:57:99:ad:22:7d:
                    57:5c:50:58:b3:01:e9:91:e8:0a:de:07:01:00:20:
                    8d:90:76:5b:27:e6:1b:94:6d:6e:08:10:aa:f9:32:
                    e7:9d:5d:e8:2e:c5:b2:14:e9:31:8f:7d:0b:30:bf:
                    51:77:d1:a9:7f:24:55:56:f2:3c:fa:ed:a1:b7:c3:
                    16:36:c5:bf:29:8e:88:2a:a8:36:9a:2e:0f:a2:52:
                    c1:20:0f:90:aa:9f:2c:98:85:0c:ac:af:b0:d6:e5:
                    3d:bc:61:09:24:24:e6:ff:e0:35:d7:98:6a:be:ea:
                    f9:f2:94:00:5c:c0:a8:36:73:17:26:ee:c1:42:b4:
                    f0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:59:63:E2:16:3D:A6:5B:D4:EF:6E:76:57:FE:CE:F6:7C:6E:6C:92
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9195a704-de86-4692-95c9-30d458a106d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc1:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         33:7e:da:ff:93:35:24:2d:87:6a:7a:74:29:d7:ae:28:1f:fd:
         a0:7a:2d:6a:a5:02:49:80:f7:8e:e0:87:13:8f:ae:c2:11:06:
         ee:4b:2f:fc:60:a3:b8:f4:3c:fa:80:78:35:d5:d8:4b:26:73:
         d9:54:88:21:22:5b:bd:72:55:9f:b6:66:7a:78:71:7e:2d:6e:
         b1:1b:1b:75:8d:2f:3e:dc:1d:2e:66:64:5c:27:4f:f0:9e:8d:
         f8:9c:e5:b6:de:76:5a:a2:8f:8d:79:bc:77:da:c8:5c:49:6f:
         5e:87:60:ac:d9:00:a3:1e:f3:4e:11:2d:d8:81:ea:3a:db:ac:
         21:ea:ff:06:54:2d:42:f0:c6:38:d9:2e:91:62:80:45:f6:67:
         e5:30:6c:d8:36:50:06:bf:39:a8:c0:98:3c:5b:50:5b:93:01:
         ca:64:d7:5d:71:e6:ed:15:51:3d:c0:d3:1d:a7:b1:49:eb:88:
         56:16:c6:49:77:af:81:97:eb:69:56:5e:ed:8c:00:7c:88:d7:
         23:e3:c9:5e:a6:42:90:23:ca:c8:c7:4f:ac:ac:4b:85:3f:55:
         df:f8:96:88:5d:d2:54:5f:b5:4a:81:ce:6d:67:0a:14:6a:13:
         ab:f2:d5:03:c1:b3:04:6d:ca:62:b3:d5:89:0e:1c:16:e1:a1:
         33:8b:5b:aa
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXxmdQ0j6ML58ILh7PwRxN/aRP/4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIxMTlaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDFkZWNiMjE3YTJmY2Q0ZjIzYjQwMjRiMDkwYTVkMTcxOTZmNmIyYTM2MDUz
YzhjMTZiZTM4Y2MyMTI1NWY3MzExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJpb4KMP8u2l/d122Fhck0C3RFM0Cb0B6x0CHSLNg0lrhFqoFyAK/ShpsT/V
zcMTsUOQ4y6+ZoVovwgh3mZ8G/rj8pipYxLdet/lw+T7hVIO/hCO8fFcSFKZHZ75
ZoQoUzinF3Ep149ap1pkGdBv4Fd0W9AY7p199s0K7epcYo+h/FeZrSJ9V1xQWLMB
6ZHoCt4HAQAgjZB2WyfmG5RtbggQqvky551d6C7FshTpMY99CzC/UXfRqX8kVVby
PPrtobfDFjbFvymOiCqoNpouD6JSwSAPkKqfLJiFDKyvsNblPbxhCSQk5v/gNdeY
ar7q+fKUAFzAqDZzFybuwUK08IUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRgWWPi
Fj2mW9TvbnZX/s72fG5skjAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
OTE5NWE3MDQtZGU4Ni00NjkyLTk1YzktMzBkNDU4YTEwNmQ1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8GA
MA0GCSqGSIb3DQEBCwUAA4IBAQAzftr/kzUkLYdqenQp164oH/2gei1qpQJJgPeO
4IcTj67CEQbuSy/8YKO49Dz6gHg11dhLJnPZVIghIlu9clWftmZ6eHF+LW6xGxt1
jS8+3B0uZmRcJ0/wno34nOW23nZaoo+Nebx32shcSW9eh2Cs2QCjHvNOES3Ygeo6
26wh6v8GVC1C8MY42S6RYoBF9mflMGzYNlAGvzmowJg8W1BbkwHKZNddcebtFVE9
wNMdp7FJ64hWFsZJd6+Bl+tpVl7tjAB8iNcj48lepkKQI8rIx0+srEuFP1Xf+JaI
XdJUX7VKgc5tZwoUahOr8tUDwbMEbcpis9WJDhwW4aEzi1uq
-----END CERTIFICATE-----