Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/a027acd6-b75f-42ce-9bfb-ac426d92b141.roa
File:                     a027acd6-b75f-42ce-9bfb-ac426d92b141.roa (raw, json)
Hash identifier:          t2eoASZkg+jHZngysuyCXgWfS5JBUcEcLAdubXHcBQ4=
Subject key identifier:   1F:3A:FE:93:10:63:F9:C9:53:CC:E7:12:06:B2:A6:04:B6:A9:D8:98
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       039626432EF7DDFFF5F3049D4F87CDAEB995B886
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/a027acd6-b75f-42ce-9bfb-ac426d92b141.roa
Signing time:             Sat 05 Apr 2025 00:20:08 +0000
ROA not before:           Sat 05 Apr 2025 00:20:08 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc3:4000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:96:26:43:2e:f7:dd:ff:f5:f3:04:9d:4f:87:cd:ae:b9:95:b8:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:20:08 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:14:96:36:dd:bc:1f:b0:d2:b1:e4:9f:02:07:
                    93:3c:a6:e9:6e:b4:60:f3:1f:ca:6e:03:40:6f:96:
                    67:29:7c:e1:43:c9:03:4e:a0:ac:a8:f4:66:8b:9e:
                    da:ed:a0:43:f3:94:41:8d:c5:46:80:ee:af:b8:d7:
                    bc:fe:92:29:a2:f4:d8:46:34:da:c8:db:80:15:8c:
                    d9:48:32:ff:bc:e3:5f:92:3f:6f:43:e1:9d:d8:0a:
                    cc:61:ec:bf:91:90:f7:8d:2d:c8:88:ee:8c:68:63:
                    9a:80:ed:b1:a2:99:c2:e4:e1:80:05:b0:3e:9d:e4:
                    82:61:0c:40:90:53:0e:ad:7e:20:b1:f4:a9:6f:77:
                    02:80:e5:bf:46:ce:d7:00:1e:fa:4b:16:69:2f:4b:
                    d4:a0:95:27:1c:9e:a2:28:0b:d3:4e:42:8f:49:4c:
                    62:e4:73:3c:33:12:96:55:f1:33:fe:e6:ac:30:92:
                    b7:55:57:cd:11:2c:0c:46:02:89:a0:0a:c9:2c:b3:
                    e3:c4:b4:0f:34:56:e4:5b:43:fd:ba:00:7b:b2:ca:
                    98:20:9c:0c:27:61:40:90:91:44:4a:ec:65:30:52:
                    95:54:e6:a1:91:9c:c3:8f:ca:9d:5c:20:bb:57:7b:
                    7f:d5:84:26:3c:53:07:eb:7c:70:c3:4b:a6:38:51:
                    03:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:3A:FE:93:10:63:F9:C9:53:CC:E7:12:06:B2:A6:04:B6:A9:D8:98
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/a027acd6-b75f-42ce-9bfb-ac426d92b141.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc3:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         43:50:99:8b:1c:31:8a:7d:7e:f9:db:e1:f5:74:b1:6f:27:5d:
         d0:f9:be:c9:5e:f0:79:4a:cf:98:20:f3:6e:50:57:fa:da:fd:
         17:04:02:f7:83:c2:4e:7c:7d:ff:d2:8d:f7:cb:90:0f:9a:f5:
         a7:02:90:f2:d2:30:2b:94:0a:34:bc:db:49:87:a1:5f:ea:90:
         9e:48:d5:7e:90:22:78:80:a2:2e:ff:2e:7f:37:72:37:21:44:
         18:8a:c4:df:50:2b:a1:89:78:f0:13:f6:79:08:b0:54:07:6d:
         ec:55:a4:b5:70:3f:89:a7:e1:14:16:df:56:1a:94:14:ed:b0:
         84:5e:1c:fe:0a:2b:4f:d7:89:08:10:ef:9f:00:0b:7e:1d:6e:
         8b:34:e0:a8:49:f0:a6:e2:65:bf:63:0f:6f:79:57:85:9b:76:
         ae:37:f7:5d:42:1e:7d:41:ed:24:12:b6:b4:28:2f:39:c4:7f:
         23:9f:75:de:a3:dd:3d:47:98:48:ad:30:f7:b0:5f:46:51:fd:
         e2:3c:79:07:7a:ab:39:42:0e:3b:de:89:32:39:03:01:44:0d:
         a4:7e:1e:ac:52:af:b6:60:26:04:a2:f7:5a:a0:7c:32:ce:55:
         44:98:a3:f7:fa:b4:79:e1:ff:f1:2b:c4:34:03:59:46:35:c7:
         42:45:77:1e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUA5YmQy733f/18wSdT4fNrrmVuIYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIwMDhaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDNlODEwNDQ2MDJiMjkwZjI1MDBkZjIwNTJkZDJkNTJlOTQ0M2M5NTZhM2Rk
MjI0NGY4OWI5OWRkZjE4ZGNiMmMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKsUljbdvB+w0rHknwIHkzym6W60YPMfym4DQG+WZyl84UPJA06grKj0Zoue
2u2gQ/OUQY3FRoDur7jXvP6SKaL02EY02sjbgBWM2Ugy/7zjX5I/b0PhndgKzGHs
v5GQ940tyIjujGhjmoDtsaKZwuThgAWwPp3kgmEMQJBTDq1+ILH0qW93AoDlv0bO
1wAe+ksWaS9L1KCVJxyeoigL005Cj0lMYuRzPDMSllXxM/7mrDCSt1VXzREsDEYC
iaAKySyz48S0DzRW5FtD/boAe7LKmCCcDCdhQJCRRErsZTBSlVTmoZGcw4/KnVwg
u1d7f9WEJjxTB+t8cMNLpjhRAz0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQfOv6T
EGP5yVPM5xIGsqYEtqnYmDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YTAyN2FjZDYtYjc1Zi00MmNlLTliZmItYWM0MjZkOTJiMTQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8NA
MA0GCSqGSIb3DQEBCwUAA4IBAQBDUJmLHDGKfX752+H1dLFvJ13Q+b7JXvB5Ss+Y
IPNuUFf62v0XBAL3g8JOfH3/0o33y5APmvWnApDy0jArlAo0vNtJh6Ff6pCeSNV+
kCJ4gKIu/y5/N3I3IUQYisTfUCuhiXjwE/Z5CLBUB23sVaS1cD+Jp+EUFt9WGpQU
7bCEXhz+CitP14kIEO+fAAt+HW6LNOCoSfCm4mW/Yw9veVeFm3auN/ddQh59Qe0k
Era0KC85xH8jn3Xeo909R5hIrTD3sF9GUf3iPHkHeqs5Qg473okyOQMBRA2kfh6s
Uq+2YCYEovdaoHwyzlVEmKP3+rR54f/xK8Q0A1lGNcdCRXce
-----END CERTIFICATE-----