Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/a4592271-0371-4e59-91d6-8cede30d6d9a.roa
File:                     a4592271-0371-4e59-91d6-8cede30d6d9a.roa (raw, json)
Hash identifier:          r+eXEZAPB9PddkQ8m5fKNGXOLfFDwtmhi9g5P0ac64I=
Subject key identifier:   FE:B2:7E:84:1D:22:05:62:CC:CB:9B:CB:5E:35:7B:18:8E:13:9B:E0
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       6AF44B9DBF98E96992EF688B5E0A9070DC32A5E8
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/a4592271-0371-4e59-91d6-8cede30d6d9a.roa
Signing time:             Sat 05 Apr 2025 00:11:12 +0000
ROA not before:           Sat 05 Apr 2025 00:11:12 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:b8c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:f4:4b:9d:bf:98:e9:69:92:ef:68:8b:5e:0a:90:70:dc:32:a5:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:11:12 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:08:c1:ca:43:43:de:11:c5:f3:12:03:c6:26:
                    f8:38:08:29:43:57:1f:cd:24:ab:75:55:1d:d4:91:
                    5e:b5:73:d0:62:c5:38:c9:e7:fa:c7:a9:65:41:dd:
                    df:90:6d:86:86:57:d1:8d:bf:b2:e3:5c:e4:61:15:
                    e6:97:53:df:a0:fc:5e:6d:35:48:b3:92:b8:56:25:
                    d1:cb:4b:dc:52:c5:fc:e6:dd:39:50:1e:9a:b8:ae:
                    e0:23:7d:24:84:1a:43:c9:12:5f:05:93:f6:d1:55:
                    d1:dc:66:de:81:dc:89:b9:e0:b9:98:88:43:47:c2:
                    2d:27:cf:51:aa:4c:29:49:81:53:da:e6:9f:ee:32:
                    d3:1e:61:04:9d:77:1d:65:5f:78:c0:3a:5b:3e:13:
                    19:8b:66:d5:75:9c:1b:f8:da:64:22:fd:d5:ad:0d:
                    3c:b0:04:74:d1:85:5f:7b:1e:94:49:1f:18:da:3f:
                    06:93:d6:19:79:d2:2e:1f:a1:7a:8b:c2:c0:c8:e4:
                    c3:58:87:14:1c:83:87:8c:08:3d:e8:68:29:62:4c:
                    03:c7:d9:85:c2:6a:2e:64:cc:44:99:24:c3:b4:5d:
                    c6:03:b2:e8:a6:9d:2c:e5:64:88:d2:fb:dc:b8:94:
                    f5:9e:64:03:e1:79:a2:0f:4d:af:04:4b:c3:49:67:
                    ad:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:B2:7E:84:1D:22:05:62:CC:CB:9B:CB:5E:35:7B:18:8E:13:9B:E0
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/a4592271-0371-4e59-91d6-8cede30d6d9a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:b8c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         43:c3:09:69:63:1f:a5:0d:de:3b:9b:32:4e:4c:f9:2e:e4:14:
         56:89:70:86:0f:55:cf:bc:cb:b1:d4:e7:5a:a7:19:5a:4f:b5:
         f2:11:ba:11:6b:11:1f:b6:72:70:58:57:a9:63:8f:d5:67:bb:
         7c:7c:4f:28:f0:fa:a8:a5:64:8f:1f:cf:1e:65:1e:ca:ce:be:
         00:27:a9:f7:21:97:2e:02:c4:ad:62:6b:3b:b2:c0:39:a9:95:
         80:59:f1:92:ec:f7:79:3d:cd:21:c9:84:4a:9d:1b:75:e0:ae:
         34:f1:3f:73:44:6d:95:62:f8:c4:85:2d:45:e4:b6:8d:6d:e4:
         3e:e5:00:3d:f6:c3:09:49:36:2f:24:e4:82:87:68:31:62:48:
         ca:15:1d:74:da:e5:8d:f7:5b:b1:c6:1e:3b:f4:62:70:c8:99:
         68:12:9f:ce:4f:c5:fc:c3:28:0c:ba:1b:9b:e0:3d:48:20:d0:
         2b:63:3f:e6:57:76:14:98:88:3d:d0:cb:8a:c3:9c:ae:1a:91:
         d8:e7:ea:86:e0:e6:0d:2d:ae:5c:46:5f:13:b7:4d:8d:10:74:
         30:ad:56:13:53:80:d5:de:63:b3:77:20:da:71:f8:bd:e0:ab:
         08:a9:21:0b:e8:7d:84:6b:51:6c:79:4b:bb:4f:20:55:8c:e0:
         3c:58:ed:4a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUavRLnb+Y6WmS72iLXgqQcNwypegwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDExMTJaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDBiMzk0OGViNDBkNGU5OWI0NjYxNDE4ZDZmNTZlZDI1OTVlMGRhMGMyYTdh
YWM3ODExMGQxNWYxZWIxMzc0NTIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANIIwcpDQ94RxfMSA8Ym+DgIKUNXH80kq3VVHdSRXrVz0GLFOMnn+sepZUHd
35BthoZX0Y2/suNc5GEV5pdT36D8Xm01SLOSuFYl0ctL3FLF/ObdOVAemriu4CN9
JIQaQ8kSXwWT9tFV0dxm3oHcibnguZiIQ0fCLSfPUapMKUmBU9rmn+4y0x5hBJ13
HWVfeMA6Wz4TGYtm1XWcG/jaZCL91a0NPLAEdNGFX3selEkfGNo/BpPWGXnSLh+h
eovCwMjkw1iHFByDh4wIPehoKWJMA8fZhcJqLmTMRJkkw7RdxgOy6KadLOVkiNL7
3LiU9Z5kA+F5og9NrwRLw0lnrf8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT+sn6E
HSIFYszLm8teNXsYjhOb4DAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YTQ1OTIyNzEtMDM3MS00ZTU5LTkxZDYtOGNlZGUzMGQ2ZDlhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAiABP8e4
wDANBgkqhkiG9w0BAQsFAAOCAQEAQ8MJaWMfpQ3eO5syTkz5LuQUVolwhg9Vz7zL
sdTnWqcZWk+18hG6EWsRH7ZycFhXqWOP1We7fHxPKPD6qKVkjx/PHmUeys6+ACep
9yGXLgLErWJrO7LAOamVgFnxkuz3eT3NIcmESp0bdeCuNPE/c0RtlWL4xIUtReS2
jW3kPuUAPfbDCUk2LyTkgodoMWJIyhUddNrljfdbscYeO/RicMiZaBKfzk/F/MMo
DLobm+A9SCDQK2M/5ld2FJiIPdDLisOcrhqR2OfqhuDmDS2uXEZfE7dNjRB0MK1W
E1OA1d5js3cg2nH4veCrCKkhC+h9hGtRbHlLu08gVYzgPFjtSg==
-----END CERTIFICATE-----