Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/b128bc8d-b462-4700-9503-592938317487.roa
File:                     b128bc8d-b462-4700-9503-592938317487.roa (raw, json)
Hash identifier:          yESiGzyczjutA69ZIf9qVHDr87XxLbUW5CjoX39+6G4=
Subject key identifier:   2C:08:A8:12:8F:D3:DA:43:92:11:4D:CC:7D:6C:E3:36:A1:3F:6C:6D
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       71684BA4AA9681C0BA941916E587D54ED1448EE6
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/b128bc8d-b462-4700-9503-592938317487.roa
Signing time:             Sat 05 Apr 2025 00:10:58 +0000
ROA not before:           Sat 05 Apr 2025 00:10:58 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc0:880::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:68:4b:a4:aa:96:81:c0:ba:94:19:16:e5:87:d5:4e:d1:44:8e:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:10:58 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:66:09:87:7b:aa:62:f4:f7:d9:91:16:22:20:
                    a0:4c:44:26:fe:d9:a5:b6:20:23:93:0f:c2:88:cf:
                    10:81:d9:1f:f6:38:cb:75:c9:46:9d:88:10:1c:d0:
                    08:4d:cc:a6:10:fb:2d:7f:d1:6e:a1:c0:c1:4e:7e:
                    c9:e4:a6:90:e4:96:a1:42:ad:1f:8c:5d:5d:b3:20:
                    e9:02:64:9d:40:2c:88:d9:b7:8d:e8:92:b4:ce:74:
                    59:09:78:0e:83:7b:e7:0c:d7:1b:40:c9:02:30:55:
                    07:7f:57:72:cd:6d:24:20:ab:7f:b4:30:e6:8b:12:
                    b2:c3:05:d1:8e:5b:3e:63:ce:ba:70:de:71:bc:41:
                    54:64:e8:a6:ca:0b:87:55:dd:18:10:61:64:e1:9e:
                    56:8e:de:a0:fd:82:87:2f:49:f0:b0:90:6b:6c:f3:
                    fc:24:37:43:4b:94:ed:b8:3c:6f:f3:b6:3b:e8:c5:
                    12:a8:f2:6c:8c:dd:36:ca:53:6c:d1:b5:15:77:cf:
                    ee:d5:b3:dd:21:39:2d:d8:1a:4b:ca:66:c4:af:6a:
                    03:ba:09:06:96:07:7e:54:4c:9c:3d:7a:29:ad:f9:
                    90:3c:66:26:98:fc:3f:c8:ce:95:09:b9:8f:90:fe:
                    8a:8b:4c:3c:53:f2:02:20:9d:60:0a:1e:b7:4b:e9:
                    cf:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:08:A8:12:8F:D3:DA:43:92:11:4D:CC:7D:6C:E3:36:A1:3F:6C:6D
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/b128bc8d-b462-4700-9503-592938317487.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc0:880::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:f4:a6:f4:8a:cc:a3:da:db:87:2c:0c:cb:20:ba:12:1c:fe:
         b9:87:78:82:a1:4e:4d:4b:d3:4d:7c:90:3a:72:2f:69:03:bd:
         29:db:34:4e:e5:a5:cc:60:44:8e:ed:f7:8c:a2:d8:82:91:72:
         73:6c:74:80:74:be:ad:fe:3a:24:90:71:38:0f:f9:83:d6:d6:
         88:c6:27:26:b1:18:4d:a0:1f:6e:fe:9a:ba:9a:83:02:21:4d:
         c6:e0:97:6a:2b:e6:78:17:39:13:c8:f0:a4:0f:8b:d4:a7:52:
         ca:95:16:f0:53:ec:d8:1a:f8:f7:a7:bd:45:ce:dc:98:6f:3c:
         28:4c:d5:bf:52:10:8a:63:b3:e5:c2:78:ad:6f:01:47:d0:02:
         f8:1a:c1:df:95:7c:77:9f:34:61:cb:51:b8:cc:f1:e7:a3:8d:
         6c:9c:fe:a8:99:0d:53:13:50:0b:5f:6a:e9:db:d5:88:4a:a1:
         e7:6f:a4:14:16:f5:7a:80:d0:1f:67:6d:c7:00:79:99:38:22:
         71:e4:74:45:17:10:96:ba:38:eb:75:26:f9:e9:b1:2a:da:e7:
         1e:b2:cd:d2:7d:a4:6d:6a:a1:01:84:45:34:d2:aa:0c:c7:f1:
         1e:ae:cc:48:6d:f1:53:86:0e:ce:9e:64:45:82:69:b1:3d:08:
         f6:f7:eb:57
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUcWhLpKqWgcC6lBkW5YfVTtFEjuYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDEwNThaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDEzNWY2YWIzYTM5NjgyNmJjYTZmMmMwNTlmZjI5NmUzNzQ5MTk0YzIwNGZk
YWYxNDJmMjFkYTE3YjIzMmRhNmExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKNmCYd7qmL099mRFiIgoExEJv7ZpbYgI5MPwojPEIHZH/Y4y3XJRp2IEBzQ
CE3MphD7LX/RbqHAwU5+yeSmkOSWoUKtH4xdXbMg6QJknUAsiNm3jeiStM50WQl4
DoN75wzXG0DJAjBVB39Xcs1tJCCrf7Qw5osSssMF0Y5bPmPOunDecbxBVGTopsoL
h1XdGBBhZOGeVo7eoP2Chy9J8LCQa2zz/CQ3Q0uU7bg8b/O2O+jFEqjybIzdNspT
bNG1FXfP7tWz3SE5LdgaS8pmxK9qA7oJBpYHflRMnD16Ka35kDxmJpj8P8jOlQm5
j5D+iotMPFPyAiCdYAoet0vpz/MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQsCKgS
j9PaQ5IRTcx9bOM2oT9sbTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YjEyOGJjOGQtYjQ2Mi00NzAwLTk1MDMtNTkyOTM4MzE3NDg3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8AI
gDANBgkqhkiG9w0BAQsFAAOCAQEAYvSm9IrMo9rbhywMyyC6Ehz+uYd4gqFOTUvT
TXyQOnIvaQO9Kds0TuWlzGBEju33jKLYgpFyc2x0gHS+rf46JJBxOA/5g9bWiMYn
JrEYTaAfbv6aupqDAiFNxuCXaivmeBc5E8jwpA+L1KdSypUW8FPs2Br496e9Rc7c
mG88KEzVv1IQimOz5cJ4rW8BR9AC+BrB35V8d580YctRuMzx56ONbJz+qJkNUxNQ
C19q6dvViEqh52+kFBb1eoDQH2dtxwB5mTgiceR0RRcQlro463Um+emxKtrnHrLN
0n2kbWqhAYRFNNKqDMfxHq7MSG3xU4YOzp5kRYJpsT0I9vfrVw==
-----END CERTIFICATE-----