Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/baededf2-26d8-42f7-b8bc-fbf1dc4fb03d.roa
File:                     baededf2-26d8-42f7-b8bc-fbf1dc4fb03d.roa (raw, json)
Hash identifier:          6uk1pWgxrTzsYLjizcOW+f7x3kPfISV7m7dFsWRglTw=
Subject key identifier:   B5:92:DE:D4:FF:C8:B8:38:93:EC:83:54:82:E1:C3:AA:C2:40:22:E6
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       6411ABFC707568AC71145EE9687D88AB25D6189A
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/baededf2-26d8-42f7-b8bc-fbf1dc4fb03d.roa
Signing time:             Sat 05 Apr 2025 00:21:03 +0000
ROA not before:           Sat 05 Apr 2025 00:21:03 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:6000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:11:ab:fc:70:75:68:ac:71:14:5e:e9:68:7d:88:ab:25:d6:18:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:21:03 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:4d:14:57:80:87:ee:07:b9:04:92:64:c6:b1:
                    c5:46:f4:da:42:27:03:b5:d7:e5:c2:3f:76:c0:25:
                    03:79:4b:cd:c3:cd:08:86:6e:26:ea:88:3f:eb:8d:
                    bf:61:d4:f7:44:de:53:9c:ff:5b:c1:4c:9a:c3:35:
                    db:4c:ca:a7:8a:e5:7f:e6:1c:50:e7:c6:b8:25:78:
                    e9:c0:ec:e8:7a:29:84:14:5f:2e:0a:69:74:12:6d:
                    b1:0e:41:4f:f1:a8:82:d7:cf:83:a6:3a:47:76:c3:
                    f6:dc:70:cc:8c:59:1f:f8:01:22:ac:dc:d0:df:7b:
                    16:4d:b3:7f:10:70:96:8d:33:81:52:1f:cb:5f:1e:
                    0a:1a:44:86:45:a8:83:83:ad:35:b8:11:e8:8f:ba:
                    14:9a:28:32:d2:19:02:59:28:f5:7a:80:b3:a0:8e:
                    ef:d1:e4:fb:39:4a:78:14:67:94:bb:a0:56:7b:60:
                    3b:21:31:90:5c:40:2d:96:bc:a4:c5:ae:d1:55:c0:
                    7e:d7:f4:03:72:b8:b5:9b:26:14:e0:af:9e:bd:df:
                    d5:1e:84:29:8b:1d:01:a1:46:3a:ef:c6:5d:1d:9a:
                    f8:36:01:8b:09:39:d1:c5:ad:b3:74:80:d3:37:0c:
                    60:bd:28:c7:d8:5f:a3:eb:d1:f9:55:2f:04:31:98:
                    e4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:92:DE:D4:FF:C8:B8:38:93:EC:83:54:82:E1:C3:AA:C2:40:22:E6
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/baededf2-26d8-42f7-b8bc-fbf1dc4fb03d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         82:e6:53:85:d0:77:75:4b:5c:4d:bf:be:54:16:07:60:87:43:
         18:bf:f9:44:6d:a6:de:2c:64:a2:a9:6e:4f:9d:eb:d1:fc:b9:
         ea:f9:e9:e5:cf:e3:97:3e:a5:e9:6e:93:fb:65:94:9d:f9:d7:
         8a:b4:e0:23:19:25:5e:d0:1d:84:5e:89:1c:fb:3f:91:64:eb:
         eb:7c:98:72:0e:a9:92:4e:93:25:85:3a:f7:64:fb:ef:0f:f1:
         1a:1c:10:88:d3:13:81:50:2f:a2:fd:f7:5c:f5:24:33:23:b9:
         d9:36:ea:86:25:85:4d:8a:57:21:0a:e7:b8:7e:b0:ff:e6:09:
         c7:bc:69:af:d4:14:0c:64:98:94:ae:e8:4e:13:5d:ee:1e:b2:
         ff:15:8f:60:95:0d:4d:da:70:0b:aa:0d:85:4f:32:4a:15:c6:
         d3:45:61:9d:33:70:37:ee:b5:48:0e:7a:51:7b:ec:b3:de:a8:
         86:36:fc:7a:5c:14:3a:e4:3f:26:1c:ca:2c:94:da:64:bb:af:
         5a:44:7f:26:61:d2:a0:4e:4d:4c:df:50:89:cd:4f:b5:34:40:
         82:0e:73:60:1c:51:60:86:56:25:eb:9c:f3:fa:2e:85:14:a2:
         f1:fe:be:44:1b:9e:93:85:4b:0d:de:59:d4:d4:b9:e2:81:21:
         18:7c:0d:ba
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZBGr/HB1aKxxFF7paH2IqyXWGJowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIxMDNaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDgyZmVlMGE1YmE0Zjg3ZmMwOTQzNGMxYTdiOWM1MDhhYjI4ZGZiYzAxOTgz
ZTYzNWNlYmE1MDA1NDQyOWMzNDIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANpNFFeAh+4HuQSSZMaxxUb02kInA7XX5cI/dsAlA3lLzcPNCIZuJuqIP+uN
v2HU90TeU5z/W8FMmsM120zKp4rlf+YcUOfGuCV46cDs6HophBRfLgppdBJtsQ5B
T/GogtfPg6Y6R3bD9txwzIxZH/gBIqzc0N97Fk2zfxBwlo0zgVIfy18eChpEhkWo
g4OtNbgR6I+6FJooMtIZAlko9XqAs6CO79Hk+zlKeBRnlLugVntgOyExkFxALZa8
pMWu0VXAftf0A3K4tZsmFOCvnr3f1R6EKYsdAaFGOu/GXR2a+DYBiwk50cWts3SA
0zcMYL0ox9hfo+vR+VUvBDGY5IsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS1kt7U
/8i4OJPsg1SC4cOqwkAi5jAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YmFlZGVkZjItMjZkOC00MmY3LWI4YmMtZmJmMWRjNGZiMDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dg
MA0GCSqGSIb3DQEBCwUAA4IBAQCC5lOF0Hd1S1xNv75UFgdgh0MYv/lEbabeLGSi
qW5PnevR/Lnq+enlz+OXPqXpbpP7ZZSd+deKtOAjGSVe0B2EXokc+z+RZOvrfJhy
DqmSTpMlhTr3ZPvvD/EaHBCI0xOBUC+i/fdc9SQzI7nZNuqGJYVNilchCue4frD/
5gnHvGmv1BQMZJiUruhOE13uHrL/FY9glQ1N2nALqg2FTzJKFcbTRWGdM3A37rVI
DnpRe+yz3qiGNvx6XBQ65D8mHMoslNpku69aRH8mYdKgTk1M31CJzU+1NECCDnNg
HFFghlYl65zz+i6FFKLx/r5EG56ThUsN3lnU1LnigSEYfA26
-----END CERTIFICATE-----