Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/c956296d-d626-42b2-a9ef-bb988f4c3cc9.roa
File:                     c956296d-d626-42b2-a9ef-bb988f4c3cc9.roa (raw, json)
Hash identifier:          CWjt7OQGt6h8Vr70djzPL5WHhTdaDU5oboSAWxPm+Xo=
Subject key identifier:   A6:E5:C8:5E:73:55:75:BF:09:B6:8B:4A:C9:E5:B9:80:87:96:3C:D0
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       6AF8DE67CA04F40DCC942A47035682DF778B1A26
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/c956296d-d626-42b2-a9ef-bb988f4c3cc9.roa
Signing time:             Sat 05 Apr 2025 00:10:41 +0000
ROA not before:           Sat 05 Apr 2025 00:10:41 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc3:58c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:f8:de:67:ca:04:f4:0d:cc:94:2a:47:03:56:82:df:77:8b:1a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:10:41 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f6:a8:06:a4:b5:8d:54:91:46:aa:30:bf:41:
                    52:83:4d:93:ae:ab:da:a9:05:df:95:9e:e2:6f:b4:
                    69:ac:6b:7f:df:20:35:61:d3:a8:c0:b4:70:a4:b4:
                    12:1d:a3:17:23:17:9c:51:53:77:7e:7b:da:db:6d:
                    92:7e:b9:22:dc:a3:73:26:e7:22:87:06:1d:39:eb:
                    f5:5d:32:c0:72:f3:31:81:c2:2b:cf:fa:12:9f:72:
                    4a:a8:84:57:8f:43:b0:f0:d5:79:b5:37:e1:70:6f:
                    41:f8:57:ca:b5:4f:42:9e:5f:34:85:3f:4e:c2:51:
                    c4:8f:cb:73:f9:9e:10:fa:5b:e8:96:a3:7e:84:bc:
                    bd:45:80:fe:ca:3b:05:7c:5d:97:3e:e3:85:1a:f4:
                    ba:8f:eb:74:b3:13:15:fa:9d:a2:f3:58:1b:eb:41:
                    9c:7c:40:cb:86:4d:44:60:14:bb:c0:86:52:5d:75:
                    d6:2d:7f:1b:26:47:0a:2a:3a:7d:e3:6b:49:92:a2:
                    0a:8d:60:4a:3e:69:45:71:f3:ff:0b:e7:c9:08:64:
                    d3:5f:d8:cf:0d:36:af:29:4b:7b:8b:41:6e:73:e6:
                    a6:1a:a6:a6:49:85:18:8a:65:6c:5b:3a:d0:93:96:
                    83:aa:1a:a5:98:bd:78:1b:b5:3a:f6:cc:47:31:1a:
                    8d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:E5:C8:5E:73:55:75:BF:09:B6:8B:4A:C9:E5:B9:80:87:96:3C:D0
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/c956296d-d626-42b2-a9ef-bb988f4c3cc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc3:58c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         65:32:50:1f:85:b6:92:41:4c:81:28:cb:d4:28:32:1a:32:96:
         6e:3c:b3:11:56:75:0e:be:6e:1a:d0:0a:fb:b1:4d:6e:af:80:
         1f:26:13:7c:23:86:13:49:08:7e:f8:52:cd:35:24:84:b2:39:
         c1:32:3d:b8:a2:15:0b:6b:8d:e7:25:64:b2:2c:25:37:dd:f7:
         1a:cd:a6:86:7d:9b:f5:d3:be:d8:a3:1c:96:b4:31:30:2f:b7:
         b4:a4:00:1e:cb:41:b6:93:e8:e6:d2:e6:c3:28:8e:72:78:26:
         02:67:39:47:df:a8:56:2b:b2:89:d1:12:98:21:a9:79:4d:41:
         e1:7a:d5:6b:db:9e:e2:75:b1:5f:e4:85:4d:af:46:cb:9d:78:
         db:0b:83:36:97:ae:59:d3:4e:b5:e5:0e:87:62:6b:d7:89:d5:
         1a:0f:5d:b0:fd:b4:a0:94:5f:d7:08:98:24:c1:f5:0b:41:2f:
         f0:19:b1:d7:1f:d9:4b:71:f7:c0:4f:fd:dd:43:55:25:c1:77:
         4c:99:e0:08:56:31:12:b3:b9:96:e0:75:bc:91:30:a5:6e:d4:
         a5:b7:04:eb:bb:c2:0c:e0:79:d9:e8:38:b6:40:1c:f1:5a:fd:
         25:01:dc:11:37:fc:d0:bc:ab:76:c7:a9:dc:40:03:81:ba:70:
         8d:83:69:fd
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUavjeZ8oE9A3MlCpHA1aC33eLGiYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDEwNDFaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDlkNmUyYzEwOGU5ODNmZTRhZmUyMmNhMDhmMWNmODA1MTcwNTRiNWNmOTdk
MTI0NzRlOTE2OTZhYmZiMDk0N2ExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI/2qAaktY1UkUaqML9BUoNNk66r2qkF35We4m+0aaxrf98gNWHTqMC0cKS0
Eh2jFyMXnFFTd3572tttkn65ItyjcybnIocGHTnr9V0ywHLzMYHCK8/6Ep9ySqiE
V49DsPDVebU34XBvQfhXyrVPQp5fNIU/TsJRxI/Lc/meEPpb6JajfoS8vUWA/so7
BXxdlz7jhRr0uo/rdLMTFfqdovNYG+tBnHxAy4ZNRGAUu8CGUl111i1/GyZHCio6
feNrSZKiCo1gSj5pRXHz/wvnyQhk01/Yzw02rylLe4tBbnPmphqmpkmFGIplbFs6
0JOWg6oapZi9eBu1OvbMRzEajfUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSm5che
c1V1vwm2i0rJ5bmAh5Y80DAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
Yzk1NjI5NmQtZDYyNi00MmIyLWE5ZWYtYmI5ODhmNGMzY2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAiABP8NY
wDANBgkqhkiG9w0BAQsFAAOCAQEAZTJQH4W2kkFMgSjL1CgyGjKWbjyzEVZ1Dr5u
GtAK+7FNbq+AHyYTfCOGE0kIfvhSzTUkhLI5wTI9uKIVC2uN5yVksiwlN933Gs2m
hn2b9dO+2KMclrQxMC+3tKQAHstBtpPo5tLmwyiOcngmAmc5R9+oViuyidESmCGp
eU1B4XrVa9ue4nWxX+SFTa9Gy5142wuDNpeuWdNOteUOh2Jr14nVGg9dsP20oJRf
1wiYJMH1C0Ev8Bmx1x/ZS3H3wE/93UNVJcF3TJngCFYxErO5luB1vJEwpW7UpbcE
67vCDOB52eg4tkAc8Vr9JQHcETf80Lyrdsep3EADgbpwjYNp/Q==
-----END CERTIFICATE-----