Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ccefeaa3-50fd-4fb5-a0d6-682ea894c5e1.roa
File:                     ccefeaa3-50fd-4fb5-a0d6-682ea894c5e1.roa (raw, json)
Hash identifier:          L0vXrCwLVTDFyYr/aioW2hEaevc/ejbRXq5LivzJU4Q=
Subject key identifier:   3D:70:F0:6A:84:FA:8C:5A:9E:F8:0C:E9:70:78:16:72:DC:62:FC:77
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       1A90567EEDCCB8292873922C4C9684E69E1A0285
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ccefeaa3-50fd-4fb5-a0d6-682ea894c5e1.roa
Signing time:             Sat 05 Apr 2025 00:10:42 +0000
ROA not before:           Sat 05 Apr 2025 00:10:42 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:5800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:90:56:7e:ed:cc:b8:29:28:73:92:2c:4c:96:84:e6:9e:1a:02:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:10:42 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3c:2d:5a:91:e6:72:f1:28:60:a4:43:3d:6c:
                    72:93:65:54:8e:28:e7:74:92:b3:a2:26:d3:b7:e6:
                    4d:66:ab:73:06:69:50:a1:8d:59:6a:16:84:be:dc:
                    24:01:00:d0:b8:46:f9:ee:0e:cc:4d:df:d8:a8:bb:
                    86:6f:be:2c:66:6f:35:c7:0b:6b:16:22:52:1c:de:
                    c1:f0:e8:66:f8:1a:e9:bc:f0:4e:da:a4:de:d8:93:
                    45:dc:26:ca:b2:31:b1:7f:4d:2f:95:d1:3c:06:b7:
                    d7:00:36:52:10:c1:01:c9:a1:7b:8f:46:7a:75:7e:
                    2d:83:20:b7:27:1d:df:c7:8e:f6:35:db:82:6b:0d:
                    89:4c:45:e0:17:0c:d3:69:f9:87:34:32:ad:d1:d3:
                    25:a2:80:65:c3:ac:72:5b:e8:78:3a:28:df:6a:75:
                    1a:48:03:5c:58:34:8a:20:62:6d:71:72:25:66:41:
                    72:79:a5:9d:57:16:b2:84:94:5f:59:11:2c:05:61:
                    b6:4c:5f:54:ad:b1:57:78:02:63:21:60:80:05:b6:
                    14:64:88:3d:5a:ab:7e:65:96:bd:b3:e0:02:dd:72:
                    43:49:42:fa:d2:ff:67:c0:a9:4f:fc:ce:ca:66:ae:
                    69:99:88:e1:df:21:da:9c:eb:9c:81:11:c0:25:19:
                    c7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:70:F0:6A:84:FA:8C:5A:9E:F8:0C:E9:70:78:16:72:DC:62:FC:77
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ccefeaa3-50fd-4fb5-a0d6-682ea894c5e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:5800::/40

    Signature Algorithm: sha256WithRSAEncryption
         3b:21:b6:1e:85:56:9c:e2:de:7b:0a:06:90:bc:da:ef:e5:3d:
         dc:ae:2f:2c:7b:9a:a6:92:bd:f4:7c:bc:ef:ad:0b:13:d7:7b:
         bd:30:fe:88:fc:d1:04:4c:6a:74:66:f4:ed:7d:f2:f8:78:90:
         03:ed:d0:8b:b5:7c:e0:80:c6:cb:7a:3f:53:df:fc:01:63:92:
         60:ee:b7:37:0e:a3:3c:a3:eb:2d:66:fc:12:ec:4b:c1:11:0e:
         48:32:bb:39:18:93:65:cd:fb:de:a9:26:e5:24:fb:be:8a:a5:
         45:5a:e4:b0:2a:a7:12:f3:85:2b:20:86:a8:60:58:e2:cb:ac:
         3f:c5:6d:7d:ff:ea:dc:e0:a7:29:46:06:f9:12:e9:bd:cd:82:
         dd:71:66:bd:8c:7b:5c:3d:64:99:e8:03:40:11:19:16:7a:aa:
         f1:4a:54:4b:f7:83:31:c7:9f:5b:56:84:23:24:a3:ca:1d:22:
         62:b4:96:e3:bf:56:83:46:01:8e:58:7d:5c:6d:e2:69:2e:03:
         96:38:7e:b7:38:e4:8c:42:09:9d:fa:c3:0f:8d:d3:45:6d:cd:
         35:1e:93:24:a7:00:e5:9f:79:93:f5:86:06:f6:15:3b:5b:6b:
         dc:16:56:10:5a:ef:5d:a5:7a:eb:76:90:5f:39:f7:84:51:f8:
         fc:84:a0:97
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGpBWfu3MuCkoc5IsTJaE5p4aAoUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDEwNDJaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA4MzNmMjAyNmU2ZjJjMzljZWY1ZDliNjI3NGE2YTZjMDljMTc4MDcwZjNi
ZTlmZjFjYWFmM2JmOTU5MmFjNzExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMA8LVqR5nLxKGCkQz1scpNlVI4o53SSs6Im07fmTWarcwZpUKGNWWoWhL7c
JAEA0LhG+e4OzE3f2Ki7hm++LGZvNccLaxYiUhzewfDoZvga6bzwTtqk3tiTRdwm
yrIxsX9NL5XRPAa31wA2UhDBAcmhe49GenV+LYMgtycd38eO9jXbgmsNiUxF4BcM
02n5hzQyrdHTJaKAZcOsclvoeDoo32p1GkgDXFg0iiBibXFyJWZBcnmlnVcWsoSU
X1kRLAVhtkxfVK2xV3gCYyFggAW2FGSIPVqrfmWWvbPgAt1yQ0lC+tL/Z8CpT/zO
ymauaZmI4d8h2pzrnIERwCUZx90CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ9cPBq
hPqMWp74DOlweBZy3GL8dzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
Y2NlZmVhYTMtNTBmZC00ZmI1LWEwZDYtNjgyZWE4OTRjNWUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8dY
MA0GCSqGSIb3DQEBCwUAA4IBAQA7IbYehVac4t57CgaQvNrv5T3cri8se5qmkr30
fLzvrQsT13u9MP6I/NEETGp0ZvTtffL4eJAD7dCLtXzggMbLej9T3/wBY5Jg7rc3
DqM8o+stZvwS7EvBEQ5IMrs5GJNlzfveqSblJPu+iqVFWuSwKqcS84UrIIaoYFji
y6w/xW19/+rc4KcpRgb5Eum9zYLdcWa9jHtcPWSZ6ANAERkWeqrxSlRL94Mxx59b
VoQjJKPKHSJitJbjv1aDRgGOWH1cbeJpLgOWOH63OOSMQgmd+sMPjdNFbc01HpMk
pwDln3mT9YYG9hU7W2vcFlYQWu9dpXrrdpBfOfeEUfj8hKCX
-----END CERTIFICATE-----