Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/cd8f07c9-abc1-41dd-bad4-c7e5bf0bd4c5.roa
File:                     cd8f07c9-abc1-41dd-bad4-c7e5bf0bd4c5.roa (raw, json)
Hash identifier:          25WuNnAF3VYlNixfHuICbUriHhhKYcTlDDj+uo/YyBc=
Subject key identifier:   FA:32:37:3A:69:C2:5D:5A:B5:94:25:1F:38:6B:63:F3:C3:6E:BF:66
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       7A227F9C09F08A731E619852D7DCEC1CDB8C8CCB
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/cd8f07c9-abc1-41dd-bad4-c7e5bf0bd4c5.roa
Signing time:             Sat 05 Apr 2025 00:20:39 +0000
ROA not before:           Sat 05 Apr 2025 00:20:39 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2001:3fc4::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:22:7f:9c:09:f0:8a:73:1e:61:98:52:d7:dc:ec:1c:db:8c:8c:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:20:39 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:9a:cb:6a:29:e6:20:a7:ae:af:6c:53:da:40:
                    0a:a0:c3:21:6f:13:dc:cc:5f:13:c7:98:cd:83:29:
                    04:3d:a0:7c:e2:cf:86:42:92:f3:eb:bf:65:22:c7:
                    72:6a:1c:bc:11:fc:c7:45:ce:65:97:8b:b5:1b:c5:
                    49:50:6d:b6:5c:f4:ce:1e:31:6b:f4:14:28:5a:2a:
                    c0:3f:56:71:a6:45:da:e6:de:a6:99:b4:01:a7:0f:
                    04:50:05:81:75:22:c6:ef:8d:f5:9a:04:76:e3:6c:
                    3d:f4:cb:02:5a:5f:c6:41:3f:a9:6b:bb:c6:1d:69:
                    bf:cd:c7:36:22:38:03:e4:c8:6b:6e:ba:a2:37:83:
                    4f:61:0e:1f:46:1e:94:bd:22:8d:bd:9f:f2:f0:c8:
                    8a:fc:77:f1:29:f4:6e:aa:f0:fb:b2:aa:21:d6:2c:
                    b1:08:27:5e:6a:58:da:05:c0:c4:c5:95:94:cd:6d:
                    0f:77:81:bd:28:27:3a:a4:7c:24:a7:f4:53:cd:4b:
                    c8:84:12:89:80:18:41:64:ea:cd:aa:e0:eb:a7:22:
                    f2:f1:f4:02:81:ea:73:55:e7:7b:d3:7f:95:e5:d2:
                    42:d4:1d:7c:b6:e0:a8:de:f6:e3:56:cb:98:b5:94:
                    bd:ef:46:ce:f4:9c:e3:50:5e:25:39:6f:88:a8:1f:
                    65:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:32:37:3A:69:C2:5D:5A:B5:94:25:1F:38:6B:63:F3:C3:6E:BF:66
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/cd8f07c9-abc1-41dd-bad4-c7e5bf0bd4c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc4::/36

    Signature Algorithm: sha256WithRSAEncryption
         23:9b:81:dd:0d:f8:6d:66:2c:21:ce:7c:e2:f8:b3:d0:97:7e:
         5a:ad:fb:05:7f:c2:98:78:d8:72:b2:b6:6d:12:d9:57:39:85:
         f3:a2:9c:dc:17:04:e4:2c:e0:3c:55:f7:3f:99:3a:e1:47:81:
         68:df:7b:a1:26:03:1b:07:ce:97:4b:f3:11:4a:96:ad:71:f3:
         6b:1a:f9:c5:61:f4:07:31:61:d9:22:52:87:60:fe:e7:a7:00:
         07:c7:ce:0f:d1:f9:79:f6:fb:75:7a:56:9f:af:c6:9d:5f:c9:
         83:2d:ae:13:96:b3:70:82:22:20:67:fa:42:53:0b:89:9c:0f:
         f4:e9:bb:af:02:79:b5:ec:14:7e:9f:80:af:06:17:76:e2:97:
         8e:0b:4a:87:f7:36:79:26:d1:9a:24:d0:70:b5:e4:25:1f:42:
         92:3f:9b:b2:a0:cc:ca:33:c0:4c:0d:f7:10:ce:3c:e8:fd:91:
         14:04:10:48:02:66:67:62:fc:6f:79:d5:47:e6:7f:98:7f:96:
         92:4a:c4:2f:7a:55:70:07:80:69:4a:18:54:2d:0b:b2:1a:69:
         22:0a:70:3e:14:06:49:41:05:6b:75:25:4d:fc:1a:73:dc:a3:
         8c:79:4f:6b:b8:1f:f9:7f:0b:cf:e4:ab:76:7c:fd:67:2d:60:
         ea:62:33:dc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUeiJ/nAnwinMeYZhS19zsHNuMjMswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIwMzlaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDFkNTViZDhjNDk3ZjdiMDYyYzk3ODRlOTM2ZmFmYzFkYjViNzk4NzdlODhm
ZDgxZWVkNmYzNDJmNDdmOGNjOTgxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO6ay2op5iCnrq9sU9pACqDDIW8T3MxfE8eYzYMpBD2gfOLPhkKS8+u/ZSLH
cmocvBH8x0XOZZeLtRvFSVBttlz0zh4xa/QUKFoqwD9WcaZF2ubeppm0AacPBFAF
gXUixu+N9ZoEduNsPfTLAlpfxkE/qWu7xh1pv83HNiI4A+TIa266ojeDT2EOH0Ye
lL0ijb2f8vDIivx38Sn0bqrw+7KqIdYssQgnXmpY2gXAxMWVlM1tD3eBvSgnOqR8
JKf0U81LyIQSiYAYQWTqzarg66ci8vH0AoHqc1Xne9N/leXSQtQdfLbgqN7241bL
mLWUve9GzvSc41BeJTlviKgfZZUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT6Mjc6
acJdWrWUJR84a2Pzw26/ZjAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
Y2Q4ZjA3YzktYWJjMS00MWRkLWJhZDQtYzdlNWJmMGJkNGM1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8QA
MA0GCSqGSIb3DQEBCwUAA4IBAQAjm4HdDfhtZiwhznzi+LPQl35arfsFf8KYeNhy
srZtEtlXOYXzopzcFwTkLOA8Vfc/mTrhR4Fo33uhJgMbB86XS/MRSpatcfNrGvnF
YfQHMWHZIlKHYP7npwAHx84P0fl59vt1elafr8adX8mDLa4TlrNwgiIgZ/pCUwuJ
nA/06buvAnm17BR+n4CvBhd24peOC0qH9zZ5JtGaJNBwteQlH0KSP5uyoMzKM8BM
DfcQzjzo/ZEUBBBIAmZnYvxvedVH5n+Yf5aSSsQvelVwB4BpShhULQuyGmkiCnA+
FAZJQQVrdSVN/Bpz3KOMeU9ruB/5fwvP5Kt2fP1nLWDqYjPc
-----END CERTIFICATE-----