Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/df7033c9-3736-411c-b289-a6013faa6935.roa
File:                     df7033c9-3736-411c-b289-a6013faa6935.roa (raw, json)
Hash identifier:          0K9AVqBSw4LN1mw2bmqXfOhy/YAgRR3/S1HhO8KKuNQ=
Subject key identifier:   FE:34:58:D6:75:B2:92:1E:C4:CA:F2:61:5D:78:77:07:49:B3:73:7F
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       2D156D4ADA4544FF29035299C5E2CDE59E08E6B8
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/df7033c9-3736-411c-b289-a6013faa6935.roa
Signing time:             Sat 05 Apr 2025 00:11:08 +0000
ROA not before:           Sat 05 Apr 2025 00:11:08 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:2880::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:15:6d:4a:da:45:44:ff:29:03:52:99:c5:e2:cd:e5:9e:08:e6:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:11:08 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5d:ab:24:9c:6f:ef:39:eb:43:86:23:22:f4:
                    33:cd:3f:40:27:98:95:1c:80:85:07:a8:59:21:34:
                    94:bf:07:6d:e8:6c:f3:3d:a5:32:a0:10:58:1b:99:
                    27:19:65:4f:66:a6:82:3d:d7:2f:8b:3e:42:1a:78:
                    f2:c5:1e:47:3b:3e:21:93:c7:81:36:1a:ba:69:c0:
                    e6:5e:26:0c:80:13:42:18:12:3a:50:a1:f7:53:98:
                    b7:5d:6c:93:76:0d:e1:7c:55:da:90:50:e5:e2:95:
                    23:9e:59:21:79:81:6d:87:c1:cb:32:82:7a:03:e8:
                    b4:13:ed:39:7f:ac:06:01:be:e0:aa:c3:6f:1d:e8:
                    61:69:15:5b:1f:78:ee:7e:2c:03:73:56:71:86:6a:
                    c6:f4:cd:ef:85:49:10:90:84:48:9e:ca:4c:3d:e7:
                    0d:78:31:f7:4a:52:70:d7:5d:e2:43:ff:5a:19:1e:
                    e6:82:5b:2f:ee:9b:a9:37:bb:57:2a:c0:0e:9c:42:
                    fc:a3:68:a9:43:29:23:73:a5:cd:54:7e:9e:10:0c:
                    72:b5:ea:d1:62:d0:68:eb:67:bc:0d:34:dc:b3:7a:
                    60:12:eb:92:b2:b4:98:78:90:87:0e:bf:8d:e0:0b:
                    75:2e:d1:32:f3:e0:98:c1:d7:d5:f0:95:d8:c3:a4:
                    cd:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:34:58:D6:75:B2:92:1E:C4:CA:F2:61:5D:78:77:07:49:B3:73:7F
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/df7033c9-3736-411c-b289-a6013faa6935.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:2880::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:8f:88:d9:8b:b6:a2:10:13:26:66:c8:91:b3:60:8f:bf:4e:
         69:bc:08:76:45:31:a5:71:f5:b5:e2:e8:c5:a6:4d:7b:22:f7:
         fe:5a:9f:67:11:61:b0:4d:2c:2e:ab:44:f4:51:10:7b:27:91:
         de:03:0c:6c:9c:18:52:e6:be:c4:58:11:23:0c:78:98:73:b3:
         b5:bc:cd:a6:9b:bf:5c:f8:1b:74:4e:f0:e8:25:a3:49:19:9f:
         c1:f3:3b:c5:ac:77:a7:30:7f:dc:8c:83:fe:9b:33:9b:7f:c0:
         d3:86:c8:22:cb:cd:97:14:c0:dc:6f:be:81:d2:37:4a:36:73:
         a3:f9:de:a6:01:5e:b6:d8:5d:d9:c7:21:18:78:b8:48:de:8a:
         69:1d:e0:3e:fa:f7:f6:67:aa:16:1a:34:4d:7a:a7:47:95:20:
         68:64:35:0a:26:61:5c:71:94:f8:c6:22:f6:09:15:e2:bb:8f:
         3f:46:ba:aa:34:9a:a5:e9:ee:d8:31:50:50:c3:c0:95:a5:bf:
         5f:48:70:0a:12:9a:06:d4:04:e0:66:d7:0e:2d:76:cd:fd:ad:
         69:b5:4e:53:99:51:70:69:e7:b7:8e:90:d8:9f:2e:75:a5:50:
         e9:e4:8c:ab:90:d9:b1:6b:e1:1c:c6:f2:30:bd:56:a9:6d:0d:
         dc:e4:99:96
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULRVtStpFRP8pA1KZxeLN5Z4I5rgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDExMDhaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiZTEyZGEyYTNiN2Q4NWUxMmQ4NmU5MDg3NjQ3MDc3Y2Q4ZjI1MmVmOTVl
NzJkOTM0Y2NjZTk0YTdlOWExOTQxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL9dqyScb+8560OGIyL0M80/QCeYlRyAhQeoWSE0lL8Hbehs8z2lMqAQWBuZ
JxllT2amgj3XL4s+Qhp48sUeRzs+IZPHgTYaumnA5l4mDIATQhgSOlCh91OYt11s
k3YN4XxV2pBQ5eKVI55ZIXmBbYfByzKCegPotBPtOX+sBgG+4KrDbx3oYWkVWx94
7n4sA3NWcYZqxvTN74VJEJCESJ7KTD3nDXgx90pScNdd4kP/Whke5oJbL+6bqTe7
VyrADpxC/KNoqUMpI3OlzVR+nhAMcrXq0WLQaOtnvA003LN6YBLrkrK0mHiQhw6/
jeALdS7RMvPgmMHX1fCV2MOkzXcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT+NFjW
dbKSHsTK8mFdeHcHSbNzfzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZGY3MDMzYzktMzczNi00MTFjLWIyODktYTYwMTNmYWE2OTM1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8co
gDANBgkqhkiG9w0BAQsFAAOCAQEASo+I2Yu2ohATJmbIkbNgj79OabwIdkUxpXH1
teLoxaZNeyL3/lqfZxFhsE0sLqtE9FEQeyeR3gMMbJwYUua+xFgRIwx4mHOztbzN
ppu/XPgbdE7w6CWjSRmfwfM7xax3pzB/3IyD/pszm3/A04bIIsvNlxTA3G++gdI3
SjZzo/nepgFetthd2cchGHi4SN6KaR3gPvr39meqFho0TXqnR5UgaGQ1CiZhXHGU
+MYi9gkV4ruPP0a6qjSapenu2DFQUMPAlaW/X0hwChKaBtQE4GbXDi12zf2tabVO
U5lRcGnnt46Q2J8udaVQ6eSMq5DZsWvhHMbyML1WqW0N3OSZlg==
-----END CERTIFICATE-----