Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/e1d00d70-da0c-4922-8124-95401dba4efc.roa
File:                     e1d00d70-da0c-4922-8124-95401dba4efc.roa (raw, json)
Hash identifier:          r5bsJoxy1xigXzEL9bBZAu9Qg0p5/3hpeMYlrGZbDHk=
Subject key identifier:   2E:11:76:C2:6E:39:15:4D:38:C3:CD:38:80:55:FD:1F:4F:0F:4B:DF
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       61C76C9830ACA36ECC3454077DE9900D354B3B03
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/e1d00d70-da0c-4922-8124-95401dba4efc.roa
Signing time:             Sat 05 Apr 2025 00:11:04 +0000
ROA not before:           Sat 05 Apr 2025 00:11:04 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:f8c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:c7:6c:98:30:ac:a3:6e:cc:34:54:07:7d:e9:90:0d:35:4b:3b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:11:04 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:36:f8:b6:6f:5d:1f:01:05:dc:74:98:b7:3f:
                    77:25:e9:46:f8:d6:e0:6d:3f:c4:73:7e:5e:76:c4:
                    bb:9f:2e:fb:6d:86:f1:b7:d7:64:5a:29:e2:2e:75:
                    8a:3b:cb:7c:19:83:1a:ed:cf:9d:61:3a:b3:21:9b:
                    fe:a8:84:7e:28:da:a0:22:35:43:63:5a:48:c7:39:
                    27:11:57:d6:ce:d2:3f:46:06:a1:97:47:c5:99:01:
                    00:b9:8c:e9:b3:4c:0c:6f:af:9f:42:d7:2f:4d:4c:
                    f5:96:af:9a:59:c1:4d:2e:bf:d1:de:31:90:e2:87:
                    66:d9:b4:13:45:d8:5a:26:93:d3:2c:ca:18:c4:66:
                    ae:ec:58:a0:27:c3:14:91:f6:a3:c0:fb:86:ef:95:
                    6d:4f:3c:17:b3:df:d4:d3:9f:7e:bd:af:df:44:a5:
                    e2:fa:8f:2c:a8:9f:ba:76:57:28:5e:c4:57:29:1a:
                    36:d3:a3:72:27:f5:4c:9c:c9:67:c0:87:d1:12:fa:
                    a1:11:37:99:ef:b1:4a:87:b9:40:d3:42:ac:87:a9:
                    59:78:21:0f:6e:c3:ad:c0:0c:bf:0c:2b:13:19:1a:
                    f6:ab:b5:1e:ac:58:fc:ad:75:90:06:de:3b:50:5b:
                    c8:72:eb:7f:4e:6b:92:60:6c:66:cc:2d:8a:6b:e4:
                    8e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:11:76:C2:6E:39:15:4D:38:C3:CD:38:80:55:FD:1F:4F:0F:4B:DF
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/e1d00d70-da0c-4922-8124-95401dba4efc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:f8c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:4c:7a:c3:7a:d8:35:ba:f5:2c:26:7c:a2:7b:32:8a:5a:37:
         36:62:bb:e3:18:ec:4e:cc:20:99:42:20:25:cb:7b:9e:50:a6:
         8b:f4:c2:20:18:11:e7:41:7a:1a:fd:97:80:d0:65:a6:44:1f:
         3a:c7:ef:93:76:d5:93:06:15:75:cd:b4:9e:2a:81:34:70:48:
         7c:1c:0e:ee:5d:18:f4:4a:ad:a0:55:f3:f1:16:2d:9e:b4:0f:
         d1:14:7d:9c:5e:ef:60:03:c5:df:f4:5f:b1:8e:22:34:a5:9e:
         26:b8:e3:14:72:4c:96:eb:22:28:f7:ea:98:24:69:18:09:ba:
         4b:f7:b6:0f:3e:38:da:02:c8:1f:dc:5c:e9:2d:d6:a8:5c:c7:
         70:74:df:e0:fa:97:9e:23:7b:e9:1a:ad:f7:bf:53:7d:41:63:
         3c:fe:23:43:fa:79:ba:30:0c:94:cc:e0:5e:98:0e:8b:8d:07:
         2b:67:8b:bc:67:b0:16:93:34:51:70:1c:f3:a2:d1:d5:a8:0c:
         2e:9f:06:ff:2c:1f:9c:81:21:a1:11:3f:05:c4:a1:c0:f5:c8:
         64:41:2e:e6:42:45:ad:c3:99:24:28:45:a1:69:5c:f5:16:56:
         d2:24:2c:75:19:2a:b3:d8:48:dd:26:49:82:60:54:d1:f2:a4:
         c3:d3:f7:62
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUYcdsmDCso27MNFQHfemQDTVLOwMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDExMDRaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDExOThiYzg0MGE4YmNmNmEyOGU0YzhkNDE2NWIxZjZkOGI0OGI1MGE2NmEz
OWM1YjViNjI4NTM0MDY4MTUzZmUxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJs2+LZvXR8BBdx0mLc/dyXpRvjW4G0/xHN+XnbEu58u+22G8bfXZFop4i51
ijvLfBmDGu3PnWE6syGb/qiEfijaoCI1Q2NaSMc5JxFX1s7SP0YGoZdHxZkBALmM
6bNMDG+vn0LXL01M9ZavmlnBTS6/0d4xkOKHZtm0E0XYWiaT0yzKGMRmruxYoCfD
FJH2o8D7hu+VbU88F7Pf1NOffr2v30Sl4vqPLKifunZXKF7EVykaNtOjcif1TJzJ
Z8CH0RL6oRE3me+xSoe5QNNCrIepWXghD27DrcAMvwwrExka9qu1HqxY/K11kAbe
O1BbyHLrf05rkmBsZswtimvkjocCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQuEXbC
bjkVTTjDzTiAVf0fTw9L3zAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZTFkMDBkNzAtZGEwYy00OTIyLTgxMjQtOTU0MDFkYmE0ZWZjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8f4
wDANBgkqhkiG9w0BAQsFAAOCAQEAXUx6w3rYNbr1LCZ8onsyilo3NmK74xjsTswg
mUIgJct7nlCmi/TCIBgR50F6Gv2XgNBlpkQfOsfvk3bVkwYVdc20niqBNHBIfBwO
7l0Y9EqtoFXz8RYtnrQP0RR9nF7vYAPF3/RfsY4iNKWeJrjjFHJMlusiKPfqmCRp
GAm6S/e2Dz442gLIH9xc6S3WqFzHcHTf4PqXniN76Rqt979TfUFjPP4jQ/p5ujAM
lMzgXpgOi40HK2eLvGewFpM0UXAc86LR1agMLp8G/ywfnIEhoRE/BcShwPXIZEEu
5kJFrcOZJChFoWlc9RZW0iQsdRkqs9hI3SZJgmBU0fKkw9P3Yg==
-----END CERTIFICATE-----