Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/e75e46c0-2d4d-42fd-a050-85f835672397.roa
File:                     e75e46c0-2d4d-42fd-a050-85f835672397.roa (raw, json)
Hash identifier:          VUbGQHXs8Y6ogvUbZ4QwcfC5MSBHkLtmiZg8Yt7XaqI=
Subject key identifier:   9E:2A:41:BB:0B:2F:99:8A:0F:19:1B:13:FF:DE:D8:13:16:A1:22:E6
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       7AF0DC58254DA3286A48B8F4BF398D5420AACB67
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/e75e46c0-2d4d-42fd-a050-85f835672397.roa
Signing time:             Sat 05 Apr 2025 00:20:04 +0000
ROA not before:           Sat 05 Apr 2025 00:20:04 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:9000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:f0:dc:58:25:4d:a3:28:6a:48:b8:f4:bf:39:8d:54:20:aa:cb:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:20:04 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:63:58:91:43:e3:e2:46:fc:0b:31:2b:25:ff:
                    fd:a5:19:11:c8:80:f5:43:14:67:af:02:05:f3:c8:
                    1d:92:07:16:56:4a:e8:82:f5:a4:54:16:00:d7:c6:
                    71:5e:ec:98:5c:e2:3c:f2:25:c8:0f:e5:5d:76:fe:
                    14:32:5d:66:c2:4c:a1:6c:3a:93:92:b5:34:1d:f4:
                    b3:96:c7:ec:52:ee:ce:c0:8c:ec:d1:4b:e1:d8:62:
                    dc:07:ec:05:31:47:26:3f:ed:84:26:f0:bb:19:28:
                    04:a8:95:f0:44:a8:72:1a:40:bf:a0:ac:51:23:4f:
                    63:82:91:b5:6e:76:ec:9b:2d:f6:65:90:3b:d2:9e:
                    88:02:2d:b6:e6:65:e1:04:78:74:f6:55:f4:fb:22:
                    32:76:bb:ea:06:d2:7c:60:66:54:90:3f:2d:dc:d0:
                    52:26:aa:65:6f:d5:00:d5:7b:04:6a:69:23:7b:6f:
                    b7:37:7c:e3:0d:62:84:2e:1a:c6:a2:74:9a:50:c7:
                    da:87:7d:69:58:eb:26:99:5a:a7:af:7e:91:fd:ea:
                    9a:84:fe:7d:a9:08:a0:fd:d4:89:c9:e0:94:6f:18:
                    58:fa:60:14:55:46:78:4e:c1:62:ec:3c:2c:5b:7f:
                    5e:d7:a2:33:57:a4:f9:fd:be:fc:69:f4:d7:14:4c:
                    dd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:2A:41:BB:0B:2F:99:8A:0F:19:1B:13:FF:DE:D8:13:16:A1:22:E6
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/e75e46c0-2d4d-42fd-a050-85f835672397.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         0a:fb:35:15:51:1b:6a:33:b7:92:2f:b9:e5:8e:ed:ef:fe:8e:
         43:57:25:85:a3:a8:69:98:0a:e0:03:ff:7c:47:8d:78:78:af:
         cd:a9:80:99:c6:80:86:a1:0f:2f:36:cb:2d:dc:04:bf:d1:79:
         84:d4:f6:1b:fc:65:49:c7:8f:df:4f:c4:30:47:5b:b2:0a:d1:
         40:0d:7b:7c:7e:fc:a8:78:3e:ef:da:05:83:13:cc:c0:7d:07:
         91:48:38:d7:c5:05:57:d2:2f:d5:56:c2:20:e6:93:3d:e0:87:
         95:2a:fa:8f:94:cb:0c:2b:2c:0c:b1:b8:6a:10:ab:3a:97:d5:
         71:a7:68:1b:89:f3:d2:22:a4:50:68:7b:66:1d:4a:69:cd:bd:
         42:df:f7:d8:19:3d:23:f5:5c:db:0c:5e:04:74:3e:f9:ba:90:
         1c:81:fd:be:7f:79:8f:c6:29:33:74:cc:72:5a:8d:b0:49:ba:
         8b:3e:59:34:0b:49:3a:5f:9d:1b:87:1d:3a:7a:db:45:3b:9a:
         78:c7:69:24:e3:13:63:d5:52:8e:53:cc:a1:44:7f:c0:57:76:
         01:e5:79:e0:c9:4e:6e:b2:1b:b9:3a:7e:57:5b:b2:86:c0:cf:
         95:2e:ef:f3:82:1a:f7:bd:33:43:7c:f6:a6:3a:c3:50:cb:2d:
         d2:35:46:00
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUevDcWCVNoyhqSLj0vzmNVCCqy2cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIwMDRaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDc5OTIxNTU3NjZiOTBmOTNmYTNiZjEyZTk3MDQ2ODRhODA0ZDYyYzJkZmQ4
MTVmY2U2ZTE5ODlkMzlhMDBiMzIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMljWJFD4+JG/AsxKyX//aUZEciA9UMUZ68CBfPIHZIHFlZK6IL1pFQWANfG
cV7smFziPPIlyA/lXXb+FDJdZsJMoWw6k5K1NB30s5bH7FLuzsCM7NFL4dhi3Afs
BTFHJj/thCbwuxkoBKiV8ESochpAv6CsUSNPY4KRtW527Jst9mWQO9KeiAIttuZl
4QR4dPZV9PsiMna76gbSfGBmVJA/LdzQUiaqZW/VANV7BGppI3tvtzd84w1ihC4a
xqJ0mlDH2od9aVjrJplap69+kf3qmoT+fakIoP3UicnglG8YWPpgFFVGeE7BYuw8
LFt/XteiM1ek+f2+/Gn01xRM3acCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSeKkG7
Cy+Zig8ZGxP/3tgTFqEi5jAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZTc1ZTQ2YzAtMmQ0ZC00MmZkLWEwNTAtODVmODM1NjcyMzk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8eQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAK+zUVURtqM7eSL7nlju3v/o5DVyWFo6hpmArg
A/98R414eK/NqYCZxoCGoQ8vNsst3AS/0XmE1PYb/GVJx4/fT8QwR1uyCtFADXt8
fvyoeD7v2gWDE8zAfQeRSDjXxQVX0i/VVsIg5pM94IeVKvqPlMsMKywMsbhqEKs6
l9Vxp2gbifPSIqRQaHtmHUppzb1C3/fYGT0j9VzbDF4EdD75upAcgf2+f3mPxikz
dMxyWo2wSbqLPlk0C0k6X50bhx06ettFO5p4x2kk4xNj1VKOU8yhRH/AV3YB5Xng
yU5ushu5On5XW7KGwM+VLu/zghr3vTNDfPamOsNQyy3SNUYA
-----END CERTIFICATE-----