Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa
File:                     ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa (raw, json)
Hash identifier:          l51Ssvj2uhReSMp2TrrByn/dfCYEwN5Td9S4ESTLgg4=
Subject key identifier:   7C:13:DE:67:19:12:F8:9D:2A:74:78:2D:00:29:7A:C9:F6:D4:4E:17
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       045DE5E6F31AF2A3DF794947BA2A68E7585DBA25
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa
Signing time:             Sat 05 Apr 2025 00:21:12 +0000
ROA not before:           Sat 05 Apr 2025 00:21:12 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:5d:e5:e6:f3:1a:f2:a3:df:79:49:47:ba:2a:68:e7:58:5d:ba:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:21:12 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:8d:32:2d:53:64:12:6b:cd:2d:f5:af:78:9a:
                    00:b7:df:01:27:55:b2:7a:9d:06:99:da:d1:0b:a1:
                    b6:df:07:6a:63:f2:66:08:cd:e4:4c:0d:2b:f6:0e:
                    73:c7:08:9f:7c:1d:7c:9f:70:68:2c:61:11:b5:9a:
                    b3:8d:7e:2b:ef:f6:97:90:4b:93:a3:72:1a:f2:12:
                    71:a4:ff:2c:d6:ee:49:cc:0e:ac:8d:f1:7d:a6:6b:
                    ca:d2:90:2e:93:df:4b:45:2f:32:5b:9d:e2:6f:ff:
                    31:b0:2e:82:71:b0:51:3b:da:93:61:19:72:5c:ba:
                    36:4c:06:79:3b:90:b6:5a:ab:4d:13:80:17:35:7c:
                    fb:dc:6f:18:fa:a3:29:8b:9b:fb:bf:da:f6:94:c5:
                    a9:1b:16:27:34:5a:5a:8e:5f:ba:2b:b7:14:a1:70:
                    08:51:7f:91:43:33:8b:af:71:3a:af:df:43:77:d4:
                    eb:0d:b6:5c:d1:5d:98:4b:8d:05:3c:6d:59:25:e8:
                    34:8a:af:28:df:04:f1:2b:fb:f1:10:e4:13:33:33:
                    bb:10:71:1d:d6:14:e5:8a:79:6b:59:49:2f:16:c4:
                    91:52:96:94:a6:c3:e5:12:a8:99:76:d0:ff:f2:be:
                    88:d9:1f:32:69:90:12:ef:c6:bb:12:8d:e9:61:7e:
                    10:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:13:DE:67:19:12:F8:9D:2A:74:78:2D:00:29:7A:C9:F6:D4:4E:17
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/ea65bcc4-9fce-4b6f-a493-4a17ef1306cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         75:b1:7e:84:9d:e1:86:0f:19:48:1c:44:4d:13:ce:07:ca:e8:
         79:f1:b4:6c:b3:d1:e5:92:2d:1c:1c:1c:5e:cd:dd:71:70:a0:
         50:f8:84:ef:fe:c2:91:77:e8:a0:a9:d8:77:a7:5b:fb:6b:3a:
         c0:4f:b7:a2:70:3c:5f:4e:f7:af:e0:ac:61:c6:0b:c7:81:a5:
         bc:79:a1:73:d4:90:4c:ea:2a:56:31:c7:f8:ad:23:90:dc:59:
         62:4f:1a:c4:da:ed:f5:35:c9:54:d2:8b:e6:f6:f5:4e:14:09:
         ce:35:45:05:9b:e2:2f:a3:5b:ab:3b:35:bd:97:95:3d:9c:a8:
         4c:a2:0c:6e:93:3d:1b:c4:d7:ec:25:5b:fa:81:52:16:55:d3:
         cd:83:74:87:5b:e7:e9:29:56:9a:f4:0a:2f:e8:d2:dd:9d:00:
         eb:aa:85:d7:e2:61:88:b5:bd:7c:e2:d9:57:87:46:7c:06:0e:
         d4:95:2c:c8:c9:49:54:a6:d3:06:cb:b3:7d:d3:a0:5c:0f:49:
         c0:9a:ab:e0:55:b4:65:0f:d8:98:9e:76:62:a2:fc:81:30:f1:
         fc:10:7c:bb:c4:42:9d:d3:d6:ca:48:e6:68:a6:5a:2a:be:0f:
         55:2b:d6:fb:9e:a4:5d:2e:67:f0:b3:03:24:dd:e5:7a:ed:49:
         f9:61:90:76
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBF3l5vMa8qPfeUlHuipo51hduiUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDIxMTJaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDVlMjE0YTc2NGQ5ZmI0YzllNWE3N2I2ZDEwMTcyYTJlMDQzZTZmZDQ5N2U4
ODY3ZjJhMjNiMGE5YzhhNWNlYWIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM+NMi1TZBJrzS31r3iaALffASdVsnqdBpna0Quhtt8HamPyZgjN5EwNK/YO
c8cIn3wdfJ9waCxhEbWas41+K+/2l5BLk6NyGvIScaT/LNbuScwOrI3xfaZrytKQ
LpPfS0UvMlud4m//MbAugnGwUTvak2EZcly6NkwGeTuQtlqrTROAFzV8+9xvGPqj
KYub+7/a9pTFqRsWJzRaWo5fuiu3FKFwCFF/kUMzi69xOq/fQ3fU6w22XNFdmEuN
BTxtWSXoNIqvKN8E8Sv78RDkEzMzuxBxHdYU5Yp5a1lJLxbEkVKWlKbD5RKomXbQ
//K+iNkfMmmQEu/GuxKN6WF+EGMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR8E95n
GRL4nSp0eC0AKXrJ9tROFzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZWE2NWJjYzQtOWZjZS00YjZmLWE0OTMtNGExN2VmMTMwNmNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8cQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB1sX6EneGGDxlIHERNE84Hyuh58bRss9Hlki0c
HBxezd1xcKBQ+ITv/sKRd+igqdh3p1v7azrAT7eicDxfTvev4KxhxgvHgaW8eaFz
1JBM6ipWMcf4rSOQ3FliTxrE2u31NclU0ovm9vVOFAnONUUFm+Ivo1urOzW9l5U9
nKhMogxukz0bxNfsJVv6gVIWVdPNg3SHW+fpKVaa9Aov6NLdnQDrqoXX4mGItb18
4tlXh0Z8Bg7UlSzIyUlUptMGy7N906BcD0nAmqvgVbRlD9iYnnZiovyBMPH8EHy7
xEKd09bKSOZoploqvg9VK9b7nqRdLmfwswMk3eV67Un5YZB2
-----END CERTIFICATE-----