Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4723f2a2-88af-42fa-b700-a780f4cd2903.roa
File: 4723f2a2-88af-42fa-b700-a780f4cd2903.roa (raw, json)
Hash identifier: oP7CsJ+yTkRBo4WU9Smr7VxnF58WrHsJyvbzqf7RhDM=
Subject key identifier: CA:56:B3:30:10:AE:2D:0C:52:BF:11:A4:19:30:8E:6A:3E:A2:A7:83
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 545EAD8876B855331001799F0F16FFF1870B969A
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4723f2a2-88af-42fa-b700-a780f4cd2903.roa
Signing time: Tue 15 Jul 2025 00:30:38 +0000
ROA not before: Tue 15 Jul 2025 00:30:38 +0000
ROA not after: Tue 19 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:a000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:5e:ad:88:76:b8:55:33:10:01:79:9f:0f:16:ff:f1:87:0b:96:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Jul 15 00:30:38 2025 GMT
Not After : Aug 19 23:59:59 2025 GMT
Subject: serialNumber=873aa843a853de0e45b8b9f18300ef85eb4779965a747ee205901e4cd4ddd578, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:31:fa:93:4b:e0:09:f9:52:b5:65:d7:21:30:
da:07:82:f7:f8:72:a9:98:58:32:db:f0:6d:f5:e1:
83:47:8e:79:04:b5:fc:67:35:e7:5a:8f:9e:72:e2:
53:45:58:fe:70:a4:93:9e:0b:8d:70:e0:44:60:8a:
1a:d2:7f:af:8b:c0:f9:7b:98:7b:27:4e:84:a6:54:
0d:09:dc:0b:13:db:b3:38:b8:3f:77:36:e6:3e:fe:
4f:bd:f1:94:83:ce:63:cf:6d:35:45:50:6c:d3:2c:
ed:e5:02:48:ef:04:8b:e1:6a:f7:ba:23:5b:7b:d3:
98:62:45:fc:5e:20:5d:1d:73:25:2a:98:5d:2c:f0:
d4:cb:f2:a1:11:ef:4c:5b:f8:f4:4b:99:21:55:1b:
ef:2a:43:86:d3:66:15:37:c8:00:4f:e9:ef:7f:9f:
ab:bc:7e:7b:8a:b1:88:5e:47:8c:24:7d:83:ba:0e:
70:48:c7:db:5b:aa:80:51:e4:75:a3:80:ff:ab:39:
d1:97:23:1a:91:4e:be:9b:49:27:4b:ee:a5:97:20:
6b:be:de:77:75:35:8a:3d:7f:a1:2c:bb:be:01:82:
3d:b0:d2:9a:6f:4b:9c:17:e3:e7:d3:f7:f5:c2:5b:
00:db:3c:c5:48:95:7a:92:75:e6:d4:65:33:a9:2f:
f2:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:56:B3:30:10:AE:2D:0C:52:BF:11:A4:19:30:8E:6A:3E:A2:A7:83
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4723f2a2-88af-42fa-b700-a780f4cd2903.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:a000::/36
Signature Algorithm: sha256WithRSAEncryption
a7:fd:c5:30:84:0f:d1:4b:5c:59:47:94:cd:68:fb:b8:18:aa:
d3:81:23:96:6b:cd:64:ee:c5:d2:a2:9e:4f:5a:82:a5:27:cc:
64:78:90:ba:56:cc:92:ba:0b:7a:3f:49:47:98:2e:57:b1:b2:
f2:9c:67:88:b4:51:b3:40:ae:ae:8f:59:6b:bf:2c:e1:f8:d7:
a5:0f:b0:d3:43:5a:95:da:cd:9e:5b:ce:38:27:a4:b8:3d:fd:
05:b2:3a:07:5c:35:64:77:a7:5a:b9:a4:18:0e:f3:6d:00:a4:
4c:2d:50:9d:34:a5:08:98:c3:3d:5c:ed:e3:50:fe:25:7a:81:
d0:4f:3e:59:16:60:c5:f3:4b:be:9a:36:db:b8:17:ad:8e:49:
b3:40:6f:98:14:5d:e1:6a:d6:08:9d:c6:d6:3f:8c:de:99:a1:
dd:a5:43:24:da:3e:3e:ce:04:a1:2f:c6:b9:0f:ff:14:31:a9:
00:8c:2c:10:4b:36:10:6f:84:c0:7d:bd:4b:d9:a6:58:91:5f:
68:ae:0e:9c:10:08:26:41:69:86:55:f8:7f:93:ae:65:59:cf:
b9:8a:9b:61:23:21:b3:64:0c:0b:e8:0c:06:6b:f5:06:41:bf:
84:ff:df:c0:c1:69:01:df:1a:6d:1c:36:8c:9d:43:c7:98:09:
5c:b4:26:2e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVF6tiHa4VTMQAXmfDxb/8YcLlpowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MTUwMDMwMzhaFw0yNTA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQDg3M2FhODQzYTg1M2RlMGU0NWI4YjlmMTgzMDBlZjg1ZWI0Nzc5OTY1YTc0
N2VlMjA1OTAxZTRjZDRkZGQ1NzgxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALUx+pNL4An5UrVl1yEw2geC9/hyqZhYMtvwbfXhg0eOeQS1/Gc151qPnnLi
U0VY/nCkk54LjXDgRGCKGtJ/r4vA+XuYeydOhKZUDQncCxPbszi4P3c25j7+T73x
lIPOY89tNUVQbNMs7eUCSO8Ei+Fq97ojW3vTmGJF/F4gXR1zJSqYXSzw1MvyoRHv
TFv49EuZIVUb7ypDhtNmFTfIAE/p73+fq7x+e4qxiF5HjCR9g7oOcEjH21uqgFHk
daOA/6s50ZcjGpFOvptJJ0vupZcga77ed3U1ij1/oSy7vgGCPbDSmm9LnBfj59P3
9cJbANs8xUiVepJ15tRlM6kv8lECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTKVrMw
EK4tDFK/EaQZMI5qPqKngzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NDcyM2YyYTItODhhZi00MmZhLWI3MDAtYTc4MGY0Y2QyOTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8Og
MA0GCSqGSIb3DQEBCwUAA4IBAQCn/cUwhA/RS1xZR5TNaPu4GKrTgSOWa81k7sXS
op5PWoKlJ8xkeJC6VsySugt6P0lHmC5XsbLynGeItFGzQK6uj1lrvyzh+NelD7DT
Q1qV2s2eW844J6S4Pf0FsjoHXDVkd6dauaQYDvNtAKRMLVCdNKUImMM9XO3jUP4l
eoHQTz5ZFmDF80u+mjbbuBetjkmzQG+YFF3hatYIncbWP4zemaHdpUMk2j4+zgSh
L8a5D/8UMakAjCwQSzYQb4TAfb1L2aZYkV9org6cEAgmQWmGVfh/k65lWc+5ipth
IyGzZAwL6AwGa/UGQb+E/9/AwWkB3xptHDaMnUPHmAlctCYu
-----END CERTIFICATE-----
Generated at Tue Jul 22 19:31:09 2025 by rpki-client