Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/baededf2-26d8-42f7-b8bc-fbf1dc4fb03d.roa
File: baededf2-26d8-42f7-b8bc-fbf1dc4fb03d.roa (raw, json)
Hash identifier: WDxWjITTLe1GBBLKk9cxjzuJQ8eILTPT25pi1gITkcg=
Subject key identifier: 22:AC:C1:11:44:B1:E3:CD:59:44:2E:43:E2:E9:F0:DE:51:48:8D:D8
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: B8DC7F4E562BA7D49A8AFE778E628734A61016
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/baededf2-26d8-42f7-b8bc-fbf1dc4fb03d.roa
Signing time: Tue 15 Jul 2025 00:20:06 +0000
ROA not before: Tue 15 Jul 2025 00:20:06 +0000
ROA not after: Tue 19 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:6000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b8:dc:7f:4e:56:2b:a7:d4:9a:8a:fe:77:8e:62:87:34:a6:10:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Jul 15 00:20:06 2025 GMT
Not After : Aug 19 23:59:59 2025 GMT
Subject: serialNumber=e38b8639c515cf3a8f82e88a255fe2a1c00625a72297f6b0311be8c8a9ccf4d6, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:ec:c9:9d:4c:80:b1:c3:a8:4a:62:da:5e:29:
c6:03:54:26:d0:e6:0d:e6:54:b4:f9:cb:39:e4:d0:
f2:a4:f8:a5:54:8b:69:66:46:7c:4d:7b:79:17:8d:
69:13:bf:37:6a:7e:44:3c:fb:80:b9:11:0a:5e:86:
b8:29:6c:1b:eb:bc:35:5e:f1:9b:42:42:4d:70:5d:
4b:9b:c9:ae:7b:09:04:06:46:f3:ec:25:fd:d5:f9:
59:b4:07:55:0f:42:d1:09:5a:d7:39:89:35:09:61:
a6:c3:14:1a:82:53:48:e6:af:b3:47:a4:65:da:ba:
87:1f:b6:a4:75:02:c7:07:14:cb:d8:4c:e0:00:85:
98:22:c0:8c:77:b6:91:00:74:e6:9d:0b:a7:3c:2e:
df:88:df:4b:66:6f:09:29:5d:4e:4c:90:1e:df:c1:
9b:60:d4:d4:7f:70:e5:3b:a8:48:9f:4e:c0:98:5d:
13:e8:cb:a4:45:49:62:73:6a:fd:b8:a8:8c:eb:7f:
57:46:80:e7:a5:74:1c:5d:61:e5:79:84:42:3b:5d:
c7:89:59:7d:39:33:74:51:2a:08:c0:f3:01:b9:85:
71:f6:7d:92:56:6a:e5:51:a0:f6:93:3a:64:1b:99:
7e:bb:35:1a:bd:10:8b:29:76:7a:73:9b:b3:f9:85:
0a:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:AC:C1:11:44:B1:E3:CD:59:44:2E:43:E2:E9:F0:DE:51:48:8D:D8
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/baededf2-26d8-42f7-b8bc-fbf1dc4fb03d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:6000::/36
Signature Algorithm: sha256WithRSAEncryption
48:60:cd:70:d7:d6:ce:7c:4a:42:a3:cf:5c:43:e6:e6:7a:da:
fa:fe:87:66:9e:f0:27:a9:80:e8:7c:3c:64:90:d1:f9:12:17:
9f:ec:bd:4e:08:3e:29:9d:d9:51:56:96:c8:ec:09:d6:f7:2c:
c7:4a:2f:79:ba:81:86:95:85:b8:88:94:15:77:43:c2:3a:2a:
27:aa:81:a6:57:42:34:b1:fe:e3:cb:fa:1b:6b:57:3a:ae:08:
92:43:10:cb:c6:42:10:d2:ac:56:46:04:d9:79:d0:49:91:54:
e5:ad:5e:47:c4:f0:c5:37:3d:20:7f:c9:e7:63:c0:b3:a8:77:
f4:93:ae:50:14:3c:45:8a:58:4d:99:29:61:48:cc:9e:ee:2c:
14:0f:e8:66:b5:be:3c:1d:da:fe:e6:d5:cc:94:76:d4:5e:1d:
36:10:85:b2:17:27:61:5b:5b:fd:33:36:93:c2:4e:4f:0c:a5:
f4:26:6d:f7:b0:c8:08:ad:93:2d:b6:31:72:81:8f:ee:5c:93:
44:9e:71:32:0d:93:99:6a:f7:b5:75:f0:4e:6f:7f:6a:c7:66:
95:83:7e:07:3a:50:40:06:a1:07:57:6d:45:96:84:81:d3:fb:
17:c9:83:a9:fe:00:03:77:d3:be:fa:2d:34:b9:df:0e:90:b6:
a7:22:4b:ba
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUALjcf05WK6fUmor+d45ihzSmEBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MTUwMDIwMDZaFw0yNTA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQGUzOGI4NjM5YzUxNWNmM2E4ZjgyZTg4YTI1NWZlMmExYzAwNjI1YTcyMjk3
ZjZiMDMxMWJlOGM4YTljY2Y0ZDYxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMrsyZ1MgLHDqEpi2l4pxgNUJtDmDeZUtPnLOeTQ8qT4pVSLaWZGfE17eReN
aRO/N2p+RDz7gLkRCl6GuClsG+u8NV7xm0JCTXBdS5vJrnsJBAZG8+wl/dX5WbQH
VQ9C0Qla1zmJNQlhpsMUGoJTSOavs0ekZdq6hx+2pHUCxwcUy9hM4ACFmCLAjHe2
kQB05p0Lpzwu34jfS2ZvCSldTkyQHt/Bm2DU1H9w5TuoSJ9OwJhdE+jLpEVJYnNq
/biojOt/V0aA56V0HF1h5XmEQjtdx4lZfTkzdFEqCMDzAbmFcfZ9klZq5VGg9pM6
ZBuZfrs1Gr0Qiyl2enObs/mFCpECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQirMER
RLHjzVlELkPi6fDeUUiN2DAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YmFlZGVkZjItMjZkOC00MmY3LWI4YmMtZmJmMWRjNGZiMDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dg
MA0GCSqGSIb3DQEBCwUAA4IBAQBIYM1w19bOfEpCo89cQ+bmetr6/odmnvAnqYDo
fDxkkNH5Ehef7L1OCD4pndlRVpbI7AnW9yzHSi95uoGGlYW4iJQVd0PCOionqoGm
V0I0sf7jy/oba1c6rgiSQxDLxkIQ0qxWRgTZedBJkVTlrV5HxPDFNz0gf8nnY8Cz
qHf0k65QFDxFilhNmSlhSMye7iwUD+hmtb48Hdr+5tXMlHbUXh02EIWyFydhW1v9
MzaTwk5PDKX0Jm33sMgIrZMttjFygY/uXJNEnnEyDZOZave1dfBOb39qx2aVg34H
OlBABqEHV21FloSB0/sXyYOp/gADd9O++i00ud8OkLanIku6
-----END CERTIFICATE-----
Generated at Tue Jul 22 19:29:32 2025 by rpki-client