Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/336f8390-241d-4b6f-9822-91232dc553f3.roa
File: 336f8390-241d-4b6f-9822-91232dc553f3.roa (raw, json)
Hash identifier: HxXICOHjD/VIzl8PAiyArXRSsdc0qYVNBi/zlpzqTGM=
Subject key identifier: C1:8B:E3:43:88:40:08:F6:11:EC:A7:C0:EA:7E:18:88:B5:0E:ED:9D
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 40831AF85783679DA5177CCDF2FF485541B14878
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/336f8390-241d-4b6f-9822-91232dc553f3.roa
Signing time: Wed 03 Sep 2025 00:21:07 +0000
ROA not before: Wed 03 Sep 2025 00:21:07 +0000
ROA not after: Wed 08 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:6800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 05:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:83:1a:f8:57:83:67:9d:a5:17:7c:cd:f2:ff:48:55:41:b1:48:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 3 00:21:07 2025 GMT
Not After : Oct 8 23:59:59 2025 GMT
Subject: serialNumber=0b993c359a32cfe4a0e376bacc1e338ba1b931f466fc1c55b691e7387bdc3d03, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:30:78:c5:02:83:f5:da:6f:48:98:ec:99:c0:
08:07:5a:1d:90:98:af:4d:1e:59:c4:ac:08:03:fa:
bf:aa:58:ea:eb:bf:d3:6c:48:2e:a2:42:eb:06:e0:
d3:d9:ef:32:10:f3:da:43:91:c1:90:5e:ab:a9:57:
4d:89:7c:5c:94:32:ca:f9:28:04:25:a1:d4:19:36:
10:fe:ee:ea:fc:c9:77:1f:5c:41:dc:72:2c:ef:99:
f0:12:b1:2d:cc:05:ab:07:ef:16:10:70:b8:63:68:
ef:4a:04:7f:35:88:7d:81:0d:da:f3:0c:6b:80:55:
f0:f6:a3:7e:a0:ab:a6:98:78:f0:9e:03:d4:b8:43:
82:18:42:c4:90:a6:e5:e5:bd:a8:91:c3:42:8f:bf:
2e:9c:4b:52:70:82:8d:72:b1:6b:7a:10:de:71:91:
27:6f:02:89:e5:bd:99:7f:db:67:38:d4:56:33:4e:
ca:ed:96:3c:6f:ea:3a:5a:dd:0d:90:19:ff:c8:38:
30:97:28:7b:13:1e:e2:45:c5:01:7c:2f:4d:26:20:
ee:c1:c8:13:2b:fb:d8:44:1a:13:ca:cb:e0:79:bc:
c8:29:f7:e7:1f:ed:7a:48:cb:3b:fa:e8:0a:c7:0e:
bd:43:88:9e:e5:09:65:ab:1e:58:ad:8b:56:bd:3f:
e3:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:8B:E3:43:88:40:08:F6:11:EC:A7:C0:EA:7E:18:88:B5:0E:ED:9D
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/336f8390-241d-4b6f-9822-91232dc553f3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:6800::/40
Signature Algorithm: sha256WithRSAEncryption
8a:4e:a9:b0:4a:58:5f:25:c7:d6:09:31:c0:9c:24:1d:ff:73:
95:f6:97:e7:5d:fe:b3:dd:3e:db:81:b8:13:32:06:4f:bb:d1:
df:8a:2b:4d:18:37:43:6c:1e:be:a0:f7:09:50:3d:fb:eb:e3:
9b:9d:04:a1:68:7e:ac:45:bd:33:f3:1d:c0:04:36:89:89:64:
9c:61:a0:45:3e:7b:97:51:73:ca:09:7c:47:f9:d2:f3:cb:a7:
24:b0:2f:52:9b:82:ce:67:b4:59:0d:1e:15:81:69:8e:20:40:
78:5e:0c:fc:e8:69:0f:53:e4:ed:76:44:12:09:ff:8b:d2:5f:
de:8d:c6:4c:80:be:83:ea:1b:fd:fe:a5:42:1a:2c:c8:5d:b7:
bb:fe:4d:f3:81:b7:e3:61:f4:c6:61:2f:e8:38:f5:47:3e:79:
4b:35:e6:76:be:59:4e:0c:01:18:91:72:c7:6d:7b:d4:c5:de:
5f:59:cf:77:83:6a:aa:a2:f3:de:00:37:5e:22:27:72:a8:40:
88:af:b7:ba:1a:65:75:b7:a6:26:f8:ae:87:21:6f:3e:60:5a:
2b:20:2a:be:f0:bd:fb:71:af:97:41:2e:c6:e5:ab:2e:a8:2e:
1b:99:a3:a9:ce:71:b9:c8:dc:7f:54:19:3e:a8:35:81:c4:d0:
a8:9d:7d:64
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQIMa+FeDZ52lF3zN8v9IVUGxSHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MDMwMDIxMDdaFw0yNTEwMDgyMzU5NTlaMHoxSTBHBgNV
BAUTQDBiOTkzYzM1OWEzMmNmZTRhMGUzNzZiYWNjMWUzMzhiYTFiOTMxZjQ2NmZj
MWM1NWI2OTFlNzM4N2JkYzNkMDMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALEweMUCg/Xab0iY7JnACAdaHZCYr00eWcSsCAP6v6pY6uu/02xILqJC6wbg
09nvMhDz2kORwZBeq6lXTYl8XJQyyvkoBCWh1Bk2EP7u6vzJdx9cQdxyLO+Z8BKx
LcwFqwfvFhBwuGNo70oEfzWIfYEN2vMMa4BV8PajfqCrpph48J4D1LhDghhCxJCm
5eW9qJHDQo+/LpxLUnCCjXKxa3oQ3nGRJ28CieW9mX/bZzjUVjNOyu2WPG/qOlrd
DZAZ/8g4MJcoexMe4kXFAXwvTSYg7sHIEyv72EQaE8rL4Hm8yCn35x/tekjLO/ro
CscOvUOInuUJZaseWK2LVr0/41MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTBi+ND
iEAI9hHsp8DqfhiItQ7tnTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MzM2ZjgzOTAtMjQxZC00YjZmLTk4MjItOTEyMzJkYzU1M2YzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8do
MA0GCSqGSIb3DQEBCwUAA4IBAQCKTqmwSlhfJcfWCTHAnCQd/3OV9pfnXf6z3T7b
gbgTMgZPu9HfiitNGDdDbB6+oPcJUD376+ObnQShaH6sRb0z8x3ABDaJiWScYaBF
PnuXUXPKCXxH+dLzy6cksC9Sm4LOZ7RZDR4VgWmOIEB4Xgz86GkPU+TtdkQSCf+L
0l/ejcZMgL6D6hv9/qVCGizIXbe7/k3zgbfjYfTGYS/oOPVHPnlLNeZ2vllODAEY
kXLHbXvUxd5fWc93g2qqovPeADdeIidyqECIr7e6GmV1t6Ym+K6HIW8+YForICq+
8L37ca+XQS7G5asuqC4bmaOpznG5yNx/VBk+qDWBxNConX1k
-----END CERTIFICATE-----
Generated at Sun Sep 7 12:33:36 2025 by rpki-client