Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/8d33474a-7193-4fb1-90e2-82106a40b461.roa
File: 8d33474a-7193-4fb1-90e2-82106a40b461.roa (raw, json)
Hash identifier: TEEfWk3EjEeRb3Fk2ujiATJQgcj7JPOKnX+mBSilJIQ=
Subject key identifier: C1:E0:AF:00:96:99:68:7A:34:30:5E:2F:E9:58:F0:7A:46:FC:C3:EC
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 120DD8B276FB5B7907DB4BB9BFDA8F39EFC9E06A
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/8d33474a-7193-4fb1-90e2-82106a40b461.roa
Signing time: Wed 03 Sep 2025 00:21:08 +0000
ROA not before: Wed 03 Sep 2025 00:21:08 +0000
ROA not after: Wed 08 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:2800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 05:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:0d:d8:b2:76:fb:5b:79:07:db:4b:b9:bf:da:8f:39:ef:c9:e0:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 3 00:21:08 2025 GMT
Not After : Oct 8 23:59:59 2025 GMT
Subject: serialNumber=4539c589ae1d958fcbd771ecbf7c5cf56d7e84f49054e8e79ee0645211b2564b, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:1f:3c:15:ec:44:f2:06:35:c0:f6:21:04:ad:
83:46:80:c3:50:07:67:69:39:7b:53:48:98:83:28:
bc:71:32:ff:84:c2:f3:a7:c0:26:8a:8c:f6:1e:8c:
a2:c4:56:22:e2:15:d5:c9:a9:01:79:4b:c5:4f:12:
b0:2d:6d:c8:ea:dd:8c:00:9a:74:16:80:56:0a:f0:
46:aa:a1:ba:1a:7e:74:7d:7d:81:92:82:a9:01:f5:
e0:25:30:8f:b9:7a:d5:5b:b0:0f:d1:5f:ce:fc:da:
f4:50:c3:f1:61:1a:3f:35:26:fc:9a:24:b6:b4:e5:
a3:39:b3:45:03:88:e5:01:a2:6b:b6:a8:81:53:d0:
64:d8:10:64:0a:32:3c:23:b5:95:f6:96:ab:64:1a:
ae:fe:04:d5:e8:47:6e:7e:7b:84:1a:8d:03:ce:5f:
55:da:0e:b0:10:3d:3d:81:a7:49:c2:72:e5:bc:37:
09:8c:f8:40:7b:14:8d:f3:6a:df:4b:49:86:ce:1a:
70:57:09:4f:ef:7e:f3:94:7b:2e:56:24:af:6b:f6:
5e:c9:ab:c2:9b:67:c6:3d:9d:03:5a:52:bc:ec:15:
05:6d:36:cc:6e:93:cd:64:01:f7:e8:ca:e5:85:15:
e3:cf:01:d1:aa:cb:92:35:b5:4a:c0:c0:9e:c8:31:
b0:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:E0:AF:00:96:99:68:7A:34:30:5E:2F:E9:58:F0:7A:46:FC:C3:EC
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/8d33474a-7193-4fb1-90e2-82106a40b461.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:2800::/40
Signature Algorithm: sha256WithRSAEncryption
43:63:18:d7:2c:2d:86:64:c8:19:2a:9e:a5:1c:cc:09:be:b8:
b5:5b:72:64:d9:1d:a5:09:d0:6a:c1:f1:80:96:8f:ea:c3:2f:
ad:46:b6:2e:5c:12:3e:80:a8:f5:77:a5:3b:9f:e2:4d:c9:59:
3c:77:bc:ea:c8:46:47:e3:d3:43:c4:a0:8f:d0:16:4a:d6:17:
6d:a6:a2:b2:05:7b:b4:16:cf:72:eb:5d:48:c7:a9:0b:37:25:
93:ac:04:b2:0a:53:8e:6c:86:ac:ac:59:84:85:41:13:07:70:
3c:c4:35:8e:f8:a0:29:42:93:44:1a:5d:7a:e4:d2:3a:eb:01:
79:95:d0:82:68:b7:4b:77:23:a0:c6:e8:c8:76:c0:44:25:26:
c0:51:0c:cf:e3:cf:a5:f8:8a:0a:8e:18:d9:27:45:a3:27:cb:
27:bb:8a:88:3d:4c:84:3c:ea:2f:a8:55:9b:0e:f3:63:f5:e4:
b3:4e:66:6d:eb:4d:c0:22:4c:79:40:e0:f8:e7:81:f7:05:0b:
94:e2:c0:fd:13:d2:33:a4:26:36:ba:d9:30:5c:b1:be:99:ce:
f0:f5:dc:5d:61:6d:18:7a:d7:c0:f7:7f:f1:28:f0:a9:d1:62:
ce:17:9b:42:90:55:f7:d8:66:09:3a:09:c3:c4:5e:08:d7:d5:
bb:25:d8:a2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEg3Ysnb7W3kH20u5v9qPOe/J4GowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MDMwMDIxMDhaFw0yNTEwMDgyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ1MzljNTg5YWUxZDk1OGZjYmQ3NzFlY2JmN2M1Y2Y1NmQ3ZTg0ZjQ5MDU0
ZThlNzllZTA2NDUyMTFiMjU2NGIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL8fPBXsRPIGNcD2IQStg0aAw1AHZ2k5e1NImIMovHEy/4TC86fAJoqM9h6M
osRWIuIV1cmpAXlLxU8SsC1tyOrdjACadBaAVgrwRqqhuhp+dH19gZKCqQH14CUw
j7l61VuwD9Ffzvza9FDD8WEaPzUm/JoktrTlozmzRQOI5QGia7aogVPQZNgQZAoy
PCO1lfaWq2Qarv4E1ehHbn57hBqNA85fVdoOsBA9PYGnScJy5bw3CYz4QHsUjfNq
30tJhs4acFcJT+9+85R7LlYkr2v2Xsmrwptnxj2dA1pSvOwVBW02zG6TzWQB9+jK
5YUV488B0arLkjW1SsDAnsgxsCECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTB4K8A
lploejQwXi/pWPB6RvzD7DAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
OGQzMzQ3NGEtNzE5My00ZmIxLTkwZTItODIxMDZhNDBiNDYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8Mo
MA0GCSqGSIb3DQEBCwUAA4IBAQBDYxjXLC2GZMgZKp6lHMwJvri1W3Jk2R2lCdBq
wfGAlo/qwy+tRrYuXBI+gKj1d6U7n+JNyVk8d7zqyEZH49NDxKCP0BZK1hdtpqKy
BXu0Fs9y611Ix6kLNyWTrASyClOObIasrFmEhUETB3A8xDWO+KApQpNEGl165NI6
6wF5ldCCaLdLdyOgxujIdsBEJSbAUQzP48+l+IoKjhjZJ0WjJ8snu4qIPUyEPOov
qFWbDvNj9eSzTmZt603AIkx5QOD454H3BQuU4sD9E9IzpCY2utkwXLG+mc7w9dxd
YW0YetfA93/xKPCp0WLOF5tCkFX32GYJOgnDxF4I19W7Jdii
-----END CERTIFICATE-----
Generated at Sun Sep 7 12:34:22 2025 by rpki-client