Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/eff6a3a5-b241-438e-ac29-04afb84fc11c.roa
File: eff6a3a5-b241-438e-ac29-04afb84fc11c.roa (raw, json)
Hash identifier: nr9jlHbJFPEKvGGnGPEqF5aDpZYokk9uZiDK8D5aYVg=
Subject key identifier: 89:42:DB:86:1C:F6:82:F2:A5:27:D8:35:2B:F6:F7:A0:64:FC:78:64
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 72E26A80299AF81B818A38CC525958F0E9DD13CA
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/eff6a3a5-b241-438e-ac29-04afb84fc11c.roa
Signing time: Tue 02 Sep 2025 00:40:04 +0000
ROA not before: Tue 02 Sep 2025 00:40:04 +0000
ROA not after: Tue 07 Oct 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2001:3fc5:9800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 05:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:e2:6a:80:29:9a:f8:1b:81:8a:38:cc:52:59:58:f0:e9:dd:13:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 2 00:40:04 2025 GMT
Not After : Oct 7 23:59:59 2025 GMT
Subject: serialNumber=40a36c10f324496338fb8861a43398a593ac9f403dd2d3097dc7bfd6680beb9e, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:a6:7a:c4:95:85:e8:6f:aa:5d:f6:9a:a4:65:
84:e1:7f:db:b8:f2:ab:4e:d0:21:8a:35:12:b4:70:
b9:3d:e3:7f:c2:ac:c7:b7:78:b2:11:42:e0:b5:62:
eb:37:47:ec:c9:81:7b:f5:46:92:1c:62:b3:1c:74:
80:01:70:13:d7:42:ce:73:ca:1d:50:f2:bd:48:73:
32:06:f4:f4:29:38:a1:ab:da:ab:69:91:e2:2a:c4:
da:a7:9b:98:f0:0a:d1:54:0a:af:25:41:f8:59:30:
73:a1:31:96:7e:42:bc:b4:f2:7d:c3:fe:6b:1c:71:
1d:13:49:cc:e2:1e:22:a5:75:46:b4:16:1a:f1:af:
58:70:dc:57:5e:f4:dc:79:2d:bf:e2:e5:9e:00:5e:
93:fb:e9:73:2b:ea:d2:24:a9:95:7c:81:95:b0:6d:
01:83:00:4c:28:9e:ed:c1:be:ef:93:9d:87:f3:36:
72:9d:24:70:dd:2d:c7:a9:ee:8f:87:ca:e4:8b:05:
d1:23:3a:dd:9c:f6:25:c7:68:57:86:d3:63:13:18:
4a:4e:07:25:ee:d1:02:8c:56:a1:7f:14:36:0e:e9:
71:bc:1b:e5:1f:90:f8:03:c4:26:be:ed:d5:e4:37:
14:46:49:cb:7b:e3:09:e4:44:8a:2d:7b:d1:ff:bf:
f6:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:42:DB:86:1C:F6:82:F2:A5:27:D8:35:2B:F6:F7:A0:64:FC:78:64
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/eff6a3a5-b241-438e-ac29-04afb84fc11c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:9800::/40
Signature Algorithm: sha256WithRSAEncryption
05:5a:9b:31:2f:7f:96:4e:d8:81:6e:0f:2e:13:f2:d3:70:5d:
2e:cf:45:ff:f0:26:7f:ec:3c:d1:9f:71:fb:c0:43:5b:38:47:
3d:f6:a7:57:94:ec:84:88:b8:9b:ee:d8:65:42:44:82:57:21:
03:fc:10:7f:07:76:0a:e8:e2:99:f2:19:a9:70:83:8c:db:8c:
2c:78:f3:48:d4:6a:39:13:7a:24:bf:3f:9a:a0:e5:19:3f:af:
c9:34:07:ab:3b:17:d6:e0:11:3e:b0:6f:9b:dc:bb:8d:35:fe:
f8:aa:bd:1d:22:07:ba:7b:ae:87:ed:df:86:90:8b:ef:a4:0b:
a7:ec:f6:60:64:61:0b:67:78:30:b8:68:8e:b0:83:5c:18:4e:
76:8d:e4:24:6b:5b:54:46:21:25:e8:6e:fa:80:3f:99:73:5b:
d1:74:0d:92:e3:d0:f6:cf:1e:3a:81:92:59:3f:15:8c:9b:ae:
c5:64:3b:a9:40:62:a6:d3:7e:b1:72:73:a9:cb:62:7f:de:95:
2a:ce:91:c7:d5:1d:15:9e:13:18:c3:68:ef:5f:c5:07:52:bf:
5e:ae:6f:74:3f:0a:6f:7c:d4:cf:9c:ac:cc:35:f1:68:bd:ab:
32:b6:53:70:aa:50:38:c3:78:f3:b3:62:f2:49:36:23:96:b3:
6b:94:69:20
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcuJqgCma+BuBijjMUllY8OndE8owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MDIwMDQwMDRaFw0yNTEwMDcyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwYTM2YzEwZjMyNDQ5NjMzOGZiODg2MWE0MzM5OGE1OTNhYzlmNDAzZGQy
ZDMwOTdkYzdiZmQ2NjgwYmViOWUxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALCmesSVhehvql32mqRlhOF/27jyq07QIYo1ErRwuT3jf8Ksx7d4shFC4LVi
6zdH7MmBe/VGkhxisxx0gAFwE9dCznPKHVDyvUhzMgb09Ck4oavaq2mR4irE2qeb
mPAK0VQKryVB+Fkwc6Exln5CvLTyfcP+axxxHRNJzOIeIqV1RrQWGvGvWHDcV170
3Hktv+LlngBek/vpcyvq0iSplXyBlbBtAYMATCie7cG+75Odh/M2cp0kcN0tx6nu
j4fK5IsF0SM63Zz2JcdoV4bTYxMYSk4HJe7RAoxWoX8UNg7pcbwb5R+Q+APEJr7t
1eQ3FEZJy3vjCeREii170f+/9vkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSJQtuG
HPaC8qUn2DUr9vegZPx4ZDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZWZmNmEzYTUtYjI0MS00MzhlLWFjMjktMDRhZmI4NGZjMTFjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WY
MA0GCSqGSIb3DQEBCwUAA4IBAQAFWpsxL3+WTtiBbg8uE/LTcF0uz0X/8CZ/7DzR
n3H7wENbOEc99qdXlOyEiLib7thlQkSCVyED/BB/B3YK6OKZ8hmpcIOM24wsePNI
1Go5E3okvz+aoOUZP6/JNAerOxfW4BE+sG+b3LuNNf74qr0dIge6e66H7d+GkIvv
pAun7PZgZGELZ3gwuGiOsINcGE52jeQka1tURiEl6G76gD+Zc1vRdA2S49D2zx46
gZJZPxWMm67FZDupQGKm036xcnOpy2J/3pUqzpHH1R0VnhMYw2jvX8UHUr9erm90
PwpvfNTPnKzMNfFovasytlNwqlA4w3jzs2LySTYjlrNrlGkg
-----END CERTIFICATE-----
Generated at Sun Sep 7 12:33:48 2025 by rpki-client