Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/f8610070-4efe-423a-a72e-bfc906b441cc.roa
File: f8610070-4efe-423a-a72e-bfc906b441cc.roa (raw, json)
Hash identifier: l5WOJT/P1IVQ8jTX7UvljayevG1Ns6791KydIn8nQow=
Subject key identifier: E4:2D:3A:D1:F1:04:C7:E5:4C:8B:B2:4C:E0:73:B1:DB:6E:6F:11:2A
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 025ED389618FBDBC446E23E6C46588932D3960DC
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/f8610070-4efe-423a-a72e-bfc906b441cc.roa
Signing time: Tue 02 Sep 2025 00:40:08 +0000
ROA not before: Tue 02 Sep 2025 00:40:08 +0000
ROA not after: Tue 07 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:4800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 05:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:5e:d3:89:61:8f:bd:bc:44:6e:23:e6:c4:65:88:93:2d:39:60:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 2 00:40:08 2025 GMT
Not After : Oct 7 23:59:59 2025 GMT
Subject: serialNumber=33aeef3f57b3dce0356f9f409be562e08dcf55273fa272bcc203865a60c24990, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:73:4c:b9:1a:0b:11:31:c0:ac:d5:18:9c:83:
0c:30:2b:7f:2a:51:39:df:4e:2f:d8:89:d6:28:a5:
be:f0:24:8a:f6:90:a0:cd:42:9a:35:bf:be:72:94:
44:bf:59:4f:34:37:a8:8f:f1:75:c1:61:b8:ab:b3:
26:86:f6:29:26:dc:46:17:b7:69:32:56:29:2c:ae:
31:04:f6:71:94:fa:b6:28:ad:ca:80:62:01:da:e9:
15:80:1a:54:a8:96:6b:1f:20:f6:d7:bd:76:6b:27:
35:11:ed:a7:e0:aa:cd:55:48:3f:c7:dc:a5:29:96:
12:9e:76:5c:b9:eb:07:92:0f:e9:9b:38:04:66:dd:
60:2e:9b:b9:e0:cd:c4:5b:ee:33:7d:d4:cf:ba:f0:
14:8e:3c:39:00:56:38:67:57:37:c3:76:e2:9f:94:
72:07:5a:72:ef:27:11:43:b4:9c:f1:89:98:d9:f4:
e5:de:98:b5:27:c1:f5:51:2a:93:a2:e2:13:88:4f:
62:c7:1d:54:d7:a1:38:1b:0c:71:e3:b5:f1:dc:27:
29:c5:d6:f5:e3:1c:a4:21:1d:11:f6:0a:bd:f6:55:
c5:a0:8f:b7:d8:f8:22:a5:94:26:af:be:2d:ed:f1:
fd:03:bf:29:92:e3:ea:c0:0f:0d:e1:12:e5:79:99:
ca:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:2D:3A:D1:F1:04:C7:E5:4C:8B:B2:4C:E0:73:B1:DB:6E:6F:11:2A
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/f8610070-4efe-423a-a72e-bfc906b441cc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:4800::/40
Signature Algorithm: sha256WithRSAEncryption
07:10:ae:fa:f4:2a:27:e8:b8:3d:d3:0b:f3:b5:78:40:cb:a9:
46:64:a5:c5:35:01:bd:45:c2:9e:0e:bc:db:ee:16:60:53:47:
79:35:b7:e1:b8:8d:69:2c:39:bf:57:a5:ae:94:dc:fc:eb:f6:
1b:a6:34:d6:85:45:dc:df:41:60:a2:1d:5a:f3:04:c2:40:22:
1a:66:0f:8e:53:e8:21:3f:25:0c:fa:4c:18:9f:77:a3:2b:19:
5b:77:91:bb:c2:43:8e:25:68:39:97:3a:4f:5d:bd:cc:9e:a8:
2c:53:a6:fb:81:b2:ba:3b:4d:e4:a8:15:4a:16:6a:0a:1c:99:
8d:2c:6a:bd:47:f3:96:09:3b:38:59:a7:b5:2f:a3:7d:27:af:
37:9c:20:51:01:a0:e6:a4:30:ea:1b:bf:d6:7e:24:40:91:a1:
1f:94:7d:f0:c9:0b:6f:9b:89:51:89:3e:27:4e:14:a0:bd:79:
9c:b1:01:f8:09:91:6e:dd:15:c8:92:bf:e2:1a:d4:99:62:f6:
52:f2:fe:0d:53:3a:fe:a5:7b:ad:2a:58:a7:da:66:19:b5:1f:
7b:3f:0e:8f:1e:d6:bb:54:3b:3c:38:92:cd:c7:8e:7b:5b:84:
69:96:34:09:ee:d9:13:a8:da:6c:d3:da:35:79:2d:7f:6e:05:
62:e6:11:9d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAl7TiWGPvbxEbiPmxGWIky05YNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MDIwMDQwMDhaFw0yNTEwMDcyMzU5NTlaMHoxSTBHBgNV
BAUTQDMzYWVlZjNmNTdiM2RjZTAzNTZmOWY0MDliZTU2MmUwOGRjZjU1MjczZmEy
NzJiY2MyMDM4NjVhNjBjMjQ5OTAxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1zTLkaCxExwKzVGJyDDDArfypROd9OL9iJ1iilvvAkivaQoM1CmjW/vnKU
RL9ZTzQ3qI/xdcFhuKuzJob2KSbcRhe3aTJWKSyuMQT2cZT6tiityoBiAdrpFYAa
VKiWax8g9te9dmsnNRHtp+CqzVVIP8fcpSmWEp52XLnrB5IP6Zs4BGbdYC6bueDN
xFvuM33Uz7rwFI48OQBWOGdXN8N24p+Ucgdacu8nEUO0nPGJmNn05d6YtSfB9VEq
k6LiE4hPYscdVNehOBsMceO18dwnKcXW9eMcpCEdEfYKvfZVxaCPt9j4IqWUJq++
Le3x/QO/KZLj6sAPDeES5XmZyhkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTkLTrR
8QTH5UyLskzgc7Hbbm8RKjAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
Zjg2MTAwNzAtNGVmZS00MjNhLWE3MmUtYmZjOTA2YjQ0MWNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8dI
MA0GCSqGSIb3DQEBCwUAA4IBAQAHEK769Con6Lg90wvztXhAy6lGZKXFNQG9RcKe
Drzb7hZgU0d5NbfhuI1pLDm/V6WulNz86/YbpjTWhUXc30Fgoh1a8wTCQCIaZg+O
U+ghPyUM+kwYn3ejKxlbd5G7wkOOJWg5lzpPXb3MnqgsU6b7gbK6O03kqBVKFmoK
HJmNLGq9R/OWCTs4Wae1L6N9J683nCBRAaDmpDDqG7/WfiRAkaEflH3wyQtvm4lR
iT4nThSgvXmcsQH4CZFu3RXIkr/iGtSZYvZS8v4NUzr+pXutKlin2mYZtR97Pw6P
Hta7VDs8OJLNx457W4RpljQJ7tkTqNps09o1eS1/bgVi5hGd
-----END CERTIFICATE-----
Generated at Sun Sep 7 12:33:49 2025 by rpki-client