Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0869fd21-e07d-44bc-b068-73be998c5028.roa
File: 0869fd21-e07d-44bc-b068-73be998c5028.roa (raw, json)
Hash identifier: WtTEbuCQtw+IokX4nuqtqZc+wnEOfswFSt563g9QTPA=
Subject key identifier: 22:BE:B8:0E:D6:3B:5E:9D:BC:CE:97:8C:5B:59:64:1D:5C:71:84:E9
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 60BCC1AB7BD978D6298F7BB06A3480B61848BE9B
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0869fd21-e07d-44bc-b068-73be998c5028.roa
Signing time: Mon 29 Sep 2025 15:40:20 +0000
ROA not before: Mon 29 Sep 2025 15:40:20 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:f800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:bc:c1:ab:7b:d9:78:d6:29:8f:7b:b0:6a:34:80:b6:18:48:be:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:40:20 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=3829539f747e10af17582bdd28c0a0dddcf568730a8eb443e2d446f9e968a384, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:4c:44:b3:ef:a8:d8:f1:4e:5c:92:c0:58:a5:
29:3c:27:25:2d:71:89:b0:88:37:60:bf:e7:75:78:
e8:8d:ee:57:ed:31:d3:b3:23:fc:56:f0:cd:95:dc:
af:ae:32:c9:74:43:a9:cc:77:61:3b:fa:10:b9:31:
de:58:ce:24:22:81:4c:63:4a:56:49:a1:42:55:e1:
a6:c3:63:3a:70:4a:df:d4:86:2f:d1:73:cd:ef:77:
e6:f1:61:93:46:2d:f8:7b:0e:8c:f0:26:22:79:03:
1c:d4:6e:0c:b0:88:4f:67:27:97:d8:c4:e8:8c:2b:
36:b3:97:ec:12:0c:1c:b7:04:68:af:1c:c9:05:92:
7f:9c:4f:6d:f2:0a:a7:ff:ee:92:56:0b:1a:d3:34:
37:5c:48:b5:7f:83:2f:71:90:df:ba:f4:c1:80:ec:
a1:24:47:f0:fb:69:20:d7:17:80:86:43:88:2a:cb:
ee:2b:2f:9a:cf:a7:8f:82:06:df:24:51:a8:6d:65:
71:e7:b3:e2:e8:e0:8a:6b:aa:09:98:b7:19:8b:3d:
f6:7d:c1:15:19:b6:08:ea:05:66:2f:2c:f2:80:bc:
f6:11:fe:c5:af:e0:06:0c:12:f1:f2:7d:ac:c3:6a:
f7:73:be:b1:31:c1:16:a8:78:4a:c3:48:e8:2a:98:
43:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:BE:B8:0E:D6:3B:5E:9D:BC:CE:97:8C:5B:59:64:1D:5C:71:84:E9
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/0869fd21-e07d-44bc-b068-73be998c5028.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:f800::/40
Signature Algorithm: sha256WithRSAEncryption
0f:db:d2:13:e2:c0:ca:b1:d4:8f:26:29:1c:d5:c3:88:db:fe:
87:a4:0c:91:33:17:14:99:ef:8e:14:3c:1b:81:05:47:6a:cf:
45:a6:9e:99:e3:38:c2:be:34:aa:b9:3a:d5:c4:30:2a:fb:62:
3f:38:11:35:3e:ff:1c:d9:00:35:4b:6b:2b:3d:73:1d:32:72:
0e:dc:be:3c:5c:96:de:80:b3:ee:62:42:d2:8c:46:e5:95:eb:
ea:b1:5f:3d:e5:1d:18:4b:37:f6:3c:a5:e2:f5:bc:d7:90:6e:
46:e2:93:96:9a:eb:74:d8:6d:41:2b:57:dc:e0:f3:86:94:d1:
3c:83:61:9b:a1:c3:50:92:86:08:6f:b5:09:a1:e5:2a:90:72:
43:db:6b:c1:b4:d2:cc:04:86:ec:69:9e:09:47:fe:d6:de:5d:
1b:a7:44:2c:52:de:98:f1:4b:0e:a2:c1:90:80:2c:34:61:d1:
2c:04:68:c6:cd:9e:6e:15:b2:c7:a3:09:43:3c:5d:23:0b:b9:
55:3f:73:db:1b:a5:52:89:ee:5e:24:81:3a:4e:6f:ae:27:10:
72:f2:ee:56:02:fb:57:6d:5b:77:1e:05:6b:e3:9a:14:a0:71:
2c:e0:d4:1c:d7:f0:f0:30:0d:cd:1b:ce:78:da:8e:a3:f6:f0:
df:c9:28:6a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYLzBq3vZeNYpj3uwajSAthhIvpswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMjBaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDM4Mjk1MzlmNzQ3ZTEwYWYxNzU4MmJkZDI4YzBhMGRkZGNmNTY4NzMwYThl
YjQ0M2UyZDQ0NmY5ZTk2OGEzODQxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANZMRLPvqNjxTlySwFilKTwnJS1xibCIN2C/53V46I3uV+0x07Mj/FbwzZXc
r64yyXRDqcx3YTv6ELkx3ljOJCKBTGNKVkmhQlXhpsNjOnBK39SGL9Fzze935vFh
k0Yt+HsOjPAmInkDHNRuDLCIT2cnl9jE6IwrNrOX7BIMHLcEaK8cyQWSf5xPbfIK
p//uklYLGtM0N1xItX+DL3GQ37r0wYDsoSRH8PtpINcXgIZDiCrL7isvms+nj4IG
3yRRqG1lceez4ujgimuqCZi3GYs99n3BFRm2COoFZi8s8oC89hH+xa/gBgwS8fJ9
rMNq93O+sTHBFqh4SsNI6CqYQ2cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQivrgO
1jtenbzOl4xbWWQdXHGE6TAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MDg2OWZkMjEtZTA3ZC00NGJjLWIwNjgtNzNiZTk5OGM1MDI4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8f4
MA0GCSqGSIb3DQEBCwUAA4IBAQAP29IT4sDKsdSPJikc1cOI2/6HpAyRMxcUme+O
FDwbgQVHas9Fpp6Z4zjCvjSquTrVxDAq+2I/OBE1Pv8c2QA1S2srPXMdMnIO3L48
XJbegLPuYkLSjEbllevqsV895R0YSzf2PKXi9bzXkG5G4pOWmut02G1BK1fc4POG
lNE8g2GbocNQkoYIb7UJoeUqkHJD22vBtNLMBIbsaZ4JR/7W3l0bp0QsUt6Y8UsO
osGQgCw0YdEsBGjGzZ5uFbLHowlDPF0jC7lVP3PbG6VSie5eJIE6Tm+uJxBy8u5W
AvtXbVt3HgVr45oUoHEs4NQc1/DwMA3NG8542o6j9vDfyShq
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:28:03 2025 by rpki-client