Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1e498054-99a2-4f2b-82cb-7448499c313c.roa
File: 1e498054-99a2-4f2b-82cb-7448499c313c.roa (raw, json)
Hash identifier: WE3DSHyU4+j9jX+gHFoYswCBAgRezyfIFhm0AOGxKV4=
Subject key identifier: 36:9F:18:8B:27:7A:60:70:44:93:80:EE:7B:56:43:95:32:D3:1D:C8
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 417E246992A481E837FB0392E184F50C11D39A79
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1e498054-99a2-4f2b-82cb-7448499c313c.roa
Signing time: Mon 29 Sep 2025 15:40:34 +0000
ROA not before: Mon 29 Sep 2025 15:40:34 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:7e:24:69:92:a4:81:e8:37:fb:03:92:e1:84:f5:0c:11:d3:9a:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:40:34 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=6601deaf73e428764f5d334acae9c8411f1f89e6b8338794100390852e46a065, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:09:05:69:79:62:c3:59:d9:ff:5a:14:95:f4:
4b:f4:2f:1f:fb:90:43:f9:f5:61:4d:55:16:b0:76:
7d:e3:b8:23:61:e1:82:2f:ab:b4:dc:e9:d6:27:4e:
88:51:6c:5e:99:e7:cb:25:9f:c5:1f:74:0d:09:3b:
e1:af:17:dd:ae:5d:22:1e:f0:2a:b8:83:be:2a:bb:
b9:3d:8d:e0:d3:0d:6a:41:ca:06:76:97:c4:5e:43:
09:30:64:f9:11:ea:4c:76:39:2c:67:c1:5f:8a:43:
24:63:f1:cf:20:3e:36:3a:31:1f:df:ed:5c:6b:48:
37:6a:da:31:3b:b5:4a:3b:eb:b1:63:43:a5:3d:47:
99:33:db:2b:c1:13:0f:e5:d8:0f:63:b1:c1:54:30:
fd:b8:df:71:c5:30:2a:60:92:3f:99:9f:49:13:9f:
da:49:a1:b8:7d:df:53:ea:64:ac:0e:61:ce:5a:1e:
10:da:ac:54:f4:41:a5:04:29:78:bf:34:5f:42:43:
9e:bf:d1:80:d7:45:f0:4a:f7:3f:93:5e:3c:ec:4d:
59:99:1c:03:ed:bc:ca:67:a8:cd:f2:0c:e6:a4:77:
b3:5c:24:02:7c:d1:0a:45:88:cf:0e:30:ec:19:3a:
92:0e:e6:45:1e:0d:1b:3e:98:9c:5f:84:75:db:11:
da:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:9F:18:8B:27:7A:60:70:44:93:80:EE:7B:56:43:95:32:D3:1D:C8
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1e498054-99a2-4f2b-82cb-7448499c313c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0::/29
Signature Algorithm: sha256WithRSAEncryption
72:9b:4f:13:48:d7:b2:92:ee:ab:70:37:0b:62:5c:11:5b:99:
95:e7:05:62:dd:51:89:be:08:66:44:3f:b5:86:a1:61:47:cb:
12:53:82:83:cd:b9:07:af:fa:ad:9f:9e:e7:59:d5:1e:d3:26:
95:0b:6c:8a:50:84:93:73:da:bf:14:f2:61:35:b9:14:3a:4c:
a0:ea:76:99:17:2f:73:5c:4b:b5:28:3e:a9:c6:4a:62:15:34:
c7:f7:f1:6d:f1:96:14:69:e1:ac:d4:50:c3:01:81:3a:bd:8c:
72:49:a2:44:fb:fa:50:b4:ae:6d:77:60:4a:39:cc:cf:a2:09:
26:13:63:02:20:a8:a6:46:4d:0c:2f:1b:1f:9f:6b:cb:81:72:
ab:f4:3d:01:11:9d:54:4d:c6:2d:9e:0a:53:99:cf:a2:ef:ad:
20:ee:22:f9:82:b6:8c:9d:f4:33:7c:64:0f:22:ff:83:b7:5f:
95:5e:31:03:3d:bd:82:08:60:91:b1:6c:5e:2c:55:77:cd:be:
61:4a:4b:73:59:8c:72:c7:ab:b7:6f:be:5b:ca:40:de:50:56:
43:c8:64:54:98:86:bf:58:a7:70:7d:3c:57:dd:11:a7:21:87:
ca:84:cc:56:5d:8b:28:59:24:24:ac:4f:44:55:93:c1:e6:a0:
5a:8e:cf:a5
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUQX4kaZKkgeg3+wOS4YT1DBHTmnkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMzRaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDY2MDFkZWFmNzNlNDI4NzY0ZjVkMzM0YWNhZTljODQxMWYxZjg5ZTZiODMz
ODc5NDEwMDM5MDg1MmU0NmEwNjUxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPEJBWl5YsNZ2f9aFJX0S/QvH/uQQ/n1YU1VFrB2feO4I2Hhgi+rtNzp1idO
iFFsXpnnyyWfxR90DQk74a8X3a5dIh7wKriDviq7uT2N4NMNakHKBnaXxF5DCTBk
+RHqTHY5LGfBX4pDJGPxzyA+NjoxH9/tXGtIN2raMTu1SjvrsWNDpT1HmTPbK8ET
D+XYD2OxwVQw/bjfccUwKmCSP5mfSROf2kmhuH3fU+pkrA5hzloeENqsVPRBpQQp
eL80X0JDnr/RgNdF8Er3P5NePOxNWZkcA+28ymeozfIM5qR3s1wkAnzRCkWIzw4w
7Bk6kg7mRR4NGz6YnF+EddsR2hcCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBQ2nxiL
J3pgcESTgO57VkOVMtMdyDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MWU0OTgwNTQtOTlhMi00ZjJiLTgyY2ItNzQ0ODQ5OWMzMTNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyABP8Aw
DQYJKoZIhvcNAQELBQADggEBAHKbTxNI17KS7qtwNwtiXBFbmZXnBWLdUYm+CGZE
P7WGoWFHyxJTgoPNuQev+q2fnudZ1R7TJpULbIpQhJNz2r8U8mE1uRQ6TKDqdpkX
L3NcS7UoPqnGSmIVNMf38W3xlhRp4azUUMMBgTq9jHJJokT7+lC0rm13YEo5zM+i
CSYTYwIgqKZGTQwvGx+fa8uBcqv0PQERnVRNxi2eClOZz6LvrSDuIvmCtoyd9DN8
ZA8i/4O3X5VeMQM9vYIIYJGxbF4sVXfNvmFKS3NZjHLHq7dvvlvKQN5QVkPIZFSY
hr9Yp3B9PFfdEachh8qEzFZdiyhZJCSsT0RVk8HmoFqOz6U=
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:27:56 2025 by rpki-client