Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4723f2a2-88af-42fa-b700-a780f4cd2903.roa
File: 4723f2a2-88af-42fa-b700-a780f4cd2903.roa (raw, json)
Hash identifier: 1b4PFpH0kMBryB82D97VPemQiBRRb4mZM172tYGgYm4=
Subject key identifier: 56:44:07:CD:07:30:3C:AC:36:E4:E6:8D:2A:A0:D7:E7:BB:33:23:CE
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 238FF2CCB39528B847A41058B7AA85A4F025DC6C
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4723f2a2-88af-42fa-b700-a780f4cd2903.roa
Signing time: Mon 29 Sep 2025 15:40:26 +0000
ROA not before: Mon 29 Sep 2025 15:40:26 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:a000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:8f:f2:cc:b3:95:28:b8:47:a4:10:58:b7:aa:85:a4:f0:25:dc:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:40:26 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=72a70348c17ed67fa417a03112d6aaf1b07950d5a020441507ee402559e5ccb0, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:93:af:82:62:f1:ec:d2:81:c3:54:d2:fa:69:
f8:fe:22:54:26:5f:4f:42:0e:17:2f:ec:2b:24:75:
36:f7:e3:14:41:b2:51:6c:c3:1b:32:d5:7b:b0:ef:
c1:96:ce:bc:50:56:50:22:fd:7f:a8:32:7f:22:f7:
4f:8a:41:b8:9f:1b:1e:00:ba:6e:59:6c:96:ba:a8:
19:a0:64:1a:0e:6e:19:00:70:de:20:88:f4:b8:97:
dc:41:d2:21:6b:ce:15:49:69:14:ef:78:aa:96:14:
da:a3:ba:ba:67:a7:57:ae:66:97:16:f3:b5:b6:63:
c0:69:85:6b:a9:e8:83:d3:5d:dd:f4:20:6e:15:3c:
08:50:3f:db:57:56:7a:2b:63:99:21:e9:21:8b:5c:
57:9f:11:23:f3:55:fb:d8:6c:8e:2f:aa:2d:e8:23:
f0:21:a9:14:dc:44:03:12:55:45:86:12:a0:ab:69:
5e:d9:c5:0b:db:6a:b8:f0:ee:a5:0f:d7:8e:1c:fb:
6c:76:41:44:49:a5:2a:ce:52:44:4f:bf:9b:73:f4:
b2:5e:84:c1:80:ff:6a:1f:13:97:68:ae:cb:33:3d:
41:7c:69:67:b5:41:a3:be:57:c6:d4:74:c3:b1:24:
0d:04:ac:f1:3d:ec:1a:fe:03:8d:f9:d7:08:95:28:
9c:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:44:07:CD:07:30:3C:AC:36:E4:E6:8D:2A:A0:D7:E7:BB:33:23:CE
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/4723f2a2-88af-42fa-b700-a780f4cd2903.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:a000::/36
Signature Algorithm: sha256WithRSAEncryption
78:0f:a3:50:c0:f5:25:19:46:6e:51:fc:07:82:c4:ce:84:05:
02:f2:fa:6b:0d:03:cd:38:93:fa:50:06:84:5c:0b:7c:bd:27:
08:4a:26:55:94:23:67:16:c3:ad:2a:d9:df:ca:3d:91:f4:c5:
19:19:71:be:f3:a1:26:fa:27:a2:19:08:1a:2d:3d:aa:5c:6c:
c8:32:dd:d1:2d:62:f7:32:dd:b4:ed:f2:b5:54:45:39:b7:3b:
02:e4:72:f4:78:67:d5:f5:cc:92:5b:09:0c:c8:7b:cf:a1:61:
c1:46:00:45:21:74:f3:2f:24:77:3f:78:f8:6d:59:eb:9b:a8:
b8:1f:90:ae:70:19:a7:9e:d2:b2:12:cd:b1:b0:b5:31:e3:b2:
46:69:cd:cb:55:ce:03:57:ed:13:e1:d8:13:56:f2:47:ca:6d:
8b:35:6f:5d:f2:e7:d8:a9:ab:f6:ef:17:61:1a:29:10:07:80:
e7:af:ff:f3:c1:61:f7:da:e8:20:97:21:d1:97:da:a6:f8:11:
9d:ee:a1:58:35:cb:a5:1c:86:c9:75:c8:fb:e6:50:85:f6:ff:
ae:e8:62:b4:3c:f3:13:85:6d:f8:e2:3e:1d:42:4e:92:15:93:
7e:e0:c6:70:85:b9:28:84:14:b8:ea:f1:6d:3e:ff:a4:a8:ec:
f0:64:23:3b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUI4/yzLOVKLhHpBBYt6qFpPAl3GwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMjZaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyYTcwMzQ4YzE3ZWQ2N2ZhNDE3YTAzMTEyZDZhYWYxYjA3OTUwZDVhMDIw
NDQxNTA3ZWU0MDI1NTllNWNjYjAxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI6Tr4Ji8ezSgcNU0vpp+P4iVCZfT0IOFy/sKyR1NvfjFEGyUWzDGzLVe7Dv
wZbOvFBWUCL9f6gyfyL3T4pBuJ8bHgC6bllslrqoGaBkGg5uGQBw3iCI9LiX3EHS
IWvOFUlpFO94qpYU2qO6umenV65mlxbztbZjwGmFa6nog9Nd3fQgbhU8CFA/21dW
eitjmSHpIYtcV58RI/NV+9hsji+qLegj8CGpFNxEAxJVRYYSoKtpXtnFC9tquPDu
pQ/Xjhz7bHZBREmlKs5SRE+/m3P0sl6EwYD/ah8Tl2iuyzM9QXxpZ7VBo75XxtR0
w7EkDQSs8T3sGv4DjfnXCJUonIcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRWRAfN
BzA8rDbk5o0qoNfnuzMjzjAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NDcyM2YyYTItODhhZi00MmZhLWI3MDAtYTc4MGY0Y2QyOTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8Og
MA0GCSqGSIb3DQEBCwUAA4IBAQB4D6NQwPUlGUZuUfwHgsTOhAUC8vprDQPNOJP6
UAaEXAt8vScISiZVlCNnFsOtKtnfyj2R9MUZGXG+86Em+ieiGQgaLT2qXGzIMt3R
LWL3Mt207fK1VEU5tzsC5HL0eGfV9cySWwkMyHvPoWHBRgBFIXTzLyR3P3j4bVnr
m6i4H5CucBmnntKyEs2xsLUx47JGac3LVc4DV+0T4dgTVvJHym2LNW9d8ufYqav2
7xdhGikQB4Dnr//zwWH32ugglyHRl9qm+BGd7qFYNculHIbJdcj75lCF9v+u6GK0
PPMThW344j4dQk6SFZN+4MZwhbkohBS46vFtPv+kqOzwZCM7
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:47:32 2025 by rpki-client