Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/542fe731-cba6-4c89-a3a4-ba48a69e246b.roa
File: 542fe731-cba6-4c89-a3a4-ba48a69e246b.roa (raw, json)
Hash identifier: O4sOel2APHtkIvo0myy74j1/S5VbMzssTrUDG4lA8b8=
Subject key identifier: 1B:53:C8:F5:78:52:66:BF:86:1D:F5:D7:53:A7:80:F0:E7:AE:4A:57
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 421DC43BD3A86B7104379200A263589BBA9ADAB5
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/542fe731-cba6-4c89-a3a4-ba48a69e246b.roa
Signing time: Fri 20 Jun 2025 00:11:31 +0000
ROA not before: Fri 20 Jun 2025 00:11:31 +0000
ROA not after: Fri 25 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:8800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:1d:c4:3b:d3:a8:6b:71:04:37:92:00:a2:63:58:9b:ba:9a:da:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Jun 20 00:11:31 2025 GMT
Not After : Jul 25 23:59:59 2025 GMT
Subject: serialNumber=30d3be3bb2e6be10e563120e2dd3f29a28d5eea4599f40afe57ca415c0b33b53, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:39:2d:30:b0:c6:51:a5:12:32:13:1f:a4:7e:
8e:dc:11:00:f0:82:9c:89:9b:ad:21:a6:56:7f:84:
51:f6:ec:7b:b2:13:51:07:55:d0:dd:d8:7d:20:a5:
3f:66:3d:af:bd:fe:89:50:d2:ae:49:b4:46:53:99:
d0:e6:be:18:10:8d:cf:79:6b:8d:4a:f3:5a:d3:b5:
d4:3e:b3:98:04:69:cf:94:d8:8e:85:f2:2d:69:8a:
0c:bc:4b:c6:1b:83:78:51:50:b7:20:c0:49:bd:4b:
d4:b9:47:39:c3:99:16:6b:5e:da:b4:89:03:00:0b:
02:d8:3d:95:5f:f5:ea:32:b8:2a:fa:7f:1d:13:4d:
e6:af:93:76:c8:bf:65:2e:c8:74:2e:9f:3e:4e:93:
c6:b0:d2:7c:ad:39:63:c2:a3:d7:1b:c0:49:56:48:
69:eb:6d:d2:7f:b9:1b:c4:24:11:87:91:82:a5:31:
f8:76:bb:c9:10:f5:8f:73:19:ba:13:87:af:47:10:
2c:e8:a9:5f:c3:7d:a9:76:c3:44:ff:07:35:fb:42:
d3:e2:ee:81:47:e8:87:c5:bd:77:5c:67:81:ed:33:
81:d2:a4:48:8f:8b:95:f9:08:ba:72:3a:68:b6:99:
7e:34:6c:2b:48:74:bc:b8:1b:44:b5:3e:a6:3e:e7:
2d:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:53:C8:F5:78:52:66:BF:86:1D:F5:D7:53:A7:80:F0:E7:AE:4A:57
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/542fe731-cba6-4c89-a3a4-ba48a69e246b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:8800::/40
Signature Algorithm: sha256WithRSAEncryption
5b:10:64:89:48:40:26:a8:13:9d:40:ba:6b:41:75:9b:80:45:
50:a9:7d:e5:bf:5b:7b:95:25:16:f6:3d:78:31:40:79:b0:9d:
eb:7c:54:d9:6a:6b:2d:9f:53:62:d2:1f:04:dd:3c:d3:50:6b:
15:06:bb:75:bd:ec:a3:91:c2:2b:01:60:90:a7:ea:7e:6e:59:
45:4b:61:74:99:d6:f4:4c:a8:14:5c:c1:68:5f:fd:6c:0a:56:
57:ce:69:fe:ce:7c:e4:18:49:41:e1:81:26:e2:36:30:9b:dc:
27:2b:b1:8f:cc:02:de:28:64:7b:e4:c6:b7:dd:11:f8:f4:8d:
43:a6:d4:0e:3e:e7:80:95:f7:1f:6e:c5:9e:81:35:32:f7:6b:
83:3d:f2:09:ca:2e:e1:a6:5d:7e:72:93:b4:02:ae:a2:ce:47:
a7:1b:41:9d:00:a3:b2:20:88:20:6e:73:d0:25:b3:8f:51:26:
98:a3:77:e8:94:6c:19:22:bf:55:e9:68:9f:a3:90:c2:8b:ea:
ad:e6:63:f1:d2:33:5d:fb:19:9c:5d:d7:d9:0f:71:80:2e:0b:
2d:58:ce:46:66:1f:a7:5b:20:12:c0:5b:fc:de:c4:d2:01:77:
a6:21:0f:a5:28:c9:2a:f0:e3:94:7e:10:8d:e7:46:58:7d:95:
2b:1a:02:9a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQh3EO9Ooa3EEN5IAomNYm7qa2rUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA2MjAwMDExMzFaFw0yNTA3MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDMwZDNiZTNiYjJlNmJlMTBlNTYzMTIwZTJkZDNmMjlhMjhkNWVlYTQ1OTlm
NDBhZmU1N2NhNDE1YzBiMzNiNTMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALM5LTCwxlGlEjITH6R+jtwRAPCCnImbrSGmVn+EUfbse7ITUQdV0N3YfSCl
P2Y9r73+iVDSrkm0RlOZ0Oa+GBCNz3lrjUrzWtO11D6zmARpz5TYjoXyLWmKDLxL
xhuDeFFQtyDASb1L1LlHOcOZFmte2rSJAwALAtg9lV/16jK4Kvp/HRNN5q+Tdsi/
ZS7IdC6fPk6TxrDSfK05Y8Kj1xvASVZIaett0n+5G8QkEYeRgqUx+Ha7yRD1j3MZ
uhOHr0cQLOipX8N9qXbDRP8HNftC0+LugUfoh8W9d1xnge0zgdKkSI+LlfkIunI6
aLaZfjRsK0h0vLgbRLU+pj7nLZ0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQbU8j1
eFJmv4Yd9ddTp4Dw565KVzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NTQyZmU3MzEtY2JhNi00Yzg5LWEzYTQtYmE0OGE2OWUyNDZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WI
MA0GCSqGSIb3DQEBCwUAA4IBAQBbEGSJSEAmqBOdQLprQXWbgEVQqX3lv1t7lSUW
9j14MUB5sJ3rfFTZamstn1Ni0h8E3TzTUGsVBrt1veyjkcIrAWCQp+p+bllFS2F0
mdb0TKgUXMFoX/1sClZXzmn+znzkGElB4YEm4jYwm9wnK7GPzALeKGR75Ma33RH4
9I1DptQOPueAlfcfbsWegTUy92uDPfIJyi7hpl1+cpO0Aq6izkenG0GdAKOyIIgg
bnPQJbOPUSaYo3folGwZIr9V6Wifo5DCi+qt5mPx0jNd+xmcXdfZD3GALgstWM5G
Zh+nWyASwFv83sTSAXemIQ+lKMkq8OOUfhCN50ZYfZUrGgKa
-----END CERTIFICATE-----
Generated at Sun Jun 29 03:03:10 2025 by rpki-client