Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/654f1481-ba50-463b-9997-0d385dd9b0a3.roa
File: 654f1481-ba50-463b-9997-0d385dd9b0a3.roa (raw, json)
Hash identifier: 6zpghRvqtYPxT86lTWyybUzH3ufE/RNSoSR7UnKG82c=
Subject key identifier: 76:6A:5C:BE:01:E9:E7:61:83:2A:09:1C:59:4E:A8:14:BC:3D:D4:A7
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 4BD71A3C2C41111F0A4407672B8C168A2D2B902A
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/654f1481-ba50-463b-9997-0d385dd9b0a3.roa
Signing time: Mon 29 Sep 2025 15:40:18 +0000
ROA not before: Mon 29 Sep 2025 15:40:18 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:d7:1a:3c:2c:41:11:1f:0a:44:07:67:2b:8c:16:8a:2d:2b:90:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:40:18 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=4a4587e2a116788138606cd46045450bdde9b19ccd760b3f9d6d3f204644ccd4, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:d6:d3:13:25:f9:a9:94:99:a3:08:8b:23:b2:
94:9c:3a:d5:87:ba:2a:65:25:48:13:c7:bf:b5:80:
03:d5:b5:fe:9e:04:e6:50:c1:d9:72:88:7c:d5:e4:
af:ee:df:3f:28:21:a2:8e:46:82:dd:c1:14:ad:17:
1d:20:c0:5e:bb:b8:e8:37:ba:b7:32:fd:d1:a7:40:
78:6c:23:9e:67:a6:d4:fb:4e:f2:1c:e2:a8:77:4d:
82:ac:ae:7e:95:b2:26:f5:43:ea:47:08:61:52:25:
5e:55:f0:07:0e:f7:b4:37:1e:67:09:89:2d:e4:15:
a4:f8:bc:17:ba:8b:30:03:88:36:79:c7:98:d6:da:
dd:c7:e7:ff:55:02:54:f2:fa:95:53:a2:d3:11:41:
68:19:c4:9d:52:20:96:ad:fb:e7:f9:2b:49:af:f1:
a6:f2:55:96:8c:80:de:cc:09:1f:a3:ca:01:fd:bc:
2a:05:5b:9e:30:58:57:a6:ea:06:cb:8f:2f:c4:2b:
7f:ba:7e:f5:5a:18:53:f4:87:f8:b1:cb:7a:d3:53:
a7:5e:eb:99:d9:a5:df:0c:49:13:6f:80:5a:49:f3:
9f:0a:3a:82:a5:a0:aa:cd:14:f6:e6:2e:72:ac:be:
44:07:bc:d2:b3:74:36:0d:bd:c2:70:19:cb:ff:83:
55:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:6A:5C:BE:01:E9:E7:61:83:2A:09:1C:59:4E:A8:14:BC:3D:D4:A7
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/654f1481-ba50-463b-9997-0d385dd9b0a3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0:800::/40
Signature Algorithm: sha256WithRSAEncryption
09:6a:9f:90:d5:12:22:36:a9:84:a7:ae:57:38:b9:92:29:75:
e2:c4:6f:be:aa:83:c8:15:eb:ae:81:56:73:e6:9b:d5:fb:1a:
61:73:f9:8d:2b:e2:62:aa:21:29:70:26:4b:16:69:f9:af:9d:
a9:eb:31:d9:4d:52:93:8a:a1:76:ae:9d:4f:74:78:c5:ad:69:
bf:52:46:c0:fc:98:17:a1:3e:86:04:a7:49:1b:74:ab:43:2a:
a2:79:44:c9:8d:81:83:58:ec:1b:06:95:5a:5a:cd:93:b6:eb:
33:83:f7:fd:3d:46:1b:36:2b:f8:67:9b:e6:5a:34:9f:62:c5:
83:b4:7f:70:c8:21:22:03:cf:32:84:9a:45:35:ca:53:41:87:
3c:06:5b:7c:0f:55:8b:9b:30:51:dc:40:56:49:54:bf:e9:c4:
d9:99:07:0d:59:44:59:ac:73:a4:d9:46:18:93:07:dc:f2:05:
3b:17:26:32:93:96:c7:b4:cf:1e:56:ce:26:0a:8b:8d:0f:52:
2a:da:96:6d:4b:19:ef:07:ee:63:32:35:d6:69:ec:13:71:36:
e0:bc:fd:f8:95:63:6c:5a:d4:a3:b1:e5:43:f0:44:64:b6:e8:
83:d6:02:9c:c8:aa:6e:88:15:81:e1:89:ce:a3:fc:fa:ac:22:
26:f4:f9:e3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUS9caPCxBER8KRAdnK4wWii0rkCowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMThaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDRhNDU4N2UyYTExNjc4ODEzODYwNmNkNDYwNDU0NTBiZGRlOWIxOWNjZDc2
MGIzZjlkNmQzZjIwNDY0NGNjZDQxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzW0xMl+amUmaMIiyOylJw61Ye6KmUlSBPHv7WAA9W1/p4E5lDB2XKIfNXk
r+7fPyghoo5Ggt3BFK0XHSDAXru46De6tzL90adAeGwjnmem1PtO8hziqHdNgqyu
fpWyJvVD6kcIYVIlXlXwBw73tDceZwmJLeQVpPi8F7qLMAOINnnHmNba3cfn/1UC
VPL6lVOi0xFBaBnEnVIglq375/krSa/xpvJVloyA3swJH6PKAf28KgVbnjBYV6bq
BsuPL8Qrf7p+9VoYU/SH+LHLetNTp17rmdml3wxJE2+AWknznwo6gqWgqs0U9uYu
cqy+RAe80rN0Ng29wnAZy/+DVU8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR2aly+
AennYYMqCRxZTqgUvD3UpzAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NjU0ZjE0ODEtYmE1MC00NjNiLTk5OTctMGQzODVkZDliMGEzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8AI
MA0GCSqGSIb3DQEBCwUAA4IBAQAJap+Q1RIiNqmEp65XOLmSKXXixG++qoPIFeuu
gVZz5pvV+xphc/mNK+JiqiEpcCZLFmn5r52p6zHZTVKTiqF2rp1PdHjFrWm/UkbA
/JgXoT6GBKdJG3SrQyqieUTJjYGDWOwbBpVaWs2Ttuszg/f9PUYbNiv4Z5vmWjSf
YsWDtH9wyCEiA88yhJpFNcpTQYc8Blt8D1WLmzBR3EBWSVS/6cTZmQcNWURZrHOk
2UYYkwfc8gU7FyYyk5bHtM8eVs4mCouND1Iq2pZtSxnvB+5jMjXWaewTcTbgvP34
lWNsWtSjseVD8ERktuiD1gKcyKpuiBWB4YnOo/z6rCIm9Pnj
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:31:14 2025 by rpki-client