Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/78ea1ce2-8d09-441d-ad92-848a5871e58b.roa
File: 78ea1ce2-8d09-441d-ad92-848a5871e58b.roa (raw, json)
Hash identifier: NpJ1PgWHRSDNh3O8XDlr0Ningindt5IBLWdUvNKXr54=
Subject key identifier: D6:78:F6:3A:BB:ED:F1:59:92:13:D6:0A:54:E0:BD:0B:60:5E:08:1D
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 03D0FE3E64542EE8407CCF1CB1343D747771ED90
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/78ea1ce2-8d09-441d-ad92-848a5871e58b.roa
Signing time: Mon 29 Sep 2025 15:40:16 +0000
ROA not before: Mon 29 Sep 2025 15:40:16 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:d0:fe:3e:64:54:2e:e8:40:7c:cf:1c:b1:34:3d:74:77:71:ed:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:40:16 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=ca5bce21132fa7a7c2faba6a4203e7f3d74f9e043c9cc1ee384449d38df37503, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:44:21:0c:b2:a3:1a:8c:ac:d9:95:be:ac:ab:
f2:a6:77:59:00:6f:5e:ca:cf:cc:4c:07:29:b1:dc:
30:a3:3e:9d:34:69:63:0a:57:4c:d5:48:9f:37:2b:
3e:66:ee:06:34:1b:ae:dc:5a:e3:6b:f4:44:ae:14:
05:34:0e:c5:eb:7b:e0:ae:50:e0:0f:7d:ed:fa:66:
24:eb:fa:40:78:d9:e6:a5:d9:15:36:a9:e5:dd:8b:
c0:2b:47:82:39:6e:46:8e:97:00:4b:2d:b3:00:e0:
70:bf:f8:fc:ac:8b:01:0d:30:41:c2:54:f3:a5:5c:
f0:25:b5:e5:ad:ce:11:cf:61:cd:75:d8:55:4b:bd:
54:fc:b5:74:e7:4c:40:42:0c:82:21:60:34:dd:72:
03:20:49:07:1e:6a:a3:e0:ca:11:2a:57:c9:0e:3d:
26:68:c4:64:54:4d:c9:88:4a:d1:3e:f5:c8:98:ae:
46:c9:35:d1:bc:e4:78:12:17:f7:79:7f:81:2e:e3:
18:7e:2c:9c:25:52:36:60:f7:fb:6f:6d:a2:ff:cb:
12:71:6b:18:99:da:a8:3f:6c:af:bd:19:52:70:9c:
9b:70:84:3b:2e:91:56:d2:8a:16:73:63:41:74:87:
9d:b3:25:41:18:47:d1:69:aa:81:7a:a2:89:50:24:
93:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:78:F6:3A:BB:ED:F1:59:92:13:D6:0A:54:E0:BD:0B:60:5E:08:1D
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/78ea1ce2-8d09-441d-ad92-848a5871e58b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3::/36
Signature Algorithm: sha256WithRSAEncryption
39:60:0f:cb:a5:b1:23:56:fc:b4:94:1f:98:dd:53:f3:92:9a:
bf:f3:43:ea:73:3e:50:26:51:f8:7e:bc:ea:30:14:a5:5c:99:
72:5a:8d:a2:8f:7a:33:b0:30:d9:08:a5:87:92:a6:88:17:67:
ce:77:54:67:ba:ee:51:2f:87:6c:ed:5f:23:22:6c:2a:c7:53:
b4:f2:19:0f:39:b9:c8:c4:d9:6d:d5:42:5a:97:34:03:2b:ff:
15:e0:a5:33:1b:0c:f9:53:50:3e:a7:df:8f:e6:1f:00:bb:53:
a4:87:6f:77:d7:84:de:67:92:9f:bc:d4:a3:37:ee:31:af:84:
ca:8e:06:4b:fa:77:d5:31:5e:f9:bb:10:fe:ba:24:4e:08:f8:
8d:5f:60:88:1a:7f:53:df:23:83:87:6d:1e:be:db:c8:a3:24:
93:a9:27:11:ed:76:52:7e:4c:dd:13:36:7a:68:1f:e6:da:63:
7a:49:0b:fe:47:08:ea:fb:33:4c:00:79:15:b4:ec:32:9b:c2:
a4:b6:c7:9f:e0:5d:f1:06:d9:d6:90:a0:59:7f:c6:da:2e:8c:
67:87:1f:6b:39:79:26:bf:58:87:18:c3:3b:e4:6b:1e:2f:1b:
49:ca:c0:9b:8c:ba:8f:04:05:0f:00:fe:a8:a9:7e:d1:9c:02:
d5:ab:b7:e7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUA9D+PmRULuhAfM8csTQ9dHdx7ZAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMTZaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhNWJjZTIxMTMyZmE3YTdjMmZhYmE2YTQyMDNlN2YzZDc0ZjllMDQzYzlj
YzFlZTM4NDQ0OWQzOGRmMzc1MDMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKxEIQyyoxqMrNmVvqyr8qZ3WQBvXsrPzEwHKbHcMKM+nTRpYwpXTNVInzcr
PmbuBjQbrtxa42v0RK4UBTQOxet74K5Q4A997fpmJOv6QHjZ5qXZFTap5d2LwCtH
gjluRo6XAEstswDgcL/4/KyLAQ0wQcJU86Vc8CW15a3OEc9hzXXYVUu9VPy1dOdM
QEIMgiFgNN1yAyBJBx5qo+DKESpXyQ49JmjEZFRNyYhK0T71yJiuRsk10bzkeBIX
93l/gS7jGH4snCVSNmD3+29tov/LEnFrGJnaqD9sr70ZUnCcm3CEOy6RVtKKFnNj
QXSHnbMlQRhH0WmqgXqiiVAkkyECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTWePY6
u+3xWZIT1gpU4L0LYF4IHTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
NzhlYTFjZTItOGQwOS00NDFkLWFkOTItODQ4YTU4NzFlNThiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8MA
MA0GCSqGSIb3DQEBCwUAA4IBAQA5YA/LpbEjVvy0lB+Y3VPzkpq/80Pqcz5QJlH4
frzqMBSlXJlyWo2ij3ozsDDZCKWHkqaIF2fOd1Rnuu5RL4ds7V8jImwqx1O08hkP
ObnIxNlt1UJalzQDK/8V4KUzGwz5U1A+p9+P5h8Au1Okh29314TeZ5KfvNSjN+4x
r4TKjgZL+nfVMV75uxD+uiROCPiNX2CIGn9T3yODh20evtvIoySTqScR7XZSfkzd
EzZ6aB/m2mN6SQv+Rwjq+zNMAHkVtOwym8Kktsef4F3xBtnWkKBZf8baLoxnhx9r
OXkmv1iHGMM75GseLxtJysCbjLqPBAUPAP6oqX7RnALVq7fn
-----END CERTIFICATE-----
Generated at Sun Oct 19 19:54:34 2025 by rpki-client