Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/8d33474a-7193-4fb1-90e2-82106a40b461.roa
File: 8d33474a-7193-4fb1-90e2-82106a40b461.roa (raw, json)
Hash identifier: Iiz2EDOHpwMwaO6EbFejMeZg7YhwIsiJzoLw3+8kXIE=
Subject key identifier: D7:84:E4:4A:14:9F:DF:F0:CE:09:64:5A:24:DF:45:47:92:95:31:60
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 32BE6CF56E681904E63AD9F0D86266B7D5D233BF
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/8d33474a-7193-4fb1-90e2-82106a40b461.roa
Signing time: Sat 09 Aug 2025 00:20:08 +0000
ROA not before: Sat 09 Aug 2025 00:20:08 +0000
ROA not after: Sat 13 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:2800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:be:6c:f5:6e:68:19:04:e6:3a:d9:f0:d8:62:66:b7:d5:d2:33:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Aug 9 00:20:08 2025 GMT
Not After : Sep 13 23:59:59 2025 GMT
Subject: serialNumber=dff150fbe191876bf49d9e46bc566d1a062dd6cee60dd30a18a7eeb22ef4aff1, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:55:76:31:7c:15:bc:1d:36:23:45:37:8d:bf:
f7:df:66:bc:b2:43:79:85:62:e7:d7:55:c9:4b:19:
fc:09:02:cc:37:f4:01:ac:1a:af:62:9e:c5:bb:cf:
dd:92:a4:69:ba:1f:11:a0:80:f3:24:82:90:c7:86:
2f:7d:64:62:d4:40:51:6a:17:2b:c8:7e:44:55:97:
9f:c0:86:a0:42:9e:52:6e:c4:ca:b5:5f:95:bd:ac:
9d:50:d3:a0:c5:18:d0:4c:85:c1:8d:df:9a:e0:63:
89:c3:30:8d:26:5e:de:a0:c3:c1:1f:bf:a2:46:05:
3f:72:e7:a1:92:b7:ce:7b:68:6f:a7:a7:f4:9e:d7:
3b:b3:d2:1d:83:7f:24:77:b8:9b:fb:22:e2:ec:10:
a4:9b:dd:e7:10:93:05:c3:a2:f1:1d:f6:50:85:62:
08:0c:52:36:7d:97:12:29:cd:c3:b6:fe:b3:ca:18:
d9:29:e9:5d:fe:d3:99:66:aa:04:6a:17:5b:ff:2b:
a4:32:2e:8e:60:28:e1:8e:89:73:5c:3b:bd:07:59:
ba:5b:4b:fc:82:e1:e0:ef:4f:1d:01:80:ff:c5:1f:
56:f7:4b:a1:87:08:fc:a4:5d:fd:6c:09:63:e1:4a:
12:c6:ef:7b:08:85:82:9a:81:94:87:17:82:90:fc:
12:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:84:E4:4A:14:9F:DF:F0:CE:09:64:5A:24:DF:45:47:92:95:31:60
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/8d33474a-7193-4fb1-90e2-82106a40b461.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:2800::/40
Signature Algorithm: sha256WithRSAEncryption
40:65:1e:37:41:5a:6e:12:be:2b:22:eb:91:ea:c1:5b:aa:c2:
db:f7:4f:9c:b8:09:d2:36:9f:9c:d0:54:6c:4f:fe:0f:14:6b:
35:13:82:3d:a7:97:31:eb:c7:73:9e:9b:01:9b:0e:e3:85:b8:
46:33:66:df:d9:e5:7e:0f:ef:42:c0:b2:19:6f:13:24:bd:9a:
ed:d1:51:8f:f4:fd:c6:1d:88:e3:33:aa:97:c3:fb:e4:7f:02:
23:65:0b:4e:05:aa:85:2d:2d:95:68:a7:33:e4:96:c7:44:e7:
40:7b:78:47:24:b0:4b:2b:1a:2d:eb:09:b3:2b:0b:90:53:a5:
3e:4c:01:8e:f1:a6:04:5b:c0:82:c5:56:b6:a2:6c:50:f9:0d:
6d:8b:d8:28:1d:c6:45:f8:70:a3:c1:22:18:78:b8:35:d0:2b:
90:e3:32:eb:f9:a7:c8:f0:f4:15:56:16:54:a8:a0:53:19:a9:
b7:cb:b7:71:c3:ae:4d:f4:04:7c:ce:72:5b:86:29:e5:91:6f:
f9:a9:a7:52:94:56:70:54:e8:41:28:71:11:b6:df:50:4c:3c:
3b:6d:43:c2:4c:d0:b6:50:24:cf:e6:e0:4a:0e:18:2f:57:fa:
17:7f:4d:21:9a:74:80:f4:88:eb:a9:8f:ea:92:35:3d:8a:57:
ed:c0:3b:40
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMr5s9W5oGQTmOtnw2GJmt9XSM78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA4MDkwMDIwMDhaFw0yNTA5MTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGRmZjE1MGZiZTE5MTg3NmJmNDlkOWU0NmJjNTY2ZDFhMDYyZGQ2Y2VlNjBk
ZDMwYTE4YTdlZWIyMmVmNGFmZjExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOBVdjF8FbwdNiNFN42/999mvLJDeYVi59dVyUsZ/AkCzDf0Aawar2KexbvP
3ZKkabofEaCA8ySCkMeGL31kYtRAUWoXK8h+RFWXn8CGoEKeUm7EyrVflb2snVDT
oMUY0EyFwY3fmuBjicMwjSZe3qDDwR+/okYFP3LnoZK3zntob6en9J7XO7PSHYN/
JHe4m/si4uwQpJvd5xCTBcOi8R32UIViCAxSNn2XEinNw7b+s8oY2SnpXf7TmWaq
BGoXW/8rpDIujmAo4Y6Jc1w7vQdZultL/ILh4O9PHQGA/8UfVvdLoYcI/KRd/WwJ
Y+FKEsbvewiFgpqBlIcXgpD8Ej0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTXhORK
FJ/f8M4JZFok30VHkpUxYDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
OGQzMzQ3NGEtNzE5My00ZmIxLTkwZTItODIxMDZhNDBiNDYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8Mo
MA0GCSqGSIb3DQEBCwUAA4IBAQBAZR43QVpuEr4rIuuR6sFbqsLb90+cuAnSNp+c
0FRsT/4PFGs1E4I9p5cx68dznpsBmw7jhbhGM2bf2eV+D+9CwLIZbxMkvZrt0VGP
9P3GHYjjM6qXw/vkfwIjZQtOBaqFLS2VaKcz5JbHROdAe3hHJLBLKxot6wmzKwuQ
U6U+TAGO8aYEW8CCxVa2omxQ+Q1ti9goHcZF+HCjwSIYeLg10CuQ4zLr+afI8PQV
VhZUqKBTGam3y7dxw65N9AR8znJbhinlkW/5qadSlFZwVOhBKHERtt9QTDw7bUPC
TNC2UCTP5uBKDhgvV/oXf00hmnSA9IjrqY/qkjU9ilftwDtA
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:11:51 2025 by rpki-client