Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/8d33474a-7193-4fb1-90e2-82106a40b461.roa
File: 8d33474a-7193-4fb1-90e2-82106a40b461.roa (raw, json)
Hash identifier: o6aYBGwqkCBqPSF/Lwu95XVHg8S26vCBtyn4z7Tw4MM=
Subject key identifier: 5B:F0:50:64:AE:69:78:74:81:5D:75:7A:B2:1E:80:C5:AB:76:C0:98
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 5F1FE3D826323086F8A28D172654312823FAB967
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/8d33474a-7193-4fb1-90e2-82106a40b461.roa
Signing time: Mon 29 Sep 2025 15:40:17 +0000
ROA not before: Mon 29 Sep 2025 15:40:17 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:2800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:1f:e3:d8:26:32:30:86:f8:a2:8d:17:26:54:31:28:23:fa:b9:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:40:17 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=519344fb510140052b07fc3aa860ee4cfee59c790dd04d2ad85310007c88f472, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ef:bd:c6:a8:3c:f6:53:4d:fb:bf:3c:0b:d5:
89:a7:48:ff:c7:7e:05:5b:55:67:16:34:dd:7b:9a:
7d:1b:98:2a:a8:f1:3d:7f:31:ab:71:55:d6:a1:98:
59:ef:2d:28:86:7d:39:c8:60:11:c7:02:9b:9c:b6:
e0:9d:2d:cb:66:1e:12:6a:2c:e1:f6:25:22:a9:2e:
1a:d5:95:3e:32:ce:bf:56:d1:62:bd:5c:2f:fb:b7:
69:c4:f1:c8:d1:7e:33:71:9a:64:05:2a:5a:af:fc:
96:29:a0:db:3e:49:23:5a:87:38:ad:7e:ff:3a:dd:
13:b9:2f:37:5d:4f:11:a6:19:9b:ff:04:ee:b9:ef:
91:f5:86:48:22:b3:55:ea:11:7c:9c:91:3e:7a:c4:
ec:7b:16:f3:e6:fc:7c:a1:02:e2:58:90:cf:7d:17:
54:7a:3c:de:65:5f:e6:b3:1d:e4:dc:f7:6c:6a:d0:
9a:c0:57:b7:7c:23:3d:67:fc:9a:fc:ce:0a:a6:b3:
42:06:af:3d:cf:37:94:f8:ed:e6:73:77:45:f8:74:
c8:a4:03:20:b2:d6:0f:a9:7e:c6:9c:7d:a0:61:0a:
1e:67:9d:26:86:cb:6d:c5:ee:33:0a:90:61:f2:fd:
f9:04:a4:d0:a2:ea:06:90:52:47:dc:55:98:39:ef:
75:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:F0:50:64:AE:69:78:74:81:5D:75:7A:B2:1E:80:C5:AB:76:C0:98
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/8d33474a-7193-4fb1-90e2-82106a40b461.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:2800::/40
Signature Algorithm: sha256WithRSAEncryption
36:ac:a3:da:9e:14:36:2b:f8:a3:f0:b2:24:87:a0:fd:7b:3f:
6b:99:d7:7a:db:6f:f6:4e:23:e2:73:5e:3d:1e:8f:e4:be:f0:
09:51:d5:34:d4:bc:43:d1:2a:56:80:a8:51:bc:40:fd:38:59:
25:86:47:fa:bf:b3:f3:d8:8e:7c:30:40:b6:ae:31:b5:f5:8c:
a0:d1:05:d4:6c:2c:4a:8f:5e:f6:d8:cf:7c:86:ba:2f:13:2c:
6c:25:39:02:a7:9f:90:0a:35:51:e3:4a:9c:90:e5:94:ab:ea:
12:1e:5d:de:dc:1b:36:30:b8:95:7c:52:2f:ec:c5:d0:57:db:
a9:c7:d5:78:c1:f4:cf:c1:f8:da:36:c3:16:4b:34:3f:22:e4:
fb:29:c0:d8:f8:73:87:ae:ad:1c:be:57:51:8f:2f:79:44:33:
bf:de:7f:3d:6e:7e:cd:e6:c7:2c:bc:ee:49:98:3e:ae:f3:3d:
1f:d4:64:00:0b:33:2b:b5:2b:88:11:50:8f:c8:27:ac:a3:9f:
68:16:ae:f8:90:55:81:f0:23:9e:c7:e3:a9:0d:ea:0a:63:d7:
14:6a:1f:5d:35:c3:30:08:a5:34:92:3f:c3:05:47:3e:20:18:
08:06:f7:9b:cf:21:53:2b:4e:bc:1c:dc:ac:ff:b1:5b:90:ba:
87:a9:26:03
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXx/j2CYyMIb4oo0XJlQxKCP6uWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMTdaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDUxOTM0NGZiNTEwMTQwMDUyYjA3ZmMzYWE4NjBlZTRjZmVlNTljNzkwZGQw
NGQyYWQ4NTMxMDAwN2M4OGY0NzIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMHvvcaoPPZTTfu/PAvViadI/8d+BVtVZxY03XuafRuYKqjxPX8xq3FV1qGY
We8tKIZ9OchgEccCm5y24J0ty2YeEmos4fYlIqkuGtWVPjLOv1bRYr1cL/u3acTx
yNF+M3GaZAUqWq/8limg2z5JI1qHOK1+/zrdE7kvN11PEaYZm/8E7rnvkfWGSCKz
VeoRfJyRPnrE7HsW8+b8fKEC4liQz30XVHo83mVf5rMd5Nz3bGrQmsBXt3wjPWf8
mvzOCqazQgavPc83lPjt5nN3Rfh0yKQDILLWD6l+xpx9oGEKHmedJobLbcXuMwqQ
YfL9+QSk0KLqBpBSR9xVmDnvdR0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRb8FBk
rml4dIFddXqyHoDFq3bAmDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
OGQzMzQ3NGEtNzE5My00ZmIxLTkwZTItODIxMDZhNDBiNDYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8Mo
MA0GCSqGSIb3DQEBCwUAA4IBAQA2rKPanhQ2K/ij8LIkh6D9ez9rmdd622/2TiPi
c149Ho/kvvAJUdU01LxD0SpWgKhRvED9OFklhkf6v7Pz2I58MEC2rjG19Yyg0QXU
bCxKj1722M98hrovEyxsJTkCp5+QCjVR40qckOWUq+oSHl3e3Bs2MLiVfFIv7MXQ
V9upx9V4wfTPwfjaNsMWSzQ/IuT7KcDY+HOHrq0cvldRjy95RDO/3n89bn7N5scs
vO5JmD6u8z0f1GQACzMrtSuIEVCPyCeso59oFq74kFWB8COex+OpDeoKY9cUah9d
NcMwCKU0kj/DBUc+IBgIBvebzyFTK068HNys/7FbkLqHqSYD
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:26:42 2025 by rpki-client