Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9195a704-de86-4692-95c9-30d458a106d5.roa
File: 9195a704-de86-4692-95c9-30d458a106d5.roa (raw, json)
Hash identifier: a3rMM8hDVTN8a5GPsWo6jFeTloah2J6zxjhIoU7R/Ro=
Subject key identifier: 15:4C:CF:2C:8A:5C:4A:7D:D2:D5:EC:A6:FE:10:D8:97:1C:79:CE:04
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 21563A8C7A832449CC413017DD3A0A633FCC0AC5
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9195a704-de86-4692-95c9-30d458a106d5.roa
Signing time: Mon 29 Sep 2025 15:39:54 +0000
ROA not before: Mon 29 Sep 2025 15:39:54 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1:8000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:56:3a:8c:7a:83:24:49:cc:41:30:17:dd:3a:0a:63:3f:cc:0a:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:39:54 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=0f7f47b0aea9a2abc6a018fc4cd2e6cea29d29c4c174b9d1ee43b2a393cc13bb, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:27:94:8c:3e:e4:36:90:c1:e3:a9:9a:56:b7:
41:a7:dc:88:de:85:3c:ab:6e:3d:99:c2:ea:c4:7e:
63:d6:98:98:cd:70:68:ab:db:5a:b1:23:55:6e:ef:
c4:b1:0c:c9:ad:d1:cd:e6:39:98:cf:f9:43:6f:2e:
45:77:25:dc:92:9a:dc:9f:a6:ed:91:35:b4:3f:c9:
ac:bb:d6:60:1a:01:df:56:26:9c:e0:73:fd:4a:fa:
a7:65:29:92:25:7d:3e:90:be:e1:a8:19:4c:c6:61:
e7:a2:89:82:40:c0:41:28:f7:39:d6:ac:ed:d2:aa:
a5:19:3d:ab:0c:ab:1d:fc:cc:98:58:8a:72:52:bf:
25:11:4b:b2:6e:46:4c:9c:16:05:2e:05:c8:ec:22:
29:d4:2f:41:a5:8f:93:fc:77:8f:d7:a3:bd:e4:b1:
a7:6d:75:11:98:4f:59:44:dd:94:dd:42:35:88:37:
aa:07:08:2e:fa:1e:6f:85:98:0e:e5:5f:50:88:c9:
ba:93:ac:7e:53:ae:01:cd:1c:2a:74:a3:c7:13:81:
4e:86:57:8c:4d:b9:2a:4a:7c:28:9b:0a:a1:71:5b:
9b:b7:4a:b2:ff:76:f0:e3:b2:62:b4:4d:e0:9d:71:
65:c8:8f:04:7c:9d:96:4b:68:c0:95:b7:28:72:41:
42:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:4C:CF:2C:8A:5C:4A:7D:D2:D5:EC:A6:FE:10:D8:97:1C:79:CE:04
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9195a704-de86-4692-95c9-30d458a106d5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1:8000::/36
Signature Algorithm: sha256WithRSAEncryption
85:82:dc:a2:66:58:98:d4:19:32:92:49:70:be:81:8d:09:1f:
50:87:6a:27:3d:29:63:7d:d5:ee:f5:1f:88:e3:10:0f:81:61:
22:a1:79:b0:fd:63:57:6a:f8:89:83:4e:be:ad:07:b7:78:65:
2a:1e:d1:fa:51:72:9f:2f:31:4a:27:5d:57:c6:79:8b:b4:dc:
93:68:12:90:63:0a:d7:c5:fa:39:03:2b:8e:a9:e3:6e:87:26:
d8:34:32:15:cb:c3:47:77:2b:3f:37:3a:ca:f6:1c:61:30:9f:
fc:54:f2:99:4d:ea:21:30:91:39:d4:89:3c:bc:5b:ae:24:1d:
0f:b0:19:1b:d3:7f:f9:d0:30:8f:16:d6:06:86:17:77:71:e7:
37:57:d4:07:44:bb:da:89:b1:da:66:a5:06:4a:e6:55:34:09:
56:e3:a8:6d:ec:dc:63:9f:39:28:c0:6c:aa:cb:d2:27:31:a4:
a1:88:57:80:e8:06:1e:f9:a2:81:95:8b:20:78:40:09:ae:a7:
61:39:f8:77:81:32:18:c8:89:74:68:38:3d:d4:4a:72:96:fd:
b7:3d:86:3e:00:86:26:a0:b8:c1:13:95:ee:ef:ef:6e:04:b2:
50:6f:84:b6:e6:9d:11:07:09:e9:66:26:c8:82:29:3f:20:87:
9b:cf:d8:88
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIVY6jHqDJEnMQTAX3ToKYz/MCsUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTM5NTRaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDBmN2Y0N2IwYWVhOWEyYWJjNmEwMThmYzRjZDJlNmNlYTI5ZDI5YzRjMTc0
YjlkMWVlNDNiMmEzOTNjYzEzYmIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJonlIw+5DaQweOpmla3QafciN6FPKtuPZnC6sR+Y9aYmM1waKvbWrEjVW7v
xLEMya3RzeY5mM/5Q28uRXcl3JKa3J+m7ZE1tD/JrLvWYBoB31YmnOBz/Ur6p2Up
kiV9PpC+4agZTMZh56KJgkDAQSj3Odas7dKqpRk9qwyrHfzMmFiKclK/JRFLsm5G
TJwWBS4FyOwiKdQvQaWPk/x3j9ejveSxp211EZhPWUTdlN1CNYg3qgcILvoeb4WY
DuVfUIjJupOsflOuAc0cKnSjxxOBToZXjE25Kkp8KJsKoXFbm7dKsv928OOyYrRN
4J1xZciPBHydlktowJW3KHJBQu0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQVTM8s
ilxKfdLV7Kb+ENiXHHnOBDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
OTE5NWE3MDQtZGU4Ni00NjkyLTk1YzktMzBkNDU4YTEwNmQ1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8GA
MA0GCSqGSIb3DQEBCwUAA4IBAQCFgtyiZliY1BkykklwvoGNCR9Qh2onPSljfdXu
9R+I4xAPgWEioXmw/WNXaviJg06+rQe3eGUqHtH6UXKfLzFKJ11XxnmLtNyTaBKQ
YwrXxfo5AyuOqeNuhybYNDIVy8NHdys/NzrK9hxhMJ/8VPKZTeohMJE51Ik8vFuu
JB0PsBkb03/50DCPFtYGhhd3cec3V9QHRLvaibHaZqUGSuZVNAlW46ht7Nxjnzko
wGyqy9InMaShiFeA6AYe+aKBlYsgeEAJrqdhOfh3gTIYyIl0aDg91Epylv23PYY+
AIYmoLjBE5Xu7+9uBLJQb4S25p0RBwnpZibIgik/IIebz9iI
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:11:29 2025 by rpki-client