Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9623dcba-6a97-4717-ac77-dd16d3c33f78.roa
File: 9623dcba-6a97-4717-ac77-dd16d3c33f78.roa (raw, json)
Hash identifier: crg6qhXFDE51wAgt03shwlq29WN4ygBNekEU4dmMnas=
Subject key identifier: EF:D6:C5:AC:AC:6D:5B:65:2A:E3:C4:93:74:2F:B1:A3:67:C2:FF:E7
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 62CD42C72A7D6124883D7C14BDA4D9D32A391AEE
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9623dcba-6a97-4717-ac77-dd16d3c33f78.roa
Signing time: Mon 29 Sep 2025 15:40:33 +0000
ROA not before: Mon 29 Sep 2025 15:40:33 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
62:cd:42:c7:2a:7d:61:24:88:3d:7c:14:bd:a4:d9:d3:2a:39:1a:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:40:33 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=78fbf1cdecb40612094ee84b7a1997348fe5155812eca804b02956e69a6921e2, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:5a:87:a1:56:c3:3d:3f:69:36:e5:67:42:12:
f6:16:46:1a:01:fe:7e:f9:81:53:e3:77:27:5a:84:
54:6f:4a:1d:9e:06:cb:09:7b:19:0d:99:f2:f6:28:
c5:66:e7:ac:0c:1e:e3:6f:14:86:8e:47:31:90:ce:
65:4a:10:3d:47:be:4a:ef:63:ce:87:ac:66:2a:b4:
cd:cf:58:35:3f:95:d8:c9:a1:4d:62:72:89:8d:b3:
2a:2d:a2:32:8b:8a:6e:e1:e2:05:7c:81:a5:33:13:
69:b6:17:6a:8e:67:71:74:44:4f:82:4b:04:89:73:
70:53:5e:c0:67:de:b9:62:7e:1b:ae:bb:4a:46:8f:
37:2a:22:c2:4a:6c:2d:3b:d5:e7:33:de:25:18:3e:
e4:17:08:19:22:d6:81:4f:ea:71:85:90:9d:f1:90:
61:f1:1d:af:1a:41:1c:a9:ff:c3:26:72:6a:2a:09:
03:34:10:2f:df:dd:a8:93:29:83:79:48:ae:13:e9:
89:89:ec:53:d6:07:df:ba:16:0a:ad:df:a4:d7:2d:
8f:80:ac:4f:fa:83:4b:87:08:25:f8:cf:77:55:c8:
90:cc:fa:47:76:20:93:ea:bc:4c:a4:47:1a:61:39:
54:dd:ab:6e:af:22:5f:d1:6c:d6:55:c3:78:20:22:
89:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:D6:C5:AC:AC:6D:5B:65:2A:E3:C4:93:74:2F:B1:A3:67:C2:FF:E7
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/9623dcba-6a97-4717-ac77-dd16d3c33f78.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5::/36
Signature Algorithm: sha256WithRSAEncryption
7c:c0:4e:9c:b9:c0:9e:16:0d:8a:c9:70:07:68:16:d3:a3:98:
41:e5:e1:bb:be:91:36:1f:28:dc:6d:fb:9a:33:79:ee:da:79:
ff:69:25:1f:6c:4a:2d:c3:0a:36:a1:d1:62:bc:72:03:ea:92:
c4:bc:72:ef:b3:a5:bb:9a:e6:52:b4:7d:b9:cc:99:c7:6e:2e:
28:5c:b3:54:cc:27:af:a0:4c:01:d4:19:f3:0d:76:2a:ac:18:
18:48:94:49:1a:7a:09:20:8c:21:ba:b5:29:15:20:84:9d:8d:
02:66:3a:2f:dc:f8:a1:f0:d3:77:e4:7b:d8:1a:dd:4b:50:c7:
03:b0:b1:c2:b0:4f:a4:89:8d:3e:b7:88:2b:f6:12:6a:80:77:
64:f3:d2:9e:0a:c2:04:5a:9f:b3:7f:2d:6d:2c:a8:fd:51:0d:
9d:62:96:c0:04:18:bf:c6:b4:e9:81:e0:18:2c:46:ea:3d:87:
5a:d4:2e:f7:80:3c:d8:95:ad:25:b3:b2:4e:6b:8a:2b:f5:01:
f1:b6:9b:d3:ba:1d:87:1c:0e:14:66:11:9a:c4:e1:a6:f3:60:
d7:a1:5d:8e:74:e9:da:ad:2a:24:e8:68:5f:5c:e8:ea:1b:19:
29:d8:ef:e1:6a:12:fe:0c:48:8f:8c:77:93:28:06:a9:aa:78:
fc:37:5e:4c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYs1Cxyp9YSSIPXwUvaTZ0yo5Gu4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMzNaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDc4ZmJmMWNkZWNiNDA2MTIwOTRlZTg0YjdhMTk5NzM0OGZlNTE1NTgxMmVj
YTgwNGIwMjk1NmU2OWE2OTIxZTIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALxah6FWwz0/aTblZ0IS9hZGGgH+fvmBU+N3J1qEVG9KHZ4Gywl7GQ2Z8vYo
xWbnrAwe428Uho5HMZDOZUoQPUe+Su9jzoesZiq0zc9YNT+V2MmhTWJyiY2zKi2i
MouKbuHiBXyBpTMTabYXao5ncXRET4JLBIlzcFNewGfeuWJ+G667SkaPNyoiwkps
LTvV5zPeJRg+5BcIGSLWgU/qcYWQnfGQYfEdrxpBHKn/wyZyaioJAzQQL9/dqJMp
g3lIrhPpiYnsU9YH37oWCq3fpNctj4CsT/qDS4cIJfjPd1XIkMz6R3Ygk+q8TKRH
GmE5VN2rbq8iX9Fs1lXDeCAiiWkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTv1sWs
rG1bZSrjxJN0L7GjZ8L/5zAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
OTYyM2RjYmEtNmE5Ny00NzE3LWFjNzctZGQxNmQzYzMzZjc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8UA
MA0GCSqGSIb3DQEBCwUAA4IBAQB8wE6cucCeFg2KyXAHaBbTo5hB5eG7vpE2Hyjc
bfuaM3nu2nn/aSUfbEotwwo2odFivHID6pLEvHLvs6W7muZStH25zJnHbi4oXLNU
zCevoEwB1BnzDXYqrBgYSJRJGnoJIIwhurUpFSCEnY0CZjov3Pih8NN35HvYGt1L
UMcDsLHCsE+kiY0+t4gr9hJqgHdk89KeCsIEWp+zfy1tLKj9UQ2dYpbABBi/xrTp
geAYLEbqPYda1C73gDzYla0ls7JOa4or9QHxtpvTuh2HHA4UZhGaxOGm82DXoV2O
dOnarSok6GhfXOjqGxkp2O/hahL+DEiPjHeTKAapqnj8N15M
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:28:24 2025 by rpki-client