Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/afb29442-cb58-4fe7-9319-202c1646019f.roa
File: afb29442-cb58-4fe7-9319-202c1646019f.roa (raw, json)
Hash identifier: 3PUIj2h8QIdpmURd1i9cxtEUdhl77MX4DCmjT2r6Z9k=
Subject key identifier: 38:8C:B8:0B:A9:E2:5C:49:D7:68:6E:28:43:B8:A7:1D:42:4C:64:70
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 6C342D2394E1FD240A894DCBDA424D864C7FC4C4
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/afb29442-cb58-4fe7-9319-202c1646019f.roa
Signing time: Mon 29 Sep 2025 15:40:24 +0000
ROA not before: Mon 29 Sep 2025 15:40:24 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:34:2d:23:94:e1:fd:24:0a:89:4d:cb:da:42:4d:86:4c:7f:c4:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:40:24 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=4a0ec7bda7c167ca6fa27e25f6ebd557d71c83e77308f2cfbdfe037e991961f7, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:ae:11:92:9d:da:a6:3d:68:e1:8a:0a:26:f7:
ca:02:8d:d2:d8:bd:01:1c:f2:26:51:98:c0:a4:3a:
a4:ee:02:ca:38:e3:58:b6:9a:36:bc:82:1b:5a:14:
78:33:9e:2e:d9:28:7f:a9:28:5a:d3:24:ff:f1:8f:
39:e8:1a:53:9b:29:70:87:56:c1:76:83:39:bf:ee:
68:54:25:08:59:8a:e9:31:76:19:b1:80:72:4e:47:
cd:a6:18:14:a8:fb:5e:42:99:89:34:6d:ff:26:85:
a7:fd:bb:7b:b4:1c:d6:83:5f:85:4f:79:f5:c5:23:
c3:ba:e8:ae:6a:b9:18:62:df:11:4b:f6:17:a8:86:
2c:e9:3e:80:64:a6:bb:2d:dc:e5:e7:4f:7d:31:b9:
56:1e:13:f6:23:aa:ef:99:53:05:ea:65:04:79:77:
2e:a3:29:f1:f0:57:2a:69:fd:cf:45:79:a5:b1:85:
32:d8:72:1b:75:02:d3:8b:82:32:14:e6:ad:3b:1e:
07:78:0b:99:3a:29:26:f1:89:8f:c0:aa:c4:17:2a:
c2:c1:f2:a8:e9:ee:3c:67:40:1d:30:98:64:3a:e0:
0b:9a:fc:a4:94:21:65:b9:a0:df:a6:c0:bb:6c:bd:
6c:6b:23:b3:6b:b7:87:6a:24:19:80:57:53:23:2c:
87:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:8C:B8:0B:A9:E2:5C:49:D7:68:6E:28:43:B8:A7:1D:42:4C:64:70
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/afb29442-cb58-4fe7-9319-202c1646019f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6::/40
Signature Algorithm: sha256WithRSAEncryption
1f:23:61:eb:0c:80:26:4b:d6:55:19:7b:d3:a2:32:f5:2f:20:
53:61:84:c0:7e:79:3c:08:45:a3:f7:3a:d4:33:fa:42:79:03:
f0:aa:3e:cf:3f:6d:8b:95:0f:a5:b1:4e:34:ac:dd:0e:b4:81:
73:bc:aa:c4:d3:c6:4d:a8:69:2a:c1:36:54:aa:d6:08:db:c9:
d4:41:8a:6e:9f:a3:33:2b:69:0d:c4:13:45:74:76:99:12:3b:
3a:79:00:14:5d:4b:c4:52:8d:3d:1d:ab:42:b8:4a:87:64:0a:
1a:65:7b:94:85:36:e5:73:da:cd:bc:53:56:9d:6e:98:f7:6f:
8b:0c:80:2f:32:e5:7e:88:7c:f5:75:b8:08:a0:17:01:e1:e6:
81:13:2e:14:8f:d2:73:9a:f7:ab:dd:9c:55:01:fd:b7:bd:66:
3e:0e:e9:fc:e5:35:08:f9:13:df:cb:d1:6b:58:52:19:e4:3f:
d6:ba:2f:26:6c:98:98:5e:b8:37:21:37:b7:84:a4:da:50:a8:
2d:6e:8d:93:40:80:33:cd:ab:55:f4:27:03:b0:74:68:54:cb:
f1:ac:95:73:22:ae:63:47:68:b9:d6:ef:16:1c:c3:33:4a:bd:
2e:7d:f8:e6:a9:d2:81:05:e6:f0:27:0c:a3:cc:de:45:ba:1e:
7e:c6:53:4b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbDQtI5Th/SQKiU3L2kJNhkx/xMQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTQwMjRaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDRhMGVjN2JkYTdjMTY3Y2E2ZmEyN2UyNWY2ZWJkNTU3ZDcxYzgzZTc3MzA4
ZjJjZmJkZmUwMzdlOTkxOTYxZjcxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIuuEZKd2qY9aOGKCib3ygKN0ti9ARzyJlGYwKQ6pO4CyjjjWLaaNryCG1oU
eDOeLtkof6koWtMk//GPOegaU5spcIdWwXaDOb/uaFQlCFmK6TF2GbGAck5HzaYY
FKj7XkKZiTRt/yaFp/27e7Qc1oNfhU959cUjw7rormq5GGLfEUv2F6iGLOk+gGSm
uy3c5edPfTG5Vh4T9iOq75lTBeplBHl3LqMp8fBXKmn9z0V5pbGFMthyG3UC04uC
MhTmrTseB3gLmTopJvGJj8CqxBcqwsHyqOnuPGdAHTCYZDrgC5r8pJQhZbmg36bA
u2y9bGsjs2u3h2okGYBXUyMsh1kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ4jLgL
qeJcSddobihDuKcdQkxkcDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YWZiMjk0NDItY2I1OC00ZmU3LTkzMTktMjAyYzE2NDYwMTlmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8YA
MA0GCSqGSIb3DQEBCwUAA4IBAQAfI2HrDIAmS9ZVGXvTojL1LyBTYYTAfnk8CEWj
9zrUM/pCeQPwqj7PP22LlQ+lsU40rN0OtIFzvKrE08ZNqGkqwTZUqtYI28nUQYpu
n6MzK2kNxBNFdHaZEjs6eQAUXUvEUo09HatCuEqHZAoaZXuUhTblc9rNvFNWnW6Y
92+LDIAvMuV+iHz1dbgIoBcB4eaBEy4Uj9Jzmver3ZxVAf23vWY+Dun85TUI+RPf
y9FrWFIZ5D/Wui8mbJiYXrg3ITe3hKTaUKgtbo2TQIAzzatV9CcDsHRoVMvxrJVz
Iq5jR2i51u8WHMMzSr0uffjmqdKBBebwJwyjzN5Fuh5+xlNL
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:47:35 2025 by rpki-client