Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/afb29442-cb58-4fe7-9319-202c1646019f.roa
File: afb29442-cb58-4fe7-9319-202c1646019f.roa (raw, json)
Hash identifier: AsM+TShuBCsOjUD2o1FPiwgYDKfJLMCTf5FA/wyh0Ks=
Subject key identifier: C7:47:DC:F3:DD:FF:B0:7E:10:8A:9D:C9:1E:2E:E5:9B:D6:3B:2C:FE
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 402C5A44CF5B051E4E558C4B50BC723009B4FD4C
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/afb29442-cb58-4fe7-9319-202c1646019f.roa
Signing time: Wed 30 Apr 2025 00:20:19 +0000
ROA not before: Wed 30 Apr 2025 00:20:19 +0000
ROA not after: Wed 04 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 18:19:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:2c:5a:44:cf:5b:05:1e:4e:55:8c:4b:50:bc:72:30:09:b4:fd:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Apr 30 00:20:19 2025 GMT
Not After : Jun 4 23:59:59 2025 GMT
Subject: serialNumber=88e88a5c9789a6ece9c869a606c8c5f644b93f161cf105f1121c5385ac8d2871, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:52:f5:0f:88:14:98:44:da:b8:3d:f2:c9:35:
73:6b:a8:56:52:91:64:d9:83:ef:7f:e3:7e:f7:4e:
28:43:f6:a0:d0:8a:dc:ea:27:e0:43:63:82:ed:95:
44:f4:1c:d7:e7:68:07:3e:2a:85:d2:60:1c:24:6e:
5d:b2:56:86:42:59:4a:d9:d6:60:b9:2e:56:4b:3a:
af:f7:86:52:4f:1d:b2:d4:6f:44:e0:77:d9:f4:65:
fe:53:b5:b6:6a:5d:eb:78:72:32:4d:33:d7:c3:3f:
c6:47:0c:4d:50:e2:8e:04:c4:60:18:c8:a0:e6:fc:
3c:f0:b4:e4:d3:89:1a:5d:14:3c:f4:a8:1f:64:63:
24:69:d0:87:9b:24:5e:92:39:ed:bf:17:60:47:d0:
57:11:dc:20:67:bd:b7:35:79:e3:6c:ff:db:96:bf:
4a:83:77:c8:f3:a0:ed:ed:09:e4:0f:08:98:49:38:
23:74:25:6c:25:1e:ce:50:ed:31:bf:3e:8c:31:b1:
7f:27:f0:47:ca:29:80:c0:cd:9a:b6:f5:bf:45:d3:
94:1d:dc:63:aa:df:be:75:88:7f:49:23:b6:2f:d1:
e6:86:a9:93:22:8f:d6:cf:41:3b:a3:f4:59:8b:c8:
0f:68:f2:0a:1d:5a:8d:e4:c4:72:9b:a8:57:61:1b:
f8:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:47:DC:F3:DD:FF:B0:7E:10:8A:9D:C9:1E:2E:E5:9B:D6:3B:2C:FE
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/afb29442-cb58-4fe7-9319-202c1646019f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6::/40
Signature Algorithm: sha256WithRSAEncryption
2c:e1:6a:fa:88:0d:4d:76:4d:48:d1:2c:2e:1f:5b:89:bb:3c:
5f:10:e2:18:df:c9:53:2f:05:6f:73:76:ac:98:37:fe:77:9e:
aa:8e:56:50:50:89:ca:8d:a3:11:59:6e:1d:4d:21:14:3a:ae:
39:73:69:6e:41:9d:b1:ec:1f:bc:0d:ce:49:fb:39:21:16:a9:
08:5d:c4:16:36:2a:8f:38:14:eb:ce:6f:54:a2:35:c1:ed:45:
81:0b:8c:30:7c:57:1e:6f:85:e7:28:b1:5f:e0:91:59:bb:f1:
97:34:59:e7:9e:ca:7d:a4:cf:07:c8:55:75:3a:4f:3d:56:e5:
72:49:dc:a8:7b:2f:15:c1:40:3e:2b:3e:16:7c:ab:65:0a:5f:
95:66:7a:42:3b:8a:fb:99:cf:46:f8:c2:02:27:37:5b:2f:62:
b2:1e:ed:a4:d3:43:86:32:df:79:05:f3:56:cb:25:b8:ee:49:
67:80:51:60:c4:ae:01:c8:21:90:b9:6c:d0:a0:23:c0:ec:5a:
1b:7f:2d:8f:7a:e9:27:2c:ec:05:d6:3a:46:9a:59:fd:4b:dd:
b3:b1:76:e0:0f:78:56:03:7e:c5:61:e9:73:c9:d9:4f:31:98:
2f:0e:db:ab:78:3d:b1:42:47:9f:21:ba:40:12:3a:22:9e:32:
a7:5f:f9:86
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQCxaRM9bBR5OVYxLULxyMAm0/UwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MzAwMDIwMTlaFw0yNTA2MDQyMzU5NTlaMHoxSTBHBgNV
BAUTQDg4ZTg4YTVjOTc4OWE2ZWNlOWM4NjlhNjA2YzhjNWY2NDRiOTNmMTYxY2Yx
MDVmMTEyMWM1Mzg1YWM4ZDI4NzExLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdS9Q+IFJhE2rg98sk1c2uoVlKRZNmD73/jfvdOKEP2oNCK3Oon4ENjgu2V
RPQc1+doBz4qhdJgHCRuXbJWhkJZStnWYLkuVks6r/eGUk8dstRvROB32fRl/lO1
tmpd63hyMk0z18M/xkcMTVDijgTEYBjIoOb8PPC05NOJGl0UPPSoH2RjJGnQh5sk
XpI57b8XYEfQVxHcIGe9tzV542z/25a/SoN3yPOg7e0J5A8ImEk4I3QlbCUezlDt
Mb8+jDGxfyfwR8opgMDNmrb1v0XTlB3cY6rfvnWIf0kjti/R5oapkyKP1s9BO6P0
WYvID2jyCh1ajeTEcpuoV2Eb+DkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTHR9zz
3f+wfhCKnckeLuWb1jss/jAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
YWZiMjk0NDItY2I1OC00ZmU3LTkzMTktMjAyYzE2NDYwMTlmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8YA
MA0GCSqGSIb3DQEBCwUAA4IBAQAs4Wr6iA1Ndk1I0SwuH1uJuzxfEOIY38lTLwVv
c3asmDf+d56qjlZQUInKjaMRWW4dTSEUOq45c2luQZ2x7B+8Dc5J+zkhFqkIXcQW
NiqPOBTrzm9UojXB7UWBC4wwfFceb4XnKLFf4JFZu/GXNFnnnsp9pM8HyFV1Ok89
VuVySdyoey8VwUA+Kz4WfKtlCl+VZnpCO4r7mc9G+MICJzdbL2KyHu2k00OGMt95
BfNWyyW47klngFFgxK4ByCGQuWzQoCPA7Fobfy2PeuknLOwF1jpGmln9S92zsXbg
D3hWA37FYelzydlPMZgvDtureD2xQkefIbpAEjoinjKnX/mG
-----END CERTIFICATE-----
Generated at Mon May 5 21:45:36 2025 by rpki-client