Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/df7033c9-3736-411c-b289-a6013faa6935.roa
File: df7033c9-3736-411c-b289-a6013faa6935.roa (raw, json)
Hash identifier: 8G5l9q3lXMYwr2g8DY5PZyPu+kfEpBuj2VL2MTbtsy0=
Subject key identifier: D8:C3:0B:24:10:74:97:49:F5:D8:C7:C7:E2:2C:15:D1:66:82:B9:89
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 1A40A296499A518442CD0E6DC7511EFB84B5054B
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/df7033c9-3736-411c-b289-a6013faa6935.roa
Signing time: Mon 29 Sep 2025 15:39:29 +0000
ROA not before: Mon 29 Sep 2025 15:39:29 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:2880::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:40:a2:96:49:9a:51:84:42:cd:0e:6d:c7:51:1e:fb:84:b5:05:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Sep 29 15:39:29 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=c6cd08894a566b6afaa6e89ad5d2c8252c3ae25d11c03434710119709912c5a2, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:9b:f6:63:d5:2c:a9:a0:30:75:22:79:50:a2:
62:77:37:c4:1f:c1:45:fa:69:ad:65:a7:39:a8:be:
95:bb:fa:2c:71:cf:b8:d3:f7:c0:3b:f4:b5:88:3d:
61:b3:55:03:46:a9:59:a1:86:f2:76:3a:94:b3:c6:
5d:24:7e:d9:8f:b2:a1:3e:65:51:15:f3:d9:17:92:
7b:8e:02:55:87:f0:a8:27:94:94:dc:f6:1c:53:d1:
55:28:b5:b2:93:49:6c:7b:20:40:00:65:21:f4:6f:
46:97:d2:68:e0:56:56:52:4d:d7:8c:32:14:43:c3:
55:a6:74:81:d8:24:a8:51:1f:8b:f7:6f:ac:b3:45:
f9:ac:6a:a2:a0:0a:7e:3a:00:b4:2b:c2:7c:e1:99:
b9:1b:75:34:4e:28:fc:cb:6e:51:71:45:7f:67:65:
0c:55:a2:a8:c2:39:88:5a:a1:28:ec:ca:ed:8c:af:
7a:11:5e:13:4f:72:d3:27:14:54:04:cd:cd:a0:f3:
72:31:45:d0:de:18:64:79:5e:ef:2e:4c:bf:58:bc:
bb:f3:95:c5:d9:2c:08:7b:59:5f:2d:77:3c:81:6d:
ef:8a:71:a9:47:78:8c:53:a3:35:53:6d:d4:ea:6b:
a1:eb:9d:7a:30:42:5f:b0:11:72:53:fc:5c:60:b5:
78:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:C3:0B:24:10:74:97:49:F5:D8:C7:C7:E2:2C:15:D1:66:82:B9:89
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/df7033c9-3736-411c-b289-a6013faa6935.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:2880::/48
Signature Algorithm: sha256WithRSAEncryption
9a:fe:bd:b9:1f:64:12:6b:5f:91:6d:ec:5d:98:70:4c:1c:7d:
7d:13:33:0f:88:63:be:b3:85:7f:1a:eb:1f:b6:d2:8d:37:3f:
58:00:61:77:4e:16:68:e3:ff:b6:e4:89:7f:0e:aa:3a:95:f6:
a7:0c:5d:a7:63:02:3e:fa:5e:43:96:e2:eb:ad:9d:26:26:60:
0d:4b:3c:c6:e8:d0:7d:53:72:91:ac:9a:ca:6b:11:a2:ef:42:
57:01:7a:e7:59:60:db:94:dc:0b:d0:c7:1c:f1:74:19:ff:f9:
cc:f5:b3:d2:90:bd:fd:13:81:cd:63:0e:06:34:62:19:68:d5:
23:22:dc:3a:da:1b:24:7d:cf:0e:13:ff:d5:ad:d1:97:1c:70:
10:55:aa:8c:48:a9:0f:17:b0:a7:56:9b:93:ea:73:48:07:6b:
3b:22:f7:04:64:8b:38:7a:f4:d9:18:f4:f6:33:7d:61:85:42:
24:d3:e5:5c:03:37:48:6a:7d:94:7f:64:fe:88:cb:df:3c:8a:
10:db:5d:b6:b7:f2:95:49:a8:ce:cf:73:9a:df:3c:db:06:6c:
c6:33:db:55:82:ca:8d:0f:f3:37:c7:ed:1b:09:3e:6f:6e:87:
22:6e:44:fe:95:11:ce:87:46:e6:5d:75:ac:b8:c0:3f:d7:f5:
4c:c1:1c:36
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUGkCilkmaUYRCzQ5tx1Ee+4S1BUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA5MjkxNTM5MjlaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGM2Y2QwODg5NGE1NjZiNmFmYWE2ZTg5YWQ1ZDJjODI1MmMzYWUyNWQxMWMw
MzQzNDcxMDExOTcwOTkxMmM1YTIxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+b9mPVLKmgMHUieVCiYnc3xB/BRfpprWWnOai+lbv6LHHPuNP3wDv0tYg9
YbNVA0apWaGG8nY6lLPGXSR+2Y+yoT5lURXz2ReSe44CVYfwqCeUlNz2HFPRVSi1
spNJbHsgQABlIfRvRpfSaOBWVlJN14wyFEPDVaZ0gdgkqFEfi/dvrLNF+axqoqAK
fjoAtCvCfOGZuRt1NE4o/MtuUXFFf2dlDFWiqMI5iFqhKOzK7YyvehFeE09y0ycU
VATNzaDzcjFF0N4YZHle7y5Mv1i8u/OVxdksCHtZXy13PIFt74pxqUd4jFOjNVNt
1OproeudejBCX7ARclP8XGC1eMsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTYwwsk
EHSXSfXYx8fiLBXRZoK5iTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZGY3MDMzYzktMzczNi00MTFjLWIyODktYTYwMTNmYWE2OTM1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8co
gDANBgkqhkiG9w0BAQsFAAOCAQEAmv69uR9kEmtfkW3sXZhwTBx9fRMzD4hjvrOF
fxrrH7bSjTc/WABhd04WaOP/tuSJfw6qOpX2pwxdp2MCPvpeQ5bi662dJiZgDUs8
xujQfVNykayaymsRou9CVwF651lg25TcC9DHHPF0Gf/5zPWz0pC9/ROBzWMOBjRi
GWjVIyLcOtobJH3PDhP/1a3RlxxwEFWqjEipDxewp1abk+pzSAdrOyL3BGSLOHr0
2Rj09jN9YYVCJNPlXAM3SGp9lH9k/ojL3zyKENtdtrfylUmozs9zmt882wZsxjPb
VYLKjQ/zN8ftGwk+b26HIm5E/pURzodG5l11rLjAP9f1TMEcNg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:32:33 2025 by rpki-client