Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/df7033c9-3736-411c-b289-a6013faa6935.roa
File: df7033c9-3736-411c-b289-a6013faa6935.roa (raw, json)
Hash identifier: OxGLDP/FXWkAcA+Yym1dzhdMDWqqos97lk9r3PHKcZ4=
Subject key identifier: 4D:B0:EC:91:14:A5:85:14:AB:5B:47:55:37:26:A3:48:48:54:A4:B4
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 6E8527E31EB6227E85BD7E7E648D17BAF070AE96
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/df7033c9-3736-411c-b289-a6013faa6935.roa
Signing time: Sat 09 Aug 2025 00:20:52 +0000
ROA not before: Sat 09 Aug 2025 00:20:52 +0000
ROA not after: Sat 13 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:2880::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:85:27:e3:1e:b6:22:7e:85:bd:7e:7e:64:8d:17:ba:f0:70:ae:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Aug 9 00:20:52 2025 GMT
Not After : Sep 13 23:59:59 2025 GMT
Subject: serialNumber=d9f74c29510cfd5d7c43eddd871a569a1929c14a25de1ab1ef46e29529c4b61c, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:47:25:e5:62:b8:15:26:94:70:21:b6:f2:7c:
6c:50:ef:8c:bd:27:89:f2:ea:f4:03:a4:7d:55:40:
a0:93:14:ac:ba:e3:54:26:96:3a:08:0c:c1:2e:24:
86:5d:25:f1:1a:03:01:fc:52:b2:5f:aa:b3:1c:64:
cf:88:39:5c:fd:7c:1c:1a:33:2d:e4:da:cb:64:7c:
80:2b:27:b9:4e:40:72:44:ec:ed:70:55:13:60:9a:
2d:16:27:e2:ad:9a:a6:e2:11:bf:37:c2:c1:17:db:
e2:78:bc:55:e0:b9:27:c1:78:53:30:b7:8c:4d:c8:
8f:74:42:02:f1:d3:49:f0:b7:9d:5f:d3:40:27:70:
a6:9a:6a:cc:a0:e3:20:84:ac:8b:f1:59:cc:44:0e:
9e:f1:43:24:ab:12:14:c1:d6:24:03:4c:67:15:02:
87:c9:ba:2f:95:3f:e4:f3:84:43:ec:b8:0e:e2:2f:
8b:6d:b5:6e:14:93:20:35:52:44:16:3e:ef:d5:6a:
a0:82:47:99:fa:fe:1b:58:05:4c:7c:f6:ac:3d:e2:
30:67:9d:6b:e1:24:3b:4b:74:42:fa:43:50:43:8f:
51:d0:30:b8:44:b4:af:63:6e:f0:2e:b3:9e:75:66:
7b:3a:48:e5:52:3d:35:78:22:a8:08:ea:96:e7:07:
cc:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:B0:EC:91:14:A5:85:14:AB:5B:47:55:37:26:A3:48:48:54:A4:B4
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/df7033c9-3736-411c-b289-a6013faa6935.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:2880::/48
Signature Algorithm: sha256WithRSAEncryption
8a:58:bb:9c:04:5e:e0:c3:26:9c:0e:af:2b:e0:8a:fb:57:e7:
d7:0b:fc:a3:bc:14:bd:f0:e5:c3:85:6c:7d:33:f1:69:64:22:
af:56:0f:87:8d:07:61:24:c8:06:45:48:12:66:c4:68:fb:39:
13:bb:98:a2:5a:66:20:71:d9:58:85:77:eb:69:5d:a4:6d:7b:
40:a9:42:3e:2e:b4:19:1e:d7:72:bc:67:0c:22:9e:e8:ea:af:
30:39:7e:84:22:6a:61:2c:21:d8:48:6a:a5:08:d9:8d:3c:b5:
f5:5f:b2:62:73:74:f0:bc:a4:af:1a:a7:a7:0c:01:f8:d5:23:
e6:20:eb:37:04:d6:2c:8c:2a:be:c9:ad:11:c8:eb:d7:7f:d0:
8c:b6:34:78:39:3d:e4:9f:d0:ea:21:5e:2b:50:b3:96:50:11:
1f:0c:b5:11:d3:e7:9d:37:c1:3a:84:49:7e:50:2c:0c:c9:65:
17:38:68:27:64:8b:40:ce:6c:3b:5c:62:46:90:af:4c:cf:e6:
c8:a4:d1:c7:30:73:e0:c8:4d:0d:af:23:6d:12:27:72:bf:42:
8c:78:94:e4:1e:3b:a3:35:90:fd:e0:e9:f6:4c:17:28:ce:61:
85:0a:3c:17:b4:08:89:a9:ec:02:a3:96:2d:05:ed:ff:bd:47:
fb:d3:aa:03
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUboUn4x62In6FvX5+ZI0XuvBwrpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA4MDkwMDIwNTJaFw0yNTA5MTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ5Zjc0YzI5NTEwY2ZkNWQ3YzQzZWRkZDg3MWE1NjlhMTkyOWMxNGEyNWRl
MWFiMWVmNDZlMjk1MjljNGI2MWMxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN5HJeViuBUmlHAhtvJ8bFDvjL0nifLq9AOkfVVAoJMUrLrjVCaWOggMwS4k
hl0l8RoDAfxSsl+qsxxkz4g5XP18HBozLeTay2R8gCsnuU5AckTs7XBVE2CaLRYn
4q2apuIRvzfCwRfb4ni8VeC5J8F4UzC3jE3Ij3RCAvHTSfC3nV/TQCdwpppqzKDj
IISsi/FZzEQOnvFDJKsSFMHWJANMZxUCh8m6L5U/5POEQ+y4DuIvi221bhSTIDVS
RBY+79VqoIJHmfr+G1gFTHz2rD3iMGeda+EkO0t0QvpDUEOPUdAwuES0r2Nu8C6z
nnVmezpI5VI9NXgiqAjqlucHzIkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRNsOyR
FKWFFKtbR1U3JqNISFSktDAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
ZGY3MDMzYzktMzczNi00MTFjLWIyODktYTYwMTNmYWE2OTM1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8co
gDANBgkqhkiG9w0BAQsFAAOCAQEAili7nARe4MMmnA6vK+CK+1fn1wv8o7wUvfDl
w4VsfTPxaWQir1YPh40HYSTIBkVIEmbEaPs5E7uYolpmIHHZWIV362ldpG17QKlC
Pi60GR7XcrxnDCKe6OqvMDl+hCJqYSwh2EhqpQjZjTy19V+yYnN08LykrxqnpwwB
+NUj5iDrNwTWLIwqvsmtEcjr13/QjLY0eDk95J/Q6iFeK1CzllARHwy1EdPnnTfB
OoRJflAsDMllFzhoJ2SLQM5sO1xiRpCvTM/myKTRxzBz4MhNDa8jbRIncr9CjHiU
5B47ozWQ/eDp9kwXKM5hhQo8F7QIiansAqOWLQXt/71H+9OqAw==
-----END CERTIFICATE-----
Generated at Sat Aug 23 12:04:47 2025 by rpki-client