Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44c4496c-63e1-49fc-828b-d77f94e0a789.roa
File: 44c4496c-63e1-49fc-828b-d77f94e0a789.roa (raw, json)
Hash identifier: 3RBAl0LaVTmyPyq+zbdwzXUi3z9NsRLOen45ZbcmHDU=
Subject key identifier: 8D:75:E2:82:D4:7D:18:64:20:0A:AE:54:8B:52:B6:2C:F6:6C:A9:43
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 6845A0815534B3C81D71C217AB98A312D57B43AF
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44c4496c-63e1-49fc-828b-d77f94e0a789.roa
Signing time: Sat 27 Sep 2025 00:52:28 +0000
ROA not before: Sat 27 Sep 2025 00:52:28 +0000
ROA not after: Sat 01 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 213.72.128.0/17 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:45:a0:81:55:34:b3:c8:1d:71:c2:17:ab:98:a3:12:d5:7b:43:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 27 00:52:28 2025 GMT
Not After : Nov 1 23:59:59 2025 GMT
Subject: serialNumber=83de7009bd207e0f9541e0bc831c5fc9eca6a4317c59b3c9b9d0ab783a33bdbf, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:8c:e1:20:3f:e9:9a:cd:03:15:be:80:cd:a3:
5b:19:8d:d4:25:11:20:8c:94:5a:d0:2b:03:70:58:
b6:48:61:b0:43:de:18:bc:47:5b:56:0e:db:5b:7b:
11:09:5c:2d:18:30:55:92:dd:af:78:ed:bc:64:2e:
54:70:2e:a6:d7:2e:14:d9:2c:b9:1d:9f:3e:36:c9:
9f:85:4a:2c:ab:bf:2d:b7:bf:2a:79:d9:cc:90:a0:
64:87:0c:93:84:8b:8a:7d:d4:7c:1d:38:fe:9a:1f:
65:44:0a:cf:d6:29:53:96:38:62:b9:c5:73:07:c1:
c5:dc:2f:d4:dc:2c:96:95:77:44:94:aa:71:90:f1:
d0:7b:6a:ef:78:51:6e:0c:a4:b4:33:7c:fd:ac:b4:
ff:ed:4c:ec:de:b0:b1:19:9a:df:f5:e2:d5:19:1e:
2d:d8:e5:22:ff:1e:1a:f1:a9:01:59:98:05:c9:6f:
83:90:4b:28:b0:52:99:d7:58:aa:27:56:ee:92:f4:
d3:32:a9:3d:26:d7:71:2e:ba:79:d7:9e:2e:ad:f1:
71:3c:26:72:7f:e0:09:56:ac:a9:8b:38:4c:aa:c5:
5f:fc:c5:91:2a:81:2b:1f:fb:91:31:02:84:e1:a3:
fc:1d:74:a8:9f:c7:a7:c7:4c:97:d3:58:0a:a3:90:
50:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:75:E2:82:D4:7D:18:64:20:0A:AE:54:8B:52:B6:2C:F6:6C:A9:43
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44c4496c-63e1-49fc-828b-d77f94e0a789.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.72.128.0/17
Signature Algorithm: sha256WithRSAEncryption
65:3a:13:04:50:f6:04:d7:49:85:80:6e:a8:39:d4:0a:1d:6a:
db:74:e1:fb:de:48:df:19:fc:29:5b:5c:78:8a:8b:49:90:3b:
fb:2f:db:d3:dc:23:73:a3:49:47:38:ca:48:68:ac:ce:cd:5f:
de:d8:13:16:f6:01:1d:0e:c8:37:e8:ad:77:8e:83:46:eb:4f:
2c:74:5a:1f:90:dc:da:1f:6f:8b:91:79:cd:cd:bb:dc:6d:a0:
b0:89:8b:48:9d:10:ae:98:5d:fa:ef:90:6c:6e:a9:c7:92:46:
9d:d9:54:f0:dd:24:5c:bb:1f:c4:e2:4c:7d:b1:17:5b:66:27:
30:84:e4:f9:f8:5f:26:89:ef:db:55:5c:a7:98:43:e0:1a:6a:
c4:ff:19:ab:6c:4f:4e:11:48:0e:3a:fc:de:2b:46:3a:2a:39:
9b:94:d6:45:5a:8d:40:70:b5:3d:ff:8a:c1:d9:f0:49:91:b9:
7a:52:6a:f9:48:7b:31:f6:e6:8f:9b:d5:f8:69:5a:6b:c0:36:
79:fe:5c:38:01:df:d6:34:4d:80:a5:e6:cf:07:ae:16:42:43:
93:f7:1b:64:c9:f3:f9:a5:d3:79:e3:6d:01:42:a9:f7:b4:80:
55:93:f2:a8:d9:a9:2f:63:22:f8:f7:2e:56:0d:1d:97:25:39:
a0:bc:f9:f3
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUaEWggVU0s8gdccIXq5ijEtV7Q68wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjcwMDUyMjhaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDgzZGU3MDA5YmQyMDdlMGY5NTQxZTBiYzgzMWM1ZmM5ZWNhNmE0MzE3YzU5
YjNjOWI5ZDBhYjc4M2EzM2JkYmYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKOM4SA/6ZrNAxW+gM2jWxmN1CURIIyUWtArA3BYtkhhsEPeGLxHW1YO21t7
EQlcLRgwVZLdr3jtvGQuVHAuptcuFNksuR2fPjbJn4VKLKu/Lbe/KnnZzJCgZIcM
k4SLin3UfB04/pofZUQKz9YpU5Y4YrnFcwfBxdwv1NwslpV3RJSqcZDx0Htq73hR
bgyktDN8/ay0/+1M7N6wsRma3/Xi1RkeLdjlIv8eGvGpAVmYBclvg5BLKLBSmddY
qidW7pL00zKpPSbXcS66edeeLq3xcTwmcn/gCVasqYs4TKrFX/zFkSqBKx/7kTEC
hOGj/B10qJ/Hp8dMl9NYCqOQUOMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSNdeKC
1H0YZCAKrlSLUrYs9mypQzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDRjNDQ5NmMtNjNlMS00OWZjLTgyOGItZDc3Zjk0ZTBhNzg5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB9VIgDAN
BgkqhkiG9w0BAQsFAAOCAQEAZToTBFD2BNdJhYBuqDnUCh1q23Th+95I3xn8KVtc
eIqLSZA7+y/b09wjc6NJRzjKSGiszs1f3tgTFvYBHQ7IN+itd46DRutPLHRaH5Dc
2h9vi5F5zc273G2gsImLSJ0Qrphd+u+QbG6px5JGndlU8N0kXLsfxOJMfbEXW2Yn
MITk+fhfJonv21Vcp5hD4BpqxP8Zq2xPThFIDjr83itGOio5m5TWRVqNQHC1Pf+K
wdnwSZG5elJq+Uh7Mfbmj5vV+Glaa8A2ef5cOAHf1jRNgKXmzweuFkJDk/cbZMnz
+aXTeeNtAUKp97SAVZPyqNmpL2Mi+PcuVg0dlyU5oLz58w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:51:58 2025 by rpki-client