Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
File: 69988e45-d4fb-4896-be53-951c20d12c48.roa (raw, json)
Hash identifier: gKThDguoeP0yjOF+uxB6E80XUXAye+KStyCR0Mhf+zs=
Subject key identifier: 73:75:A5:1C:6D:32:B1:58:8D:8E:AE:D3:63:D8:22:63:E0:80:7F:04
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 03090B5279859113FA011983D9AD0AC6C7DDF8F2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
Signing time: Fri 26 Sep 2025 20:21:14 +0000
ROA not before: Fri 26 Sep 2025 20:21:14 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a11:47c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:09:0b:52:79:85:91:13:fa:01:19:83:d9:ad:0a:c6:c7:dd:f8:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:21:14 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=8cdab5da23e1f352a1e9ef84ba14dc270302dda16fe3389f9edce4eb6b737b10, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:f4:52:a1:35:5c:d2:af:a1:91:bc:90:ca:29:
46:19:ed:71:d5:7d:4a:be:ac:41:5f:67:1e:18:ec:
94:6c:ea:60:39:9a:91:cd:a2:3d:d9:1d:73:98:29:
25:4e:e9:aa:b8:c4:03:23:d8:74:d0:fc:16:f5:03:
bf:98:c2:54:8e:86:65:b0:3e:ad:2e:7c:4e:b8:d7:
3a:10:d5:fa:76:fc:82:45:cb:40:a0:87:72:74:a7:
31:65:31:b9:39:aa:4f:48:c8:45:3d:bf:bc:73:9a:
70:0f:3d:1d:55:63:62:9f:0d:8b:21:a1:99:57:1e:
c6:86:02:0d:2d:39:39:f5:52:93:19:80:ba:f1:82:
ed:d6:c9:b6:4f:b2:9f:19:f8:06:fc:40:1d:37:29:
91:40:01:ff:9f:f0:9c:39:36:42:88:90:a5:53:66:
f3:19:0c:84:20:45:4d:7e:fa:d3:40:ef:3e:04:d1:
fc:d5:11:90:82:0e:f0:2e:f8:cc:31:f4:bc:ce:a9:
06:a7:c4:46:f6:7b:ad:bf:9d:71:c0:cf:7a:c1:78:
0b:60:ec:30:6c:00:82:eb:6a:ac:8a:2a:9b:3e:07:
b1:d9:d2:6c:d7:47:b5:4e:cf:31:25:0c:a3:1e:74:
d0:60:8c:04:52:6d:df:78:c2:de:ce:4a:b3:93:42:
5d:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:75:A5:1C:6D:32:B1:58:8D:8E:AE:D3:63:D8:22:63:E0:80:7F:04
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:47c0::/29
Signature Algorithm: sha256WithRSAEncryption
76:6c:5c:0c:28:be:dd:18:53:21:c3:81:55:04:69:9b:42:b1:
c5:ea:af:83:0a:91:22:22:ae:a7:c8:01:ca:1f:46:6b:df:aa:
d5:27:ac:69:a6:58:76:b4:d1:49:01:c5:36:64:a6:b7:35:92:
4b:19:d0:dd:e5:55:15:01:8e:2c:65:63:b5:9d:c7:17:9d:73:
84:36:d0:6a:86:a5:d5:28:9a:24:0b:f3:69:55:6f:7b:d6:6b:
89:6f:a7:74:b1:68:0c:e3:92:21:6e:a0:81:f2:57:98:cf:86:
26:51:ff:7a:89:69:64:df:e8:1e:50:e1:8d:60:70:74:51:b9:
e1:b4:4b:71:67:cb:1e:23:cd:b0:96:c1:0f:11:16:c1:22:99:
20:25:1e:20:68:f2:1f:1f:e8:bd:a1:f9:69:95:76:ff:34:77:
31:48:d2:fc:48:c5:87:f6:8c:ad:a8:1d:24:f6:40:24:f8:7d:
70:91:36:b0:0a:71:f8:c6:a8:8d:f5:40:46:7c:bd:48:5c:2d:
af:bc:0e:00:83:62:59:07:37:6b:d2:81:a6:71:15:ca:f4:04:
69:dc:77:71:fd:86:95:8b:b1:5b:df:9a:59:aa:f6:a5:a0:c7:
dd:82:02:c3:a7:66:e0:4e:e4:f2:fd:06:ef:2c:7d:05:4e:24:
1e:92:14:9f
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUAwkLUnmFkRP6ARmD2a0Kxsfd+PIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIxMTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhjZGFiNWRhMjNlMWYzNTJhMWU5ZWY4NGJhMTRkYzI3MDMwMmRkYTE2ZmUz
Mzg5ZjllZGNlNGViNmI3MzdiMTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKD0UqE1XNKvoZG8kMopRhntcdV9Sr6sQV9nHhjslGzqYDmakc2iPdkdc5gp
JU7pqrjEAyPYdND8FvUDv5jCVI6GZbA+rS58TrjXOhDV+nb8gkXLQKCHcnSnMWUx
uTmqT0jIRT2/vHOacA89HVVjYp8NiyGhmVcexoYCDS05OfVSkxmAuvGC7dbJtk+y
nxn4BvxAHTcpkUAB/5/wnDk2QoiQpVNm8xkMhCBFTX7600DvPgTR/NURkIIO8C74
zDH0vM6pBqfERvZ7rb+dccDPesF4C2DsMGwAgutqrIoqmz4HsdnSbNdHtU7PMSUM
ox500GCMBFJt33jC3s5Ks5NCXc0CAwEAAaOCAiIwggIeMB0GA1UdDgQWBBRzdaUc
bTKxWI2OrtNj2CJj4IB/BDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njk5ODhlNDUtZDRmYi00ODk2LWJlNTMtOTUxYzIwZDEyYzQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoRR8Aw
DQYJKoZIhvcNAQELBQADggEBAHZsXAwovt0YUyHDgVUEaZtCscXqr4MKkSIirqfI
AcofRmvfqtUnrGmmWHa00UkBxTZkprc1kksZ0N3lVRUBjixlY7Wdxxedc4Q20GqG
pdUomiQL82lVb3vWa4lvp3SxaAzjkiFuoIHyV5jPhiZR/3qJaWTf6B5Q4Y1gcHRR
ueG0S3Fnyx4jzbCWwQ8RFsEimSAlHiBo8h8f6L2h+WmVdv80dzFI0vxIxYf2jK2o
HST2QCT4fXCRNrAKcfjGqI31QEZ8vUhcLa+8DgCDYlkHN2vSgaZxFcr0BGncd3H9
hpWLsVvfmlmq9qWgx92CAsOnZuBO5PL9Bu8sfQVOJB6SFJ8=
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:51:56 2025 by rpki-client