Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
File: 6df8accc-a525-49ec-ad13-7401de62f775.roa (raw, json)
Hash identifier: bPOLHQuQs1B6sl2NMrIJn8KSKg14uy39keV877roUZ4=
Subject key identifier: 77:80:AE:53:B1:F7:FE:BF:A8:40:F2:90:B7:54:F0:E1:5B:5F:FD:9C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7B063D8C5E6ED0CDD55DD5B0213A53FE3E785815
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
Signing time: Fri 26 Sep 2025 20:10:10 +0000
ROA not before: Fri 26 Sep 2025 20:10:10 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.109.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:06:3d:8c:5e:6e:d0:cd:d5:5d:d5:b0:21:3a:53:fe:3e:78:58:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:10:10 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=48800b7e707f1db0b6c70c11e25029fcbf5da70a3f8083e68a453dc53c852fa4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:2e:bb:7f:a1:27:3b:a1:db:b6:21:62:b8:8f:
38:ee:88:ae:35:63:98:91:e8:9b:87:5f:13:96:f4:
24:e8:41:5c:5e:7a:0f:14:c1:b7:a9:54:55:da:bc:
62:83:49:b5:06:48:a8:4b:04:26:4f:7a:a0:3b:d1:
5d:97:71:98:3b:61:2f:13:cb:06:e7:e7:28:cf:36:
a2:63:ab:b2:b7:6a:78:14:f6:70:30:ec:39:a5:92:
33:13:c1:1d:77:90:40:21:b3:63:71:9f:92:c3:a2:
73:34:f3:e7:a5:a3:91:38:d1:68:e0:c2:ec:22:51:
a5:3c:97:39:1e:a0:d1:db:a5:bf:8f:5f:33:3a:77:
91:3a:69:59:a9:b7:a3:26:47:b7:7d:bd:74:f0:b3:
80:51:04:5d:b2:c3:b3:7f:b1:94:bc:9c:52:44:8c:
8d:ac:fb:d6:de:79:2b:78:54:88:53:13:06:ba:c5:
4c:47:92:5c:b5:5e:d1:0a:41:2c:f7:bb:df:b4:26:
6d:88:9e:26:1d:99:de:5f:90:ae:cf:36:b4:e3:9a:
5b:b6:01:08:04:7f:92:ea:71:3f:59:ea:a1:dc:f1:
4a:c8:5d:17:39:01:58:78:9a:1b:9b:f1:a9:85:33:
65:c0:80:3f:64:e1:3d:49:20:ef:12:c9:9d:0b:55:
92:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:80:AE:53:B1:F7:FE:BF:A8:40:F2:90:B7:54:F0:E1:5B:5F:FD:9C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.109.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5f:5e:e1:a0:c1:83:b2:9b:f4:0e:fa:a6:41:c3:8e:c3:1f:7b:
40:79:a9:ea:0d:7d:56:42:ce:7d:90:82:31:91:dd:ca:33:a3:
8e:4e:51:d9:e8:dc:9d:3f:67:ed:90:3a:b9:2d:f9:b2:91:9e:
bb:43:a0:61:1e:f6:6d:56:0f:34:95:ef:69:4d:56:41:95:a6:
4d:93:b1:90:92:2b:52:73:6e:1d:ee:5b:d4:43:20:96:bc:00:
c7:bf:d7:5d:13:31:2e:8c:9b:d8:8e:71:99:87:29:6b:d0:ac:
0a:7a:c6:33:81:9f:d9:35:35:2b:a8:d2:66:ee:67:d8:a0:40:
17:21:3b:21:1b:70:25:9f:3e:49:e1:f3:e1:e4:e8:42:25:59:
88:de:d6:22:77:b5:5a:07:84:38:88:ff:8e:22:64:1a:2a:02:
06:2f:09:44:3d:60:c3:d8:1a:df:28:40:06:ee:37:5d:0d:d9:
00:aa:d5:84:43:7b:57:90:be:6c:f3:eb:b5:02:1c:81:7b:ba:
22:6d:81:f5:e6:1f:91:95:a1:e3:86:4e:be:58:19:57:07:03:
ab:a8:03:c0:16:14:78:cd:08:ff:d5:df:49:d9:13:6c:85:74:
84:b1:58:57:5f:90:e5:50:22:92:15:da:fd:2a:a7:e3:f3:eb:
c3:ff:d5:41
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUewY9jF5u0M3VXdWwITpT/j54WBUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDEwMTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ4ODAwYjdlNzA3ZjFkYjBiNmM3MGMxMWUyNTAyOWZjYmY1ZGE3MGEzZjgw
ODNlNjhhNDUzZGM1M2M4NTJmYTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJYuu3+hJzuh27YhYriPOO6IrjVjmJHom4dfE5b0JOhBXF56DxTBt6lUVdq8
YoNJtQZIqEsEJk96oDvRXZdxmDthLxPLBufnKM82omOrsrdqeBT2cDDsOaWSMxPB
HXeQQCGzY3GfksOiczTz56WjkTjRaODC7CJRpTyXOR6g0dulv49fMzp3kTppWam3
oyZHt329dPCzgFEEXbLDs3+xlLycUkSMjaz71t55K3hUiFMTBrrFTEeSXLVe0QpB
LPe737QmbYieJh2Z3l+Qrs82tOOaW7YBCAR/kupxP1nqodzxSshdFzkBWHiaG5vx
qYUzZcCAP2ThPUkg7xLJnQtVkk0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR3gK5T
sff+v6hA8pC3VPDhW1/9nDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmRmOGFjY2MtYTUyNS00OWVjLWFkMTMtNzQwMWRlNjJmNzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ9tMA0G
CSqGSIb3DQEBCwUAA4IBAQBfXuGgwYOym/QO+qZBw47DH3tAeanqDX1WQs59kIIx
kd3KM6OOTlHZ6NydP2ftkDq5LfmykZ67Q6BhHvZtVg80le9pTVZBlaZNk7GQkitS
c24d7lvUQyCWvADHv9ddEzEujJvYjnGZhylr0KwKesYzgZ/ZNTUrqNJm7mfYoEAX
ITshG3Alnz5J4fPh5OhCJVmI3tYid7VaB4Q4iP+OImQaKgIGLwlEPWDD2BrfKEAG
7jddDdkAqtWEQ3tXkL5s8+u1AhyBe7oibYH15h+RlaHjhk6+WBlXBwOrqAPAFhR4
zQj/1d9J2RNshXSEsVhXX5DlUCKSFdr9Kqfj8+vD/9VB
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:53:33 2025 by rpki-client