Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/80e298e3-975b-4cea-9586-8d04a37a53a2.roa
File: 80e298e3-975b-4cea-9586-8d04a37a53a2.roa (raw, json)
Hash identifier: cQRn4DkDRWCDhNOoqLokEZMLjrXwi6C1viYSaFlVJFs=
Subject key identifier: AA:69:79:5A:6B:5B:95:37:F8:1F:BE:AF:9B:5A:89:A1:DF:11:79:64
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 33BDE4273F6E711F0FB31B59EE78C47583EA1AA1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/80e298e3-975b-4cea-9586-8d04a37a53a2.roa
Signing time: Fri 22 Aug 2025 15:10:04 +0000
ROA not before: Fri 22 Aug 2025 15:10:04 +0000
ROA not after: Fri 26 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 57.93.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:bd:e4:27:3f:6e:71:1f:0f:b3:1b:59:ee:78:c4:75:83:ea:1a:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 22 15:10:04 2025 GMT
Not After : Sep 26 23:59:59 2025 GMT
Subject: serialNumber=957c32ffbf28d0a305b515df195ff145f2419a92ca2849540282b0a72a249b5c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:54:76:b1:eb:85:12:85:48:b2:47:ff:6b:bd:
65:8e:14:45:e9:83:5f:35:6f:8a:00:40:15:25:79:
0d:ae:12:cf:29:a8:a6:40:6d:d6:7e:2a:c4:7b:b8:
2a:9a:67:1d:4c:5b:05:8f:eb:30:f5:74:58:56:d5:
d9:54:b8:88:c4:11:26:b0:00:fd:83:d2:b7:b8:21:
08:0c:2a:f2:a7:63:9d:1a:c8:bc:a0:cf:6c:2f:02:
8f:7e:fa:15:3c:74:79:da:d5:df:6e:e4:1e:e0:85:
cd:e8:ec:90:21:78:c8:fd:4a:74:2c:31:cf:89:e3:
9c:83:d7:a9:5e:38:10:44:30:89:b4:a1:be:06:7a:
75:6e:c0:cb:03:31:ad:27:91:f8:7c:39:58:58:b2:
9e:be:ae:28:9b:e7:de:a6:3d:14:0f:21:b9:e5:97:
99:ee:09:e7:d2:47:e4:d2:fa:f7:91:7b:d6:49:8f:
ee:aa:79:8e:9f:24:d1:2c:63:1b:10:94:ee:51:f1:
0e:5d:42:42:39:4f:70:22:e6:fa:d7:c5:cc:8d:a6:
8a:c0:dd:fc:28:68:84:9b:5d:49:4b:f6:40:5b:14:
cd:21:b8:23:83:9a:77:fc:3a:86:f7:63:10:81:2c:
70:9f:84:f5:fe:74:c7:ad:e0:bf:81:bd:04:a4:0a:
5e:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:69:79:5A:6B:5B:95:37:F8:1F:BE:AF:9B:5A:89:A1:DF:11:79:64
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/80e298e3-975b-4cea-9586-8d04a37a53a2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
57.93.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1a:8e:67:98:6b:3b:51:f5:ed:55:4f:95:83:5c:4e:58:7d:c6:
53:ce:27:0e:8f:ad:46:45:14:02:f0:e4:e1:c1:78:1f:ad:87:
ad:3a:65:81:4a:10:f1:83:93:41:57:98:65:0d:33:e8:d2:5d:
00:f2:96:a2:63:82:92:a3:b8:ca:0b:11:4c:f9:e6:89:b4:84:
c5:a3:15:20:63:db:8c:65:e9:01:11:78:46:de:01:2f:eb:9f:
2f:1a:ae:b6:5e:6e:a4:73:5c:d1:63:8e:c9:57:89:55:f2:08:
da:e3:b3:9b:2d:d1:a1:72:66:e1:a0:0b:43:43:ac:bf:9c:31:
03:6c:9a:9c:dd:f4:04:05:c7:04:f5:9d:01:db:26:39:4c:38:
a5:11:dc:81:77:48:70:41:7c:61:42:45:5c:24:98:7a:69:87:
cf:10:91:c3:1d:1f:e4:b7:2c:cd:92:fb:f7:38:d2:12:a2:58:
8c:c3:b5:dc:fa:8a:84:0f:39:30:1b:63:5c:88:8a:fb:4d:b1:
c2:84:74:b2:c0:9d:6c:1b:28:fa:c1:f3:f0:63:e3:b0:66:f1:
61:57:2c:a9:37:07:a2:c1:d3:98:83:4b:00:0b:75:7e:4b:08:
f6:97:32:ff:19:ca:79:71:f5:d4:c3:6f:94:72:59:43:83:bd:
1b:20:24:f6
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUM73kJz9ucR8PsxtZ7njEdYPqGqEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MjIxNTEwMDRaFw0yNTA5MjYyMzU5NTlaMHoxSTBHBgNV
BAUTQDk1N2MzMmZmYmYyOGQwYTMwNWI1MTVkZjE5NWZmMTQ1ZjI0MTlhOTJjYTI4
NDk1NDAyODJiMGE3MmEyNDliNWMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJlUdrHrhRKFSLJH/2u9ZY4URemDXzVvigBAFSV5Da4SzymopkBt1n4qxHu4
KppnHUxbBY/rMPV0WFbV2VS4iMQRJrAA/YPSt7ghCAwq8qdjnRrIvKDPbC8Cj376
FTx0edrV327kHuCFzejskCF4yP1KdCwxz4njnIPXqV44EEQwibShvgZ6dW7AywMx
rSeR+Hw5WFiynr6uKJvn3qY9FA8hueWXme4J59JH5NL695F71kmP7qp5jp8k0Sxj
GxCU7lHxDl1CQjlPcCLm+tfFzI2misDd/ChohJtdSUv2QFsUzSG4I4Oad/w6hvdj
EIEscJ+E9f50x63gv4G9BKQKXqsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSqaXla
a1uVN/gfvq+bWomh3xF5ZDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODBlMjk4ZTMtOTc1Yi00Y2VhLTk1ODYtOGQwNGEzN2E1M2EyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADldMA0G
CSqGSIb3DQEBCwUAA4IBAQAajmeYaztR9e1VT5WDXE5YfcZTzicOj61GRRQC8OTh
wXgfrYetOmWBShDxg5NBV5hlDTPo0l0A8paiY4KSo7jKCxFM+eaJtITFoxUgY9uM
ZekBEXhG3gEv658vGq62Xm6kc1zRY47JV4lV8gja47ObLdGhcmbhoAtDQ6y/nDED
bJqc3fQEBccE9Z0B2yY5TDilEdyBd0hwQXxhQkVcJJh6aYfPEJHDHR/ktyzNkvv3
ONISoliMw7Xc+oqEDzkwG2NciIr7TbHChHSywJ1sGyj6wfPwY+OwZvFhVyypNwei
wdOYg0sAC3V+Swj2lzL/Gcp5cfXUw2+UcllDg70bICT2
-----END CERTIFICATE-----
Generated at Sat Aug 23 06:44:23 2025 by rpki-client