Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
File: 95019996-0ef4-4f98-90e2-dd7efc004375.roa (raw, json)
Hash identifier: a6Y54+nNGyb/I8meMbiQZBCa5MYKVCf7DekubyhBMb8=
Subject key identifier: 35:8B:AF:1D:82:62:6F:8C:66:9B:03:5A:01:5F:B0:F4:3B:6E:4F:1C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 447D0856426D4C99FE1D317BAB6CD2F749F53633
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
Signing time: Fri 26 Sep 2025 20:10:11 +0000
ROA not before: Fri 26 Sep 2025 20:10:11 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.244.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:7d:08:56:42:6d:4c:99:fe:1d:31:7b:ab:6c:d2:f7:49:f5:36:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:10:11 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=fe58acead2480c5944eff20688ccb21b35eb90022d44c6d647be37db7f8086cd, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:e6:61:c3:a2:fe:7d:0a:6b:da:29:a1:a5:10:
95:d3:1f:98:64:52:ea:a4:bb:e4:ab:10:da:b7:21:
12:f5:a5:a5:4e:33:a6:c5:95:54:ba:83:65:99:40:
f6:b0:99:0f:d2:43:f4:53:a7:f4:8b:2c:ef:76:4b:
5e:81:44:e4:31:7e:cd:f8:62:a1:44:1c:bf:13:fb:
df:d7:55:9a:34:c0:93:80:a4:c3:62:56:4a:f2:7b:
f3:64:fe:50:09:76:8a:a2:3b:72:98:54:98:5d:53:
31:7c:37:49:de:1a:a3:ad:2a:10:61:2c:97:53:5b:
1a:fa:15:5a:4a:3e:66:df:df:4c:c0:29:4c:01:82:
13:05:b9:f0:53:fc:3c:0b:b3:a6:cf:af:f1:ac:d0:
3e:c0:e7:19:74:4e:cc:6b:af:bb:a8:a5:50:ff:b3:
81:c0:c8:4d:66:f9:4e:06:d1:39:a2:ce:b8:12:b9:
8f:a1:e8:92:28:5b:fa:9e:ff:f2:cc:5b:2d:f6:8f:
e8:06:db:c6:33:fc:6f:f2:2d:f1:f5:d3:c0:98:6b:
ef:43:e9:8b:6d:8b:2b:30:82:fb:b6:89:9f:9d:72:
d5:01:a9:1c:88:e7:59:21:35:8a:ba:43:29:26:31:
66:86:b0:86:73:c6:21:98:a9:d4:37:ae:9c:b3:e5:
69:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:8B:AF:1D:82:62:6F:8C:66:9B:03:5A:01:5F:B0:F4:3B:6E:4F:1C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.244.0.0/16
Signature Algorithm: sha256WithRSAEncryption
40:3b:68:c3:27:9b:94:2a:4e:49:09:eb:2b:e1:76:c7:7c:be:
ec:fd:8b:3c:09:81:51:07:56:b8:9b:e1:38:2d:8d:d3:5f:3a:
6e:e9:d0:e5:08:89:f7:1b:51:3a:79:11:b6:f7:fa:9d:be:28:
cc:e7:a1:71:a4:bf:8c:cd:7b:87:ba:20:59:d7:be:25:7f:03:
07:db:f6:2a:5b:45:04:32:9d:f9:01:7d:b3:ed:5e:e6:a0:03:
93:f0:9c:e4:11:97:cc:1e:cb:81:c3:3f:8e:7e:f3:3f:85:1d:
e2:fd:58:fd:b6:7b:ab:7c:2b:87:62:a6:c6:db:02:db:48:0c:
20:6c:ee:97:06:9e:18:68:da:59:11:07:2f:2c:a2:e8:2b:98:
fb:08:9f:e9:7a:c8:07:81:a9:6c:44:17:6c:87:4e:d7:ca:36:
b0:1e:87:43:2c:1b:3f:15:d3:6d:e3:8e:1a:df:67:c2:42:2d:
84:37:e7:bf:5e:5e:b7:c5:c1:ec:0e:7e:1f:f8:91:6e:9e:6c:
2c:e4:01:f1:bb:a8:51:c3:90:0c:f3:29:55:4d:f2:4c:bd:db:
48:f5:f6:10:78:e3:ef:6b:12:89:21:0c:6b:cb:70:21:9d:09:
ca:b8:fd:94:ff:60:2c:3a:fd:ef:bb:5e:80:1a:ee:bb:a0:60:
c2:84:d4:a6
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIURH0IVkJtTJn+HTF7q2zS90n1NjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDEwMTFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlNThhY2VhZDI0ODBjNTk0NGVmZjIwNjg4Y2NiMjFiMzVlYjkwMDIyZDQ0
YzZkNjQ3YmUzN2RiN2Y4MDg2Y2QxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALjmYcOi/n0Ka9opoaUQldMfmGRS6qS75KsQ2rchEvWlpU4zpsWVVLqDZZlA
9rCZD9JD9FOn9Iss73ZLXoFE5DF+zfhioUQcvxP739dVmjTAk4Ckw2JWSvJ782T+
UAl2iqI7cphUmF1TMXw3Sd4ao60qEGEsl1NbGvoVWko+Zt/fTMApTAGCEwW58FP8
PAuzps+v8azQPsDnGXROzGuvu6ilUP+zgcDITWb5TgbROaLOuBK5j6Hokihb+p7/
8sxbLfaP6AbbxjP8b/It8fXTwJhr70Ppi22LKzCC+7aJn51y1QGpHIjnWSE1irpD
KSYxZoawhnPGIZip1DeunLPlae0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ1i68d
gmJvjGabA1oBX7D0O25PHDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTUwMTk5OTYtMGVmNC00Zjk4LTkwZTItZGQ3ZWZjMDA0Mzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ/0MA0G
CSqGSIb3DQEBCwUAA4IBAQBAO2jDJ5uUKk5JCesr4XbHfL7s/Ys8CYFRB1a4m+E4
LY3TXzpu6dDlCIn3G1E6eRG29/qdvijM56FxpL+MzXuHuiBZ174lfwMH2/YqW0UE
Mp35AX2z7V7moAOT8JzkEZfMHsuBwz+OfvM/hR3i/Vj9tnurfCuHYqbG2wLbSAwg
bO6XBp4YaNpZEQcvLKLoK5j7CJ/pesgHgalsRBdsh07XyjawHodDLBs/FdNt444a
32fCQi2EN+e/Xl63xcHsDn4f+JFunmws5AHxu6hRw5AM8ylVTfJMvdtI9fYQeOPv
axKJIQxry3AhnQnKuP2U/2AsOv3vu16AGu67oGDChNSm
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:44:20 2025 by rpki-client