Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa
File: d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa (raw, json)
Hash identifier: ZtT8si4VfuppeFMEODWx/o64b2Mtcxh5NJgNRkSK/kI=
Subject key identifier: D2:E0:B1:45:69:35:3E:A5:68:16:9D:ED:43:04:C1:CA:B9:ED:01:3E
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: AF1FEDFD25675FC51E8241899C80008EFEB86E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa
Signing time: Fri 26 Sep 2025 20:10:05 +0000
ROA not before: Fri 26 Sep 2025 20:10:05 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 143.65.224.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:27:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
af:1f:ed:fd:25:67:5f:c5:1e:82:41:89:9c:80:00:8e:fe:b8:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:10:05 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=0a8c2e27cf62cd7fc3e766f6f931a201b8504732a0bb5eb5855f1b49c76102c9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:7b:c6:bc:c7:3f:7a:20:02:2c:d9:fa:dc:4e:
07:e1:ad:d1:16:3a:62:ef:6e:8e:ee:c8:21:cb:7c:
0b:dd:da:24:09:f9:7b:a4:e2:bb:32:46:2f:53:dc:
76:bf:29:1a:05:7d:98:37:36:89:9f:60:0d:86:4d:
c7:84:85:1d:fd:8e:73:6d:d6:cc:c0:af:e0:56:81:
06:2c:15:e9:9d:88:bc:f0:c1:83:58:ac:c9:bc:ff:
2d:f2:08:bb:f9:74:23:f6:d1:db:12:05:cb:63:ae:
f4:c0:9e:6c:03:0d:71:c8:77:59:ba:07:16:2f:fb:
b3:66:62:20:c1:cf:58:60:4b:c2:1e:d8:1f:e0:09:
9f:d7:e0:5e:d3:27:0d:0a:6b:cd:ae:06:85:e2:51:
a3:08:e7:91:f3:96:cb:c7:db:12:6e:bc:ac:15:54:
e8:bc:7c:9f:2b:fc:90:76:dc:6c:ea:0e:e4:97:b3:
1e:3b:9e:e8:92:d7:6e:11:28:95:2e:2d:78:52:37:
3c:fc:6e:65:ab:34:87:80:16:aa:24:2e:b2:51:3c:
52:52:a3:51:d9:5d:80:c9:9c:c2:29:f6:b1:d3:16:
e6:f6:43:fd:12:63:09:76:d3:1f:92:e4:91:4a:e7:
ca:34:48:df:b1:1a:2f:ec:37:5a:e4:2e:c5:4c:c9:
5d:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:E0:B1:45:69:35:3E:A5:68:16:9D:ED:43:04:C1:CA:B9:ED:01:3E
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.65.224.0/19
Signature Algorithm: sha256WithRSAEncryption
9e:2d:3b:e7:da:39:34:fd:99:c0:0a:52:28:c4:1d:0a:5d:f8:
03:d5:62:04:4d:36:53:97:f6:31:de:90:f2:bd:37:a6:35:50:
ca:01:83:43:3a:a2:7f:c9:b9:a5:23:55:18:71:23:1c:5f:99:
89:c0:25:93:8e:3e:8e:84:6a:53:1a:9e:3c:73:71:18:1a:39:
1e:9b:10:dc:f9:45:0a:79:66:55:8e:7b:f1:bc:b6:eb:7b:a3:
cb:43:a3:6a:25:7e:12:06:1a:e4:2c:0e:81:80:b8:e2:86:fa:
8b:88:0b:43:01:f6:e2:5c:77:dc:85:64:64:ef:52:e6:35:92:
09:45:40:ac:ec:f4:a5:ad:1e:18:19:5e:89:f2:12:c0:64:c8:
0f:99:46:95:8e:c6:12:7a:14:d0:5f:e9:fd:7a:b2:4d:3d:d4:
f2:f5:d6:9f:20:0e:01:e0:03:66:14:b1:b6:0b:22:f9:e4:5c:
c1:5c:ca:ec:0a:39:50:75:68:56:ef:0f:2d:fe:c0:70:a4:1e:
4b:bc:80:0a:96:c4:e5:98:19:1b:03:eb:36:39:bb:39:83:58:
ba:e2:89:2a:57:90:03:11:d5:53:ad:3c:60:ac:91:69:6a:65:
5d:de:e9:ec:29:c7:aa:b8:10:df:93:1f:63:2e:6c:58:6b:1c:
3f:68:7d:8d
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUAK8f7f0lZ1/FHoJBiZyAAI7+uG4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDEwMDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDBhOGMyZTI3Y2Y2MmNkN2ZjM2U3NjZmNmY5MzFhMjAxYjg1MDQ3MzJhMGJi
NWViNTg1NWYxYjQ5Yzc2MTAyYzkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALB7xrzHP3ogAizZ+txOB+Gt0RY6Yu9uju7IIct8C93aJAn5e6TiuzJGL1Pc
dr8pGgV9mDc2iZ9gDYZNx4SFHf2Oc23WzMCv4FaBBiwV6Z2IvPDBg1isybz/LfII
u/l0I/bR2xIFy2Ou9MCebAMNcch3WboHFi/7s2ZiIMHPWGBLwh7YH+AJn9fgXtMn
DQprza4GheJRowjnkfOWy8fbEm68rBVU6Lx8nyv8kHbcbOoO5JezHjue6JLXbhEo
lS4teFI3PPxuZas0h4AWqiQuslE8UlKjUdldgMmcwin2sdMW5vZD/RJjCXbTH5Lk
kUrnyjRI37EaL+w3WuQuxUzJXZECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTS4LFF
aTU+pWgWne1DBMHKue0BPjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDM3MWM3NzMtMWFhMi00ZDViLTk4MDQtZWE1ZDY0ZmFkYzBhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBY9B4DAN
BgkqhkiG9w0BAQsFAAOCAQEAni0759o5NP2ZwApSKMQdCl34A9ViBE02U5f2Md6Q
8r03pjVQygGDQzqif8m5pSNVGHEjHF+ZicAlk44+joRqUxqePHNxGBo5HpsQ3PlF
CnlmVY578by263ujy0OjaiV+EgYa5CwOgYC44ob6i4gLQwH24lx33IVkZO9S5jWS
CUVArOz0pa0eGBleifISwGTID5lGlY7GEnoU0F/p/XqyTT3U8vXWnyAOAeADZhSx
tgsi+eRcwVzK7Ao5UHVoVu8PLf7AcKQeS7yACpbE5ZgZGwPrNjm7OYNYuuKJKleQ
AxHVU608YKyRaWplXd7p7CnHqrgQ35MfYy5sWGscP2h9jQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:36:34 2025 by rpki-client