Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
File: d485a465-65e9-4a19-a397-f29d1a36d166.roa (raw, json)
Hash identifier: CmsU/WdehQffpPiOIl586mOBaPPBfm8I7d4ss0Wfp3o=
Subject key identifier: 6A:6B:F6:F7:82:3E:26:F7:7B:06:CA:5F:C1:E6:BC:A1:06:02:69:3C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4581B0B4D073C3FB87DE16EE78BCB424A3C5AEE5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
Signing time: Fri 26 Sep 2025 20:21:02 +0000
ROA not before: Fri 26 Sep 2025 20:21:02 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 195.17.0.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:81:b0:b4:d0:73:c3:fb:87:de:16:ee:78:bc:b4:24:a3:c5:ae:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:21:02 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=659d209b99ef2362d02ed6adc583c1de0972db763d657b6fa8e4ca00c538f30d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:d4:af:c2:b6:7d:fe:19:46:3e:2e:75:bd:9a:
b7:6c:8b:2f:a0:94:e1:cc:8f:56:74:73:c9:60:a1:
80:58:78:9c:bd:8b:1e:9b:90:4e:ea:f9:6c:ad:9e:
a1:8e:57:3d:ed:d3:5c:83:38:87:32:a2:c0:70:2b:
cf:09:c7:27:4d:2d:ab:b1:44:a6:21:92:0d:97:62:
65:10:0a:cf:43:d6:1d:75:1d:d4:ed:87:89:48:59:
f6:66:af:6b:9a:26:ab:bb:e4:e9:6f:c0:72:08:2b:
97:f6:9f:77:cb:32:fb:39:4e:a0:13:d4:ac:d7:39:
32:fd:7d:90:13:5d:43:0c:a8:2f:fa:14:5e:53:22:
c2:1a:02:17:c3:9c:98:d8:12:9a:57:f1:57:56:59:
fa:fe:d2:2b:cf:c1:88:cf:d5:15:16:30:1c:c9:f5:
52:92:fb:40:9c:65:64:30:90:06:1d:32:c1:5c:8a:
ca:ca:73:4f:0e:10:81:2c:73:7f:8b:88:56:33:c5:
c1:18:f7:45:85:56:30:84:f4:19:01:32:44:b4:11:
f7:18:6a:11:8c:16:7b:0d:c3:e5:e5:28:f7:33:45:
72:95:49:eb:ae:b4:fa:23:04:e1:fc:51:c3:24:f3:
7f:91:ab:ea:bb:b2:d3:c5:0f:03:a5:18:55:9b:a8:
e7:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:6B:F6:F7:82:3E:26:F7:7B:06:CA:5F:C1:E6:BC:A1:06:02:69:3C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.17.0.0/24
Signature Algorithm: sha256WithRSAEncryption
3e:12:23:9f:09:28:d3:7e:85:32:f4:c9:c1:43:80:09:53:23:
3d:02:fe:43:61:50:2f:37:31:4d:7d:7f:f1:9a:a7:23:01:bc:
55:96:0c:43:bd:bc:88:a4:c5:c6:ff:fd:d0:16:7c:90:71:9a:
b2:3a:46:fb:e3:ed:dd:19:e8:9b:c3:08:bb:18:6d:18:95:74:
47:84:17:8d:11:90:02:60:de:00:de:0e:e8:75:90:80:dd:a5:
07:3f:99:ae:8f:6e:81:c0:4b:cf:65:50:c9:3c:bb:5c:c9:35:
7f:3a:e7:54:66:a3:df:8f:ea:98:df:4a:65:7a:9c:37:21:87:
26:89:0a:81:f8:e8:0e:cb:6a:9d:90:79:27:4c:fd:29:6b:91:
36:76:86:b2:7f:4d:9e:aa:f9:58:bf:96:c8:7d:65:2e:b9:45:
f8:c3:2a:fe:38:4d:9b:e7:3f:18:5c:31:2d:5c:64:ae:7b:e3:
7a:87:d3:2f:40:07:0e:8b:e4:3a:0a:64:77:ed:1a:0f:13:7c:
ac:19:bd:99:d1:c5:2c:c3:5f:35:3e:e2:7a:3b:92:5a:d9:b0:
24:78:4c:a7:8d:f3:38:f7:1d:17:5a:a6:95:5a:c3:53:a2:c7:
81:ea:dd:21:70:c3:75:d3:f7:a2:08:c0:c6:5b:f2:36:5f:59:
70:d7:7e:e8
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIURYGwtNBzw/uH3hbueLy0JKPFruUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIxMDJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1OWQyMDliOTllZjIzNjJkMDJlZDZhZGM1ODNjMWRlMDk3MmRiNzYzZDY1
N2I2ZmE4ZTRjYTAwYzUzOGYzMGQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLUr8K2ff4ZRj4udb2at2yLL6CU4cyPVnRzyWChgFh4nL2LHpuQTur5bK2e
oY5XPe3TXIM4hzKiwHArzwnHJ00tq7FEpiGSDZdiZRAKz0PWHXUd1O2HiUhZ9mav
a5omq7vk6W/Acggrl/afd8sy+zlOoBPUrNc5Mv19kBNdQwyoL/oUXlMiwhoCF8Oc
mNgSmlfxV1ZZ+v7SK8/BiM/VFRYwHMn1UpL7QJxlZDCQBh0ywVyKyspzTw4QgSxz
f4uIVjPFwRj3RYVWMIT0GQEyRLQR9xhqEYwWew3D5eUo9zNFcpVJ6660+iME4fxR
wyTzf5Gr6ruy08UPA6UYVZuo53kCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRqa/b3
gj4m93sGyl/B5ryhBgJpPDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDQ4NWE0NjUtNjVlOS00YTE5LWEzOTctZjI5ZDFhMzZkMTY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMRADAN
BgkqhkiG9w0BAQsFAAOCAQEAPhIjnwko036FMvTJwUOACVMjPQL+Q2FQLzcxTX1/
8ZqnIwG8VZYMQ728iKTFxv/90BZ8kHGasjpG++Pt3Rnom8MIuxhtGJV0R4QXjRGQ
AmDeAN4O6HWQgN2lBz+Zro9ugcBLz2VQyTy7XMk1fzrnVGaj34/qmN9KZXqcNyGH
JokKgfjoDstqnZB5J0z9KWuRNnaGsn9Nnqr5WL+WyH1lLrlF+MMq/jhNm+c/GFwx
LVxkrnvjeofTL0AHDovkOgpkd+0aDxN8rBm9mdHFLMNfNT7iejuSWtmwJHhMp43z
OPcdF1qmlVrDU6LHgerdIXDDddP3ogjAxlvyNl9ZcNd+6A==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:51:36 2025 by rpki-client