Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1e935d64-1d66-4e52-ada3-30f1ed26d564.roa
File: 1e935d64-1d66-4e52-ada3-30f1ed26d564.roa (raw, json)
Hash identifier: GdlA1CC9e0aqn/p7R3ui01wGF8uMgvftwJTKStCqn3s=
Subject key identifier: D0:13:3A:12:7F:B2:3A:92:36:02:D8:1F:36:4E:F6:69:2E:BF:98:3B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 323D05527FA77EC36DC47BC41D3FDEBFCCCC11EE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1e935d64-1d66-4e52-ada3-30f1ed26d564.roa
Signing time: Fri 26 Sep 2025 20:10:05 +0000
ROA not before: Fri 26 Sep 2025 20:10:05 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 145.17.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:3d:05:52:7f:a7:7e:c3:6d:c4:7b:c4:1d:3f:de:bf:cc:cc:11:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:10:05 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=e85d6ca54a64f2449341a1373e71f675c73d8e28151244163573509754491b5d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:21:ed:c9:59:f0:1c:b5:37:e9:76:7d:e1:44:
97:2e:b4:84:75:e5:8c:47:82:2e:6a:d6:88:a1:59:
16:e7:40:e9:c7:72:e7:2b:00:b6:c1:16:9e:69:31:
c0:cf:8c:5d:9f:20:f0:b4:56:51:b2:cb:a4:02:a5:
96:05:1c:24:76:ff:02:17:be:0d:23:59:83:4b:8c:
e6:a7:b8:c6:41:ce:69:48:0b:7d:c3:b6:98:10:fc:
1f:83:d2:8e:4c:3e:11:f7:e9:ac:c1:0e:1d:0d:df:
f9:cb:87:b7:78:d8:51:d0:10:a5:93:ce:9b:c3:3b:
27:67:a9:ec:29:0f:ca:d1:82:60:c4:03:a3:c1:31:
d7:ae:e0:6c:b1:0a:22:10:37:fc:1f:28:8b:fd:6e:
f2:43:41:40:66:d3:9e:83:81:0b:e2:1d:4c:79:3c:
76:73:70:28:68:c9:3a:07:57:38:ea:27:e4:ac:a9:
d7:32:ee:08:ea:4f:c3:d8:0c:95:4b:c5:96:e1:a7:
83:f5:c0:3e:92:25:9d:56:5d:db:a5:9c:eb:83:e2:
35:98:c7:b0:4a:dd:cb:65:f0:e6:f4:78:46:d9:fd:
96:77:87:9d:38:73:e6:21:4d:3d:56:0d:72:fe:a3:
57:aa:91:c9:39:13:70:76:cf:ef:c9:27:88:d4:d2:
79:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:13:3A:12:7F:B2:3A:92:36:02:D8:1F:36:4E:F6:69:2E:BF:98:3B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1e935d64-1d66-4e52-ada3-30f1ed26d564.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.17.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b1:c1:fb:6a:fe:1e:22:7f:9d:c4:75:52:53:3e:06:2c:90:97:
b8:77:9b:d2:fb:43:20:1a:c6:63:39:03:3f:63:4b:5d:41:9a:
fd:33:38:13:11:7b:2a:02:8f:cd:67:87:58:70:36:45:9b:a4:
49:c2:64:b8:08:ed:59:9e:07:e9:81:11:e9:7b:78:6d:67:f0:
25:c0:d1:f0:54:9e:8a:66:3b:d5:0f:5e:08:35:70:57:3a:c4:
d0:58:f8:f1:14:94:fd:dd:0b:b6:e5:1d:90:58:26:46:3d:16:
9d:7d:46:a6:fb:eb:04:a9:71:ef:24:73:49:a0:d2:6a:83:07:
8b:b6:24:ff:c0:fd:1b:b3:7c:e7:c3:01:31:a4:77:49:85:ee:
63:17:b9:1b:d3:09:c9:fe:e8:17:f8:47:ee:8b:04:e5:12:f0:
0b:c3:dc:f9:67:28:f1:59:f1:3d:59:db:c8:92:3c:42:82:33:
e5:6d:9b:6b:cd:50:a4:24:16:c4:e3:7e:07:7f:81:6d:68:c9:
54:c4:01:0f:99:a2:d2:71:fb:d2:ca:cb:38:1c:99:6f:d5:5a:
76:5c:ae:e6:59:75:e8:3b:74:fb:58:72:ac:d4:1c:ca:28:dd:
bb:e6:8a:94:8e:9b:99:b8:6d:b8:74:cf:8f:5e:2f:19:b9:55:
1b:0d:f7:87
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUMj0FUn+nfsNtxHvEHT/ev8zMEe4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDEwMDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGU4NWQ2Y2E1NGE2NGYyNDQ5MzQxYTEzNzNlNzFmNjc1YzczZDhlMjgxNTEy
NDQxNjM1NzM1MDk3NTQ0OTFiNWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANAh7clZ8By1N+l2feFEly60hHXljEeCLmrWiKFZFudA6cdy5ysAtsEWnmkx
wM+MXZ8g8LRWUbLLpAKllgUcJHb/Ahe+DSNZg0uM5qe4xkHOaUgLfcO2mBD8H4PS
jkw+EffprMEOHQ3f+cuHt3jYUdAQpZPOm8M7J2ep7CkPytGCYMQDo8Ex167gbLEK
IhA3/B8oi/1u8kNBQGbTnoOBC+IdTHk8dnNwKGjJOgdXOOon5Kyp1zLuCOpPw9gM
lUvFluGng/XAPpIlnVZd26Wc64PiNZjHsErdy2Xw5vR4Rtn9lneHnThz5iFNPVYN
cv6jV6qRyTkTcHbP78kniNTSeU8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTQEzoS
f7I6kjYC2B82TvZpLr+YOzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWU5MzVkNjQtMWQ2Ni00ZTUyLWFkYTMtMzBmMWVkMjZkNTY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJERMA0G
CSqGSIb3DQEBCwUAA4IBAQCxwftq/h4if53EdVJTPgYskJe4d5vS+0MgGsZjOQM/
Y0tdQZr9MzgTEXsqAo/NZ4dYcDZFm6RJwmS4CO1ZngfpgRHpe3htZ/AlwNHwVJ6K
ZjvVD14INXBXOsTQWPjxFJT93Qu25R2QWCZGPRadfUam++sEqXHvJHNJoNJqgweL
tiT/wP0bs3znwwExpHdJhe5jF7kb0wnJ/ugX+EfuiwTlEvALw9z5ZyjxWfE9WdvI
kjxCgjPlbZtrzVCkJBbE434Hf4FtaMlUxAEPmaLScfvSyss4HJlv1Vp2XK7mWXXo
O3T7WHKs1BzKKN275oqUjpuZuG24dM+PXi8ZuVUbDfeH
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:07:12 2025 by rpki-client