Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
File: 238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa (raw, json)
Hash identifier: wgHQZAA4cgnamnhnUxnAXat5ZbKq8YI4OYjxhdjmzbQ=
Subject key identifier: DD:6A:A3:50:85:1D:F8:12:47:55:94:88:CA:DB:FF:2C:FE:18:B8:82
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3EF8AD5DE403343418189C21728C20948D384C18
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
Signing time: Mon 01 Sep 2025 21:30:13 +0000
ROA not before: Mon 01 Sep 2025 21:30:13 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 200.197.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 19 Sep 2025 09:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:f8:ad:5d:e4:03:34:34:18:18:9c:21:72:8c:20:94:8d:38:4c:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:30:13 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=3c2972cf32d5d65b40ea9bc25ba20f4b12cdac07555cdc8b3104a756dab8a44f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:b9:70:23:a0:53:dc:bd:fa:b5:fe:fc:ca:86:
4c:27:f4:c8:f2:ad:4d:fe:a3:2e:88:bb:00:1a:3b:
d8:11:4e:bc:c4:7d:9d:b4:ef:3e:61:d2:ab:bd:bd:
2e:77:e1:ed:69:e5:47:6d:0e:d3:5c:51:1a:99:d2:
f8:d8:9c:fc:8c:ee:88:e0:b9:96:28:e5:a4:2f:cb:
12:c3:55:52:34:b7:3c:41:c0:12:91:29:fd:ea:44:
ed:6a:34:a2:7a:ea:69:3e:6f:5d:e9:a7:bd:0e:a2:
0f:fa:13:10:bf:19:ff:c2:57:4f:a2:f1:5f:81:7a:
5f:81:39:18:70:58:bc:70:1b:ec:43:b1:4b:c2:e0:
90:7c:0a:ee:c5:6f:89:93:f5:16:3b:d2:c2:2d:14:
51:00:ab:f6:eb:1b:ee:8f:30:e8:7a:39:a1:e8:48:
6a:28:f8:ff:6f:a6:cc:7f:ae:61:f2:51:60:fb:f7:
80:66:fe:69:7a:1a:9d:e6:97:fb:5f:ea:10:a2:75:
64:50:f6:77:0a:2a:f7:65:19:ef:dd:c2:fb:3b:04:
2a:7c:57:d9:1b:70:13:76:d3:91:5b:89:fb:a3:54:
fb:17:95:68:87:6b:a7:10:28:60:72:1b:fa:62:9f:
6f:b6:3a:a7:ad:f6:df:f5:a5:3b:33:d8:5a:33:20:
4e:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:6A:A3:50:85:1D:F8:12:47:55:94:88:CA:DB:FF:2C:FE:18:B8:82
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.197.0.0/16
Signature Algorithm: sha256WithRSAEncryption
73:70:6b:57:37:b8:41:0f:97:58:9c:6f:6e:b2:fd:15:95:64:
cf:a1:ad:15:63:06:16:74:1c:1c:3e:0a:08:dd:52:8e:cd:b1:
99:4e:fc:cc:a4:2d:50:e4:03:92:cb:ad:14:7e:6e:64:48:17:
f5:3d:43:11:d1:ee:37:e9:ed:af:6b:44:8d:c2:18:60:8b:f4:
14:ae:70:2d:91:de:6f:17:18:25:f8:80:45:9f:b7:14:b9:1b:
51:e2:df:b6:be:e8:63:f0:c9:d3:02:ef:ce:70:66:33:f0:66:
a8:86:7c:6f:a9:2a:fc:c1:ef:b6:74:68:7a:e4:e5:06:a7:89:
e5:08:ee:72:c5:fe:0a:94:4d:63:36:d3:7c:1e:a2:87:9e:b6:
b6:04:22:06:a3:cc:34:fe:49:b3:e1:a4:04:a3:94:b4:82:d3:
fa:33:d1:e8:c1:8a:e6:c5:c1:ed:c7:fc:dc:89:1f:51:80:03:
10:a5:5c:31:13:15:7e:73:c7:e2:82:62:f2:03:16:31:a6:4e:
9b:1a:bc:9a:99:df:01:9d:09:50:bf:3e:0d:6b:94:ba:d7:f1:
43:07:d0:6d:43:6c:c6:d0:35:4b:6c:9f:5a:89:3b:d3:a9:b9:
53:f9:28:6c:79:4b:b6:e1:d5:bf:a2:4a:fd:e3:e8:cb:79:25:
d9:92:d3:bc
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUPvitXeQDNDQYGJwhcowglI04TBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTMwMTNaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDNjMjk3MmNmMzJkNWQ2NWI0MGVhOWJjMjViYTIwZjRiMTJjZGFjMDc1NTVj
ZGM4YjMxMDRhNzU2ZGFiOGE0NGYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMO5cCOgU9y9+rX+/MqGTCf0yPKtTf6jLoi7ABo72BFOvMR9nbTvPmHSq729
Lnfh7WnlR20O01xRGpnS+Nic/IzuiOC5lijlpC/LEsNVUjS3PEHAEpEp/epE7Wo0
onrqaT5vXemnvQ6iD/oTEL8Z/8JXT6LxX4F6X4E5GHBYvHAb7EOxS8LgkHwK7sVv
iZP1FjvSwi0UUQCr9usb7o8w6Ho5oehIaij4/2+mzH+uYfJRYPv3gGb+aXoaneaX
+1/qEKJ1ZFD2dwoq92UZ793C+zsEKnxX2RtwE3bTkVuJ+6NU+xeVaIdrpxAoYHIb
+mKfb7Y6p6323/WlOzPYWjMgTtkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTdaqNQ
hR34EkdVlIjK2/8s/hi4gjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjM4ZGJmYmItMGUxOC00NWUwLWJhOTEtNmU4OGJiNTA4MDJhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjFMA0G
CSqGSIb3DQEBCwUAA4IBAQBzcGtXN7hBD5dYnG9usv0VlWTPoa0VYwYWdBwcPgoI
3VKOzbGZTvzMpC1Q5AOSy60Ufm5kSBf1PUMR0e436e2va0SNwhhgi/QUrnAtkd5v
Fxgl+IBFn7cUuRtR4t+2vuhj8MnTAu/OcGYz8GaohnxvqSr8we+2dGh65OUGp4nl
CO5yxf4KlE1jNtN8HqKHnra2BCIGo8w0/kmz4aQEo5S0gtP6M9HowYrmxcHtx/zc
iR9RgAMQpVwxExV+c8figmLyAxYxpk6bGryamd8BnQlQvz4Na5S61/FDB9BtQ2zG
0DVLbJ9aiTvTqblT+ShseUu24dW/okr94+jLeSXZktO8
-----END CERTIFICATE-----
Generated at Thu Sep 18 12:25:47 2025 by rpki-client