Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
File: 3558ad32-215e-47a4-9f5b-477ec71e940f.roa (raw, json)
Hash identifier: S5dStNQeKrDN22ZY49Zlz9nQOwgEcK2y1zEH1eZnSNc=
Subject key identifier: 62:06:A7:F2:44:21:F9:51:3D:68:AA:E1:7B:D8:38:6B:BF:B4:DF:09
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 323903D8696362E49ECE81337F77383715B9401F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
Signing time: Tue 21 Oct 2025 14:50:21 +0000
ROA not before: Tue 21 Oct 2025 14:50:21 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 25 Oct 2025 15:30:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:39:03:d8:69:63:62:e4:9e:ce:81:33:7f:77:38:37:15:b9:40:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:21 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=9e3d752856c618e7701a95afadda0f2d0a06a89842ec7eb797a03169707403f0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:48:f7:4c:b2:11:f1:39:f1:60:ae:3b:ae:cc:
54:6a:60:cf:b6:5b:0f:58:e9:0d:93:90:a9:b9:a7:
47:39:4e:4e:1c:6c:54:e7:60:86:96:18:94:45:63:
6c:48:91:ea:e1:c8:cb:01:0a:3c:81:01:ce:dd:70:
cf:c2:05:ac:d2:f1:fc:3b:9b:78:29:90:a9:f7:13:
49:2a:e6:04:6a:cf:08:c7:95:e0:1f:32:61:ea:51:
41:cb:11:c4:fc:06:2c:70:d8:7f:b0:cc:2e:13:11:
c3:aa:94:96:ea:86:b1:32:a1:cc:86:86:03:2e:74:
99:73:ee:f8:7d:73:23:e3:73:27:e5:c7:b5:91:ee:
65:78:cd:91:c9:11:05:ec:a5:d0:08:6d:89:f3:54:
8e:63:86:a3:d8:c1:25:d5:37:14:08:27:83:d7:24:
23:e0:6f:65:ad:ce:f6:ce:46:6b:f7:cd:cc:6a:94:
e3:c7:f9:a4:05:b1:f6:88:55:c1:22:c4:18:b8:08:
09:79:3f:b3:2f:07:10:f8:7c:5a:88:bf:68:6a:29:
1f:5c:3e:bc:67:b0:ab:cf:f8:5a:b8:f3:2a:13:38:
7e:3b:c0:38:70:66:f5:ee:45:08:83:52:1d:87:9a:
3f:47:b9:26:eb:29:bc:bd:56:3a:07:e9:2d:29:d1:
b5:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:06:A7:F2:44:21:F9:51:3D:68:AA:E1:7B:D8:38:6B:BF:B4:DF:09
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578:3::/48
Signature Algorithm: sha256WithRSAEncryption
53:7c:f1:e0:c1:be:e6:47:01:d3:2d:3c:8b:8c:7d:00:75:1a:
9c:e3:ff:76:fd:0d:1b:11:d3:51:78:2b:8a:34:38:f6:5f:fd:
a2:ba:f5:4f:28:a0:30:ab:99:25:73:e0:42:34:8d:ac:4c:75:
5a:88:14:ce:be:1f:54:1a:52:7a:4c:09:4d:10:d5:35:58:08:
1d:c1:c0:62:cc:ad:c6:30:e9:48:69:1c:12:12:48:a7:34:44:
e2:ea:d7:a1:b7:31:d6:0d:6f:33:97:33:c9:40:05:f7:ae:8d:
a4:57:ba:b0:ab:07:37:76:a9:20:1e:69:6e:53:d4:bf:a7:f2:
65:56:cb:a8:f9:88:ba:a0:9d:d7:2b:7a:eb:32:7b:82:54:40:
fb:5a:bd:b5:d3:d6:ca:9b:a4:e6:da:27:9b:f9:7d:da:69:f3:
c7:a0:6a:a8:71:8f:0c:4e:c7:b5:b0:f7:9b:af:2b:b8:87:3c:
a5:63:3f:18:8e:cb:88:98:e9:bd:a7:74:80:24:a3:9f:e5:9d:
b6:89:df:1e:23:82:46:b7:39:e3:f0:d9:40:db:8a:f5:43:ac:
5b:78:b7:6d:65:27:41:7b:14:37:9a:b5:e3:c0:e5:79:4c:ab:
ab:65:cd:61:6d:dc:93:ba:94:ff:4c:68:a6:17:96:2d:bf:41:
34:d8:66:e0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUMjkD2GljYuSezoEzf3c4NxW5QB8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDllM2Q3NTI4NTZjNjE4ZTc3MDFhOTVhZmFkZGEwZjJkMGEwNmE4OTg0MmVj
N2ViNzk3YTAzMTY5NzA3NDAzZjAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKJI90yyEfE58WCuO67MVGpgz7ZbD1jpDZOQqbmnRzlOThxsVOdghpYYlEVj
bEiR6uHIywEKPIEBzt1wz8IFrNLx/DubeCmQqfcTSSrmBGrPCMeV4B8yYepRQcsR
xPwGLHDYf7DMLhMRw6qUluqGsTKhzIaGAy50mXPu+H1zI+NzJ+XHtZHuZXjNkckR
Beyl0AhtifNUjmOGo9jBJdU3FAgng9ckI+BvZa3O9s5Ga/fNzGqU48f5pAWx9ohV
wSLEGLgICXk/sy8HEPh8Woi/aGopH1w+vGewq8/4WrjzKhM4fjvAOHBm9e5FCINS
HYeaP0e5JuspvL1WOgfpLSnRtVECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRiBqfy
RCH5UT1oquF72Dhrv7TfCTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzU1OGFkMzItMjE1ZS00N2E0LTlmNWItNDc3ZWM3MWU5NDBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
AzANBgkqhkiG9w0BAQsFAAOCAQEAU3zx4MG+5kcB0y08i4x9AHUanOP/dv0NGxHT
UXgrijQ49l/9orr1TyigMKuZJXPgQjSNrEx1WogUzr4fVBpSekwJTRDVNVgIHcHA
YsytxjDpSGkcEhJIpzRE4urXobcx1g1vM5czyUAF966NpFe6sKsHN3apIB5pblPU
v6fyZVbLqPmIuqCd1yt66zJ7glRA+1q9tdPWypuk5tonm/l92mnzx6BqqHGPDE7H
tbD3m68ruIc8pWM/GI7LiJjpvad0gCSjn+WdtonfHiOCRrc54/DZQNuK9UOsW3i3
bWUnQXsUN5q148DleUyrq2XNYW3ck7qU/0xopheWLb9BNNhm4A==
-----END CERTIFICATE-----
Generated at Fri Oct 24 23:11:21 2025 by rpki-client