Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
File: 3558ad32-215e-47a4-9f5b-477ec71e940f.roa (raw, json)
Hash identifier: j++/+i4V9PTpK3NPSvGZY2JEAnVZZj00gWzOlCTCY1g=
Subject key identifier: 67:DF:99:4C:C9:01:05:3A:2D:F8:7D:6D:2D:14:DA:04:63:D5:43:2A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 402CFC13BF8CAF2E21CD4958DB9DD644A403A46B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
Signing time: Mon 01 Sep 2025 21:30:19 +0000
ROA not before: Mon 01 Sep 2025 21:30:19 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 21:38:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:2c:fc:13:bf:8c:af:2e:21:cd:49:58:db:9d:d6:44:a4:03:a4:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:30:19 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=0bcb302955f33bcceba629e54ad84b99ea51130949e41821d5d2d6a2034e9ff4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:51:ec:77:82:ae:0a:54:49:ad:e3:76:22:bb:
42:9c:03:fd:7b:64:15:90:ca:75:3e:37:26:48:fb:
1f:98:0a:53:31:9c:9a:4b:1d:a7:55:51:d5:ac:75:
e1:b7:f7:ce:77:7b:a7:49:01:11:27:d0:36:2a:9b:
15:7f:e0:17:14:cf:b5:ea:36:9c:bc:42:ba:83:05:
81:44:50:98:24:11:f8:6a:b7:d3:e9:e3:b3:d0:9d:
17:2d:cc:24:a9:e1:26:69:97:40:5d:b7:98:4c:d0:
18:fe:a1:3c:78:72:44:8c:dc:41:57:76:c1:66:b8:
2b:25:60:e5:43:77:c0:c6:eb:ec:0b:15:b0:09:17:
e3:14:3b:01:40:2e:70:a9:c8:d6:cc:4e:8c:e3:d7:
7b:1c:43:9d:62:39:66:20:05:2c:73:1f:05:78:55:
6a:5e:c7:8e:f9:d9:8f:b7:1b:cd:36:4b:aa:7f:24:
be:c3:9f:d6:29:d1:9e:59:74:31:76:1b:84:88:ed:
77:38:20:c7:8c:b5:0a:09:15:37:b1:24:f8:7a:9a:
77:60:ed:90:72:82:a4:50:ec:5b:b9:ae:a1:21:a0:
be:ea:9b:c4:ec:83:66:3e:ab:52:11:f2:3e:99:f2:
1d:41:ba:50:83:42:8d:63:3d:d6:dc:31:c9:1d:bc:
9e:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:DF:99:4C:C9:01:05:3A:2D:F8:7D:6D:2D:14:DA:04:63:D5:43:2A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578:3::/48
Signature Algorithm: sha256WithRSAEncryption
d6:3c:cb:20:59:93:a3:98:20:44:f1:f6:1e:12:58:aa:a8:a7:
9a:69:97:66:e9:92:a1:a7:19:10:1f:fe:84:f9:84:23:58:85:
51:51:b4:da:25:d2:5e:78:2b:3f:d4:35:06:5d:01:5d:bd:dd:
7c:59:d5:90:91:30:0e:b1:ca:ad:40:6d:18:db:01:66:c8:0a:
bb:39:63:90:8a:f2:80:40:a9:7e:7f:a2:22:4c:e3:64:ad:47:
7c:84:14:85:06:e6:22:75:89:8b:f1:5c:33:2f:35:8a:5f:68:
5e:cd:a6:c8:90:0b:3f:2c:35:18:d9:26:5c:ed:a6:68:a0:35:
41:57:a4:17:68:ca:77:62:ea:e0:51:84:b3:d3:51:9b:9e:4b:
04:be:e5:db:38:24:48:86:dc:27:f1:a2:be:d4:dc:c5:6a:e2:
fa:f8:95:dc:cb:8b:e3:31:ea:7e:03:d3:91:66:92:0a:36:af:
65:86:e6:1c:68:dd:6a:30:ff:63:f5:7b:6f:17:8f:8c:97:4a:
50:a0:0f:21:46:b1:3b:e8:26:a6:00:ce:62:4a:2c:42:53:65:
7b:9a:8f:c7:e8:ee:20:cd:59:bb:c7:83:f6:48:b0:42:59:7d:
95:f0:61:e0:af:57:57:73:08:5c:ab:72:35:2b:b8:71:f3:1c:
79:bd:61:01
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQCz8E7+Mry4hzUlY253WRKQDpGswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTMwMTlaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDBiY2IzMDI5NTVmMzNiY2NlYmE2MjllNTRhZDg0Yjk5ZWE1MTEzMDk0OWU0
MTgyMWQ1ZDJkNmEyMDM0ZTlmZjQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIpR7HeCrgpUSa3jdiK7QpwD/XtkFZDKdT43Jkj7H5gKUzGcmksdp1VR1ax1
4bf3znd7p0kBESfQNiqbFX/gFxTPteo2nLxCuoMFgURQmCQR+Gq30+njs9CdFy3M
JKnhJmmXQF23mEzQGP6hPHhyRIzcQVd2wWa4KyVg5UN3wMbr7AsVsAkX4xQ7AUAu
cKnI1sxOjOPXexxDnWI5ZiAFLHMfBXhVal7HjvnZj7cbzTZLqn8kvsOf1inRnll0
MXYbhIjtdzggx4y1CgkVN7Ek+Hqad2DtkHKCpFDsW7muoSGgvuqbxOyDZj6rUhHy
PpnyHUG6UINCjWM91twxyR28ni0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRn35lM
yQEFOi34fW0tFNoEY9VDKjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzU1OGFkMzItMjE1ZS00N2E0LTlmNWItNDc3ZWM3MWU5NDBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
AzANBgkqhkiG9w0BAQsFAAOCAQEA1jzLIFmTo5ggRPH2HhJYqqinmmmXZumSoacZ
EB/+hPmEI1iFUVG02iXSXngrP9Q1Bl0BXb3dfFnVkJEwDrHKrUBtGNsBZsgKuzlj
kIrygECpfn+iIkzjZK1HfIQUhQbmInWJi/FcMy81il9oXs2myJALPyw1GNkmXO2m
aKA1QVekF2jKd2Lq4FGEs9NRm55LBL7l2zgkSIbcJ/GivtTcxWri+viV3MuL4zHq
fgPTkWaSCjavZYbmHGjdajD/Y/V7bxePjJdKUKAPIUaxO+gmpgDOYkosQlNle5qP
x+juIM1Zu8eD9kiwQll9lfBh4K9XV3MIXKtyNSu4cfMceb1hAQ==
-----END CERTIFICATE-----
Generated at Thu Sep 18 01:32:52 2025 by rpki-client