Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
File: 383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa (raw, json)
Hash identifier: Y9bJaQZ9JqbrVvK2Dy08Je8SomWWtuzfwr8nS9ZEo+E=
Subject key identifier: 4F:D3:C7:2C:89:9D:2D:59:31:01:48:4B:A5:9C:6A:7C:A9:74:52:A1
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 672CCA0262E4799666627CE28C9C016BD413C622
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
Signing time: Sat 15 Nov 2025 06:50:46 +0000
ROA not before: Sat 15 Nov 2025 06:50:46 +0000
ROA not after: Sat 20 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 200.224.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 17 Nov 2025 13:34:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:2c:ca:02:62:e4:79:96:66:62:7c:e2:8c:9c:01:6b:d4:13:c6:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Nov 15 06:50:46 2025 GMT
Not After : Dec 20 23:59:59 2025 GMT
Subject: serialNumber=0416600fae7a6440599fc228acf5b897308a0b0c9665d6d70dbe4a935ed23278, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:ca:a0:be:64:63:9d:7e:ca:ae:b2:48:89:d1:
18:3d:36:76:39:0d:66:80:94:89:d4:46:28:a0:ca:
64:50:07:7b:8f:8c:07:8b:8f:96:5f:d8:9c:f2:99:
da:ad:52:4e:14:f8:11:6f:dc:a2:5b:09:01:ec:32:
63:b9:7d:9f:51:ad:46:0b:b5:2a:c1:de:22:16:bb:
1f:29:d8:07:69:d1:ba:22:82:7a:f1:e0:24:06:d1:
58:1d:fb:38:a5:40:0d:2e:02:69:a8:9b:fd:28:f1:
be:25:79:de:fc:79:b4:cb:a3:6d:9b:f8:e1:44:a2:
76:66:ce:1c:97:f6:6e:1a:33:9c:50:2d:e3:15:08:
b8:64:cf:f1:dc:6f:4d:ab:4e:c1:01:3a:f3:08:e5:
2b:d3:ba:90:ce:24:c4:98:6f:8c:13:69:a6:6c:48:
29:27:28:94:3d:46:f0:eb:b7:8f:44:e2:19:0f:66:
a1:3f:4a:64:db:32:9b:ec:c8:4c:fe:da:23:19:b0:
c9:ca:ca:e5:78:cb:bb:40:50:ce:5f:8c:42:8f:db:
c7:fb:11:97:f0:6a:37:44:70:09:60:a0:ec:cc:e8:
6b:a5:83:3a:78:1a:4a:32:2e:c8:7c:82:8b:35:71:
93:63:74:62:75:15:99:f8:f6:86:65:1d:bc:1a:2e:
27:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:D3:C7:2C:89:9D:2D:59:31:01:48:4B:A5:9C:6A:7C:A9:74:52:A1
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.224.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2d:ee:e4:84:29:73:da:b0:ca:34:38:45:cf:39:ec:8e:9f:82:
ed:3e:ad:3b:a7:7e:df:96:7b:5e:32:3c:25:82:c3:5d:37:d2:
5d:f2:97:06:5f:ed:10:e1:2e:5b:99:f4:dc:7e:b9:ec:8e:f5:
00:aa:bb:e5:b7:90:9e:b3:08:e2:42:2d:57:28:85:43:6e:4a:
0c:4b:1a:8f:2d:d6:d6:55:a4:3b:8d:44:3e:26:e1:26:e1:c9:
c4:0e:54:0f:bb:68:9a:35:00:0c:73:f4:b7:93:32:83:3f:24:
6f:f3:5c:6e:db:7a:f2:f9:7c:da:86:39:2e:73:09:2d:03:5d:
a9:2c:07:5b:52:c6:e5:44:f4:7b:c0:a0:cb:9d:8a:0b:b9:7e:
c1:c7:96:48:cc:c6:68:41:11:51:7d:d6:7e:f1:8f:75:3d:96:
b7:08:6c:4d:35:89:2e:eb:80:07:d8:d2:87:d0:39:51:89:bb:
27:6e:7e:db:fc:1d:5a:cd:36:f5:bd:58:6b:db:e3:b1:66:c7:
2e:a5:26:a6:f0:2d:b4:49:44:dc:c5:84:1f:74:51:67:ac:41:
39:07:fd:21:cb:21:ed:06:f7:e7:69:76:51:d0:1f:82:71:5a:
1e:31:ac:7e:b4:88:2a:7f:41:a9:c4:cc:28:73:17:29:0d:0f:
c4:51:0c:c2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZyzKAmLkeZZmYnzijJwBa9QTxiIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTExMTUwNjUwNDZaFw0yNTEyMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA0MTY2MDBmYWU3YTY0NDA1OTlmYzIyOGFjZjViODk3MzA4YTBiMGM5NjY1
ZDZkNzBkYmU0YTkzNWVkMjMyNzgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKfKoL5kY51+yq6ySInRGD02djkNZoCUidRGKKDKZFAHe4+MB4uPll/YnPKZ
2q1SThT4EW/colsJAewyY7l9n1GtRgu1KsHeIha7HynYB2nRuiKCevHgJAbRWB37
OKVADS4Caaib/SjxviV53vx5tMujbZv44USidmbOHJf2bhoznFAt4xUIuGTP8dxv
TatOwQE68wjlK9O6kM4kxJhvjBNppmxIKScolD1G8Ou3j0TiGQ9moT9KZNsym+zI
TP7aIxmwycrK5XjLu0BQzl+MQo/bx/sRl/BqN0RwCWCg7Mzoa6WDOngaSjIuyHyC
izVxk2N0YnUVmfj2hmUdvBouJ0UCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRP08cs
iZ0tWTEBSEulnGp8qXRSoTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzgzYzFmNmQtNGUwZS00ZTMzLWEyY2UtZjQ5Mzg2ZGNjMWYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjgMA0G
CSqGSIb3DQEBCwUAA4IBAQAt7uSEKXPasMo0OEXPOeyOn4LtPq07p37flnteMjwl
gsNdN9Jd8pcGX+0Q4S5bmfTcfrnsjvUAqrvlt5CeswjiQi1XKIVDbkoMSxqPLdbW
VaQ7jUQ+JuEm4cnEDlQPu2iaNQAMc/S3kzKDPyRv81xu23ry+XzahjkucwktA12p
LAdbUsblRPR7wKDLnYoLuX7Bx5ZIzMZoQRFRfdZ+8Y91PZa3CGxNNYku64AH2NKH
0DlRibsnbn7b/B1azTb1vVhr2+OxZscupSam8C20SUTcxYQfdFFnrEE5B/0hyyHt
BvfnaXZR0B+CcVoeMax+tIgqf0GpxMwocxcpDQ/EUQzC
-----END CERTIFICATE-----
Generated at Sun Nov 16 20:06:38 2025 by rpki-client