Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
File: 383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa (raw, json)
Hash identifier: Ui3tXwtEOvDiItezV0ox2OOsUeC30dweXnv4YJHmYC4=
Subject key identifier: E5:E8:EC:BE:3F:5D:AF:AF:99:04:44:97:89:F5:79:EC:25:2C:D3:AF
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 524AA4DB2F849CC6D0A931037508A63D70945D7E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
Signing time: Mon 01 Sep 2025 21:30:15 +0000
ROA not before: Mon 01 Sep 2025 21:30:15 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 200.224.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 15:33:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:4a:a4:db:2f:84:9c:c6:d0:a9:31:03:75:08:a6:3d:70:94:5d:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:30:15 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=622bd13092d32d1183f79550995910caee58784dea2e1bba56d5a21db92c8378, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:89:1d:ee:06:9e:f1:fb:ec:7a:ed:da:76:db:
2c:74:53:76:f3:c0:19:25:75:7e:68:e7:11:2a:69:
f6:05:eb:ce:71:72:13:a0:ef:f0:ea:9d:2b:16:17:
a6:be:1d:4b:f2:53:7f:62:fa:db:3b:48:b8:03:87:
db:04:3b:86:fe:42:bc:4e:c8:ea:ad:2a:c8:7c:5b:
05:0c:5c:b3:80:e1:68:b5:25:e1:f8:5b:f8:db:5c:
a2:ff:3f:cf:bc:66:2e:d2:06:74:20:df:1b:df:c5:
8a:2a:e1:3d:e2:95:b9:a1:ea:8a:ad:a5:0f:4d:1d:
14:4f:47:d7:56:d5:ee:5a:e4:00:13:57:bc:d7:a2:
56:ab:74:4a:31:1c:2f:ad:3d:79:08:51:7d:1f:7d:
0c:95:9f:1b:56:fe:71:d8:51:3a:fb:3f:dc:8a:ba:
c4:f8:1c:e8:f8:ac:bb:65:b2:29:a6:06:03:81:a7:
c8:97:3c:1a:f1:76:a1:6d:8c:32:da:ce:71:ff:51:
3b:a9:66:15:ce:93:31:78:72:78:8e:6c:7d:93:19:
b9:8b:02:13:ab:19:9b:c1:2e:15:de:49:b8:6b:2b:
a7:46:b1:b8:3a:86:d6:6a:00:ac:50:c0:46:85:4d:
e8:33:d5:5c:09:b6:0d:29:62:69:0c:11:8f:fd:f6:
b3:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:E8:EC:BE:3F:5D:AF:AF:99:04:44:97:89:F5:79:EC:25:2C:D3:AF
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.224.0.0/16
Signature Algorithm: sha256WithRSAEncryption
d3:bd:3e:c2:53:b8:f6:0a:60:15:8c:f9:f2:ec:b0:a9:93:33:
9d:32:42:3b:a3:bc:dd:7a:b7:c3:6e:d7:1a:dc:87:75:9b:5c:
31:23:77:5f:ed:80:47:83:4b:80:54:21:af:bd:b5:ed:4b:3f:
f2:20:6a:05:77:17:87:cd:dd:65:74:40:92:d7:f3:d9:e9:3b:
72:5c:5d:50:87:82:ac:f4:c8:1f:2e:f1:d0:d8:af:44:9a:5d:
26:d8:2b:0d:ed:d8:12:9b:c2:5a:cb:9c:f4:ca:c5:0f:8e:2f:
dd:a9:71:7b:33:b8:c0:fc:22:52:bb:bf:48:fd:9d:75:97:a9:
33:57:9e:43:6a:3c:fc:f5:53:51:e3:cc:b3:6c:cf:00:8f:56:
bd:2b:26:c4:18:75:c9:2f:7a:75:e6:c0:42:01:e4:29:1b:d3:
e1:b4:b1:36:96:b9:84:a0:75:44:67:87:09:89:65:c0:bc:be:
06:c5:e9:e8:72:88:37:b5:bb:7b:fc:d9:f4:65:3c:ef:d1:b9:
a1:d1:94:0d:60:79:45:77:62:5f:1d:87:96:b7:88:40:21:46:
71:68:b5:db:bd:80:32:37:48:24:06:38:d8:f4:91:f3:b8:82:
01:92:3c:bf:54:24:93:2a:c0:76:2a:bd:fa:6c:32:cd:44:02:
95:ea:66:23
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUkqk2y+EnMbQqTEDdQimPXCUXX4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTMwMTVaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDYyMmJkMTMwOTJkMzJkMTE4M2Y3OTU1MDk5NTkxMGNhZWU1ODc4NGRlYTJl
MWJiYTU2ZDVhMjFkYjkyYzgzNzgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMWJHe4GnvH77Hrt2nbbLHRTdvPAGSV1fmjnESpp9gXrznFyE6Dv8OqdKxYX
pr4dS/JTf2L62ztIuAOH2wQ7hv5CvE7I6q0qyHxbBQxcs4DhaLUl4fhb+Ntcov8/
z7xmLtIGdCDfG9/FiirhPeKVuaHqiq2lD00dFE9H11bV7lrkABNXvNeiVqt0SjEc
L609eQhRfR99DJWfG1b+cdhROvs/3Iq6xPgc6Pisu2WyKaYGA4GnyJc8GvF2oW2M
MtrOcf9RO6lmFc6TMXhyeI5sfZMZuYsCE6sZm8EuFd5JuGsrp0axuDqG1moArFDA
RoVN6DPVXAm2DSliaQwRj/32s7ECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTl6Oy+
P12vr5kERJeJ9XnsJSzTrzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzgzYzFmNmQtNGUwZS00ZTMzLWEyY2UtZjQ5Mzg2ZGNjMWYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjgMA0G
CSqGSIb3DQEBCwUAA4IBAQDTvT7CU7j2CmAVjPny7LCpkzOdMkI7o7zderfDbtca
3Id1m1wxI3df7YBHg0uAVCGvvbXtSz/yIGoFdxeHzd1ldECS1/PZ6TtyXF1Qh4Ks
9MgfLvHQ2K9Eml0m2CsN7dgSm8Jay5z0ysUPji/dqXF7M7jA/CJSu79I/Z11l6kz
V55Dajz89VNR48yzbM8Aj1a9KybEGHXJL3p15sBCAeQpG9PhtLE2lrmEoHVEZ4cJ
iWXAvL4Gxenocog3tbt7/Nn0ZTzv0bmh0ZQNYHlFd2JfHYeWt4hAIUZxaLXbvYAy
N0gkBjjY9JHzuIIBkjy/VCSTKsB2Kr36bDLNRAKV6mYj
-----END CERTIFICATE-----
Generated at Wed Sep 17 20:34:02 2025 by rpki-client