Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
File: 383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa (raw, json)
Hash identifier: l70yh0Evazgc3I/1Jmii7dK9UvBhINsimMXj/8kb7PI=
Subject key identifier: 6C:41:9E:82:EF:3B:41:86:27:A9:04:26:5F:4E:31:78:E3:11:C9:1C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 146E7FF8D1143C2BCBCB1AAB13BCF7F580F03B0F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
Signing time: Tue 05 Aug 2025 20:20:49 +0000
ROA not before: Tue 05 Aug 2025 20:20:49 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 200.224.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 17:01:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:6e:7f:f8:d1:14:3c:2b:cb:cb:1a:ab:13:bc:f7:f5:80:f0:3b:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:20:49 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=318e99f8d307bce7a4c29672a2ff4f400d75dd92fa0bf11a71f1309934cb5168, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:f1:79:03:c3:fe:fc:7a:01:4c:ea:9d:6c:4b:
3a:41:d6:26:3a:d0:f7:f7:b9:0a:f0:f1:c7:10:e6:
de:53:f4:7c:e9:2f:35:1a:f1:19:ba:84:3d:c7:66:
3c:59:b7:6d:ea:9b:71:42:d7:6d:da:84:87:ac:4f:
40:43:0c:5a:97:ee:7c:a1:f2:a6:3e:8e:05:b0:9a:
93:4c:06:94:8a:b9:70:be:85:02:7c:b3:69:51:e6:
ee:81:f6:92:e7:de:31:77:91:8a:c3:b3:08:05:4e:
ca:7f:4e:3f:83:74:d3:6a:89:cd:fe:fa:73:36:8d:
e7:2f:bb:e2:d1:33:e6:7e:f4:a8:ec:22:47:6a:c0:
14:65:4d:a0:9a:89:ec:4c:92:03:c4:ef:fb:71:e2:
dc:86:68:2b:67:da:39:6f:68:d6:4b:76:c9:15:8a:
8f:7c:57:bf:56:7a:a7:00:5f:45:38:76:15:af:be:
65:ce:01:53:77:7e:3e:d1:7e:a1:5d:43:42:f9:7d:
fe:3d:89:a7:01:c5:a5:30:70:2b:0b:91:dd:78:2d:
ce:84:74:75:ec:a4:d8:46:81:be:7b:3c:7c:c5:a1:
00:f5:1f:42:99:70:4f:3d:48:ac:0a:92:50:43:0c:
a9:58:c8:bc:55:46:f5:f8:2e:3e:6d:40:a9:29:7e:
72:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:41:9E:82:EF:3B:41:86:27:A9:04:26:5F:4E:31:78:E3:11:C9:1C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.224.0.0/16
Signature Algorithm: sha256WithRSAEncryption
cd:16:7e:ba:5f:39:ca:72:95:2a:18:6a:13:a0:2b:92:bf:27:
f1:d1:ef:40:a7:00:13:a9:71:e8:c0:b4:5e:3c:9c:d3:c9:67:
83:aa:82:fc:c7:a9:1d:33:45:c8:8d:2e:61:12:d2:9c:8f:07:
7d:b2:20:16:a4:32:fb:b1:db:e2:45:17:80:42:17:35:ac:64:
bd:04:21:6c:ff:f9:f0:27:10:46:87:c5:3f:01:70:91:78:b1:
db:b6:99:d0:88:85:77:83:2b:21:3f:75:41:c5:ad:a2:b6:20:
b5:f2:dc:68:e0:5e:f4:e9:fd:a1:ce:c9:d3:ec:53:83:21:67:
1a:88:b6:97:27:ab:55:5f:ad:6a:eb:7a:35:62:76:9e:86:5d:
52:ae:33:18:fc:69:44:a6:42:93:e5:65:9f:18:44:fd:0f:19:
e9:a6:30:11:62:f6:11:40:d6:bc:8d:a4:d3:d0:58:ee:c3:e3:
66:57:56:8c:d0:d1:f4:11:47:1a:9d:e9:d8:c2:46:73:0b:f4:
b3:07:c4:8c:7e:ab:2d:a2:aa:a2:ed:40:c5:60:47:6d:c9:6d:
26:5b:36:04:82:e0:a4:46:a7:8b:2a:70:e6:24:31:06:85:9e:
6c:b8:87:00:cb:26:d3:53:11:8b:50:6c:7d:d7:d4:01:19:ef:
32:9c:af:ed
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUFG5/+NEUPCvLyxqrE7z39YDwOw8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDIwNDlaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDMxOGU5OWY4ZDMwN2JjZTdhNGMyOTY3MmEyZmY0ZjQwMGQ3NWRkOTJmYTBi
ZjExYTcxZjEzMDk5MzRjYjUxNjgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKnxeQPD/vx6AUzqnWxLOkHWJjrQ9/e5CvDxxxDm3lP0fOkvNRrxGbqEPcdm
PFm3beqbcULXbdqEh6xPQEMMWpfufKHypj6OBbCak0wGlIq5cL6FAnyzaVHm7oH2
kufeMXeRisOzCAVOyn9OP4N002qJzf76czaN5y+74tEz5n70qOwiR2rAFGVNoJqJ
7EySA8Tv+3Hi3IZoK2faOW9o1kt2yRWKj3xXv1Z6pwBfRTh2Fa++Zc4BU3d+PtF+
oV1DQvl9/j2JpwHFpTBwKwuR3XgtzoR0deyk2EaBvns8fMWhAPUfQplwTz1IrAqS
UEMMqVjIvFVG9fguPm1AqSl+ct8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRsQZ6C
7ztBhiepBCZfTjF44xHJHDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzgzYzFmNmQtNGUwZS00ZTMzLWEyY2UtZjQ5Mzg2ZGNjMWYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjgMA0G
CSqGSIb3DQEBCwUAA4IBAQDNFn66XznKcpUqGGoToCuSvyfx0e9ApwATqXHowLRe
PJzTyWeDqoL8x6kdM0XIjS5hEtKcjwd9siAWpDL7sdviRReAQhc1rGS9BCFs//nw
JxBGh8U/AXCReLHbtpnQiIV3gyshP3VBxa2itiC18txo4F706f2hzsnT7FODIWca
iLaXJ6tVX61q63o1Ynaehl1SrjMY/GlEpkKT5WWfGET9DxnppjARYvYRQNa8jaTT
0Fjuw+NmV1aM0NH0EUcanenYwkZzC/SzB8SMfqstoqqi7UDFYEdtyW0mWzYEguCk
RqeLKnDmJDEGhZ5suIcAyybTUxGLUGx919QBGe8ynK/t
-----END CERTIFICATE-----
Generated at Thu Aug 21 22:13:27 2025 by rpki-client