Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
File: 383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa (raw, json)
Hash identifier: TDsBrbA4kYanAY76vJC9fOJCaRTBoczI6yQaMaNAJ5Y=
Subject key identifier: E6:98:45:6B:33:0B:29:AD:CB:D9:62:26:2B:2E:CD:6E:E3:1F:83:D0
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 30F6703038FFB35215F96BEB3AC1433E07A13FD9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
Signing time: Tue 21 Oct 2025 14:50:02 +0000
ROA not before: Tue 21 Oct 2025 14:50:02 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 200.224.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Oct 2025 03:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:f6:70:30:38:ff:b3:52:15:f9:6b:eb:3a:c1:43:3e:07:a1:3f:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:02 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=fa52dd51c597a736ceab0dd200e41df452187e86f07804f6bd4db571faf1b0ca, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:b1:d3:34:1b:53:1b:27:47:22:00:fd:9b:12:
51:02:98:19:3f:16:85:0d:2e:ad:96:8b:5c:13:e4:
01:e5:3f:b5:a2:68:b5:76:c9:7a:d2:4a:3c:fa:3a:
f5:02:81:1a:0e:d1:10:8d:be:a8:90:92:41:ee:cf:
be:3c:41:e7:12:8b:39:97:2f:87:b6:ec:93:ab:92:
01:7f:77:1e:c2:b3:ce:62:e4:35:81:89:f5:9a:67:
24:f5:be:7f:c4:fc:db:62:60:6d:7e:c9:89:84:7a:
59:bf:c7:fa:ae:7a:d4:a9:22:c4:bb:ce:53:19:59:
1c:28:0c:da:a2:77:4a:ae:2e:d0:97:4b:0c:6c:a5:
99:66:d8:6d:5f:6a:88:1f:63:6b:7c:b1:42:d8:6e:
a1:7d:77:6f:10:05:14:08:1d:12:19:c6:b0:16:c2:
39:07:64:43:f4:5b:63:67:e5:1c:e3:6f:f0:f4:29:
4f:96:18:77:52:f9:c1:c6:d5:b1:6f:4c:24:a4:69:
34:23:d4:7a:00:2d:a0:e2:7f:4b:7d:72:f6:a4:71:
66:e9:53:d1:62:2c:f3:2e:70:7f:c4:b4:2a:50:93:
18:87:38:70:61:6f:e4:52:a2:cc:2e:b8:52:42:c8:
ef:b5:ea:26:5c:61:34:79:70:cc:8f:f0:dc:bf:e1:
5e:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:98:45:6B:33:0B:29:AD:CB:D9:62:26:2B:2E:CD:6E:E3:1F:83:D0
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.224.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5a:3b:bc:c3:1b:14:96:ba:c4:ae:98:a9:67:1e:63:68:2a:2c:
9f:24:16:a7:c3:58:1e:95:14:10:b6:19:4d:22:7a:9b:c3:09:
ec:8f:5a:19:39:2e:7d:11:a9:3b:c2:ce:0e:12:59:3c:c5:19:
b1:08:67:cb:f4:1d:01:14:a2:3a:c0:55:4b:3b:cf:e8:78:54:
2f:13:55:78:f5:7f:a9:3a:44:66:5e:63:a5:65:59:8c:a7:58:
92:fc:e0:57:98:e4:dc:25:d1:d8:83:77:f5:c7:7c:a4:26:84:
c6:c4:0b:b2:ce:08:40:ea:65:06:b1:88:ea:5d:26:4a:55:68:
81:99:f6:d3:db:ad:b2:44:89:42:65:69:35:2a:76:90:75:e2:
53:ca:2c:d5:87:31:8e:63:59:4d:67:5f:42:80:de:c9:cc:1d:
ad:32:8e:e6:3a:20:05:08:6e:46:22:5e:5e:f7:08:53:4a:b9:
27:1c:68:0a:da:16:0e:9c:bf:09:97:01:8f:32:d1:5f:6f:85:
45:37:b2:98:af:1e:b6:a3:3e:ac:ab:88:e9:ad:2b:81:10:77:
7a:23:d1:4a:d8:7c:37:cd:47:8f:0b:99:7b:87:84:1c:b4:ac:
5b:94:d3:29:f8:66:1f:06:a2:db:d4:36:2d:6a:b6:c3:1e:4d:
d0:a4:49:1c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUMPZwMDj/s1IV+WvrOsFDPgehP9kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMDJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZhNTJkZDUxYzU5N2E3MzZjZWFiMGRkMjAwZTQxZGY0NTIxODdlODZmMDc4
MDRmNmJkNGRiNTcxZmFmMWIwY2ExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANOx0zQbUxsnRyIA/ZsSUQKYGT8WhQ0urZaLXBPkAeU/taJotXbJetJKPPo6
9QKBGg7REI2+qJCSQe7PvjxB5xKLOZcvh7bsk6uSAX93HsKzzmLkNYGJ9ZpnJPW+
f8T822JgbX7JiYR6Wb/H+q561KkixLvOUxlZHCgM2qJ3Sq4u0JdLDGylmWbYbV9q
iB9ja3yxQthuoX13bxAFFAgdEhnGsBbCOQdkQ/RbY2flHONv8PQpT5YYd1L5wcbV
sW9MJKRpNCPUegAtoOJ/S31y9qRxZulT0WIs8y5wf8S0KlCTGIc4cGFv5FKizC64
UkLI77XqJlxhNHlwzI/w3L/hXoECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTmmEVr
MwsprcvZYiYrLs1u4x+D0DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzgzYzFmNmQtNGUwZS00ZTMzLWEyY2UtZjQ5Mzg2ZGNjMWYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjgMA0G
CSqGSIb3DQEBCwUAA4IBAQBaO7zDGxSWusSumKlnHmNoKiyfJBanw1gelRQQthlN
Inqbwwnsj1oZOS59Eak7ws4OElk8xRmxCGfL9B0BFKI6wFVLO8/oeFQvE1V49X+p
OkRmXmOlZVmMp1iS/OBXmOTcJdHYg3f1x3ykJoTGxAuyzghA6mUGsYjqXSZKVWiB
mfbT262yRIlCZWk1KnaQdeJTyizVhzGOY1lNZ19CgN7JzB2tMo7mOiAFCG5GIl5e
9whTSrknHGgK2hYOnL8JlwGPMtFfb4VFN7KYrx62oz6sq4jprSuBEHd6I9FK2Hw3
zUePC5l7h4QctKxblNMp+GYfBqLb1DYtarbDHk3QpEkc
-----END CERTIFICATE-----
Generated at Sun Oct 26 06:40:28 2025 by rpki-client