Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa
File: 3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa (raw, json)
Hash identifier: m7xpObre6BbFLve86m76zBgXjDwA13U5YmzbDN08MpA=
Subject key identifier: 5E:1E:88:6E:8D:A2:A4:0E:B6:F7:29:4A:00:EA:3E:9F:E3:78:FD:8D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4F39DAA96D717FB2B05DC84734FDFB8884CD31AA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa
Signing time: Mon 06 Oct 2025 18:10:38 +0000
ROA not before: Mon 06 Oct 2025 18:10:38 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 57.104.0.0/13 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4f:39:da:a9:6d:71:7f:b2:b0:5d:c8:47:34:fd:fb:88:84:cd:31:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 6 18:10:38 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=e29ac41e877378626e7c68e0591b0cc60e7fe6c181e9e066b3aa42efa8c71404, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:70:e1:84:87:14:22:16:67:0f:94:eb:2d:cb:
cf:59:50:57:1d:1d:ee:8b:c2:ce:d3:ce:bd:43:7f:
2c:5c:e3:cb:93:56:da:1e:f0:83:fb:72:64:98:d8:
e3:f4:61:b5:5b:4d:37:9f:d9:e2:e7:be:98:37:00:
47:a4:e4:a4:18:9d:89:99:dd:fe:05:f9:83:ae:58:
46:98:29:15:1d:45:59:b8:4f:03:e1:98:87:76:2d:
f8:02:a8:16:f1:61:be:c4:67:dc:ad:58:8b:2b:a1:
c2:32:87:24:96:e7:a0:78:f6:f8:ac:20:52:ea:18:
a5:96:74:f2:85:7e:f7:26:35:be:be:1f:27:62:8c:
41:76:df:93:13:bf:e2:14:0c:0a:2c:c2:ae:b3:17:
34:cb:44:b0:8d:98:79:b9:2d:1e:a7:3c:f0:c7:f2:
08:63:1f:e1:c6:4a:48:02:a5:d9:fb:f5:73:0a:05:
8a:6d:e2:07:12:d2:83:95:20:6e:a4:45:6d:5d:b1:
6a:08:ce:d3:6a:fc:f8:1a:51:05:91:35:02:e7:78:
68:1f:bf:6a:e6:fb:07:c8:03:2b:7a:f8:2d:75:a2:
cb:03:46:5a:2a:57:80:4c:f1:5a:fd:fd:a6:40:7a:
21:f8:81:41:82:f4:12:8c:40:c0:2f:26:b6:6e:c0:
b7:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:1E:88:6E:8D:A2:A4:0E:B6:F7:29:4A:00:EA:3E:9F:E3:78:FD:8D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
57.104.0.0/13
Signature Algorithm: sha256WithRSAEncryption
5e:8e:4f:7a:eb:a3:49:6b:e2:2c:ac:18:49:71:1a:f8:07:58:
11:7e:52:e2:fb:03:a3:32:06:43:d9:8c:ce:c4:3e:26:69:35:
67:11:80:9c:01:54:36:0c:d9:8e:a3:b8:48:c7:2d:a3:0b:85:
55:f8:e3:d4:2a:32:4f:f9:8d:76:95:4d:01:f1:a3:79:b5:34:
87:a2:fa:dd:6e:7b:c1:9d:eb:65:4d:43:07:ac:ee:3e:a9:bd:
3b:e9:00:60:83:fc:da:5f:82:36:0b:21:3e:99:c4:e7:f5:6d:
dc:b9:39:70:16:ad:86:ac:8b:0c:67:ba:fb:5d:9c:8b:11:cc:
64:92:88:68:ac:05:b6:f8:16:9b:77:5d:a1:27:4a:7d:dc:b1:
7d:1a:9f:0c:a4:c3:ab:c4:ab:3f:68:2f:02:e9:31:9c:86:19:
2d:0a:89:d2:7f:5a:9f:cf:24:d0:32:df:4e:a2:74:71:70:6b:
38:6b:e0:ad:4a:9e:8d:d0:45:85:0f:72:c9:42:ae:cd:de:ee:
42:98:bc:4b:de:f9:da:23:ed:7e:7d:e5:fa:53:3f:c4:91:66:
66:aa:79:aa:2c:e2:2a:20:4f:7a:4e:46:26:f2:fb:06:9b:b5:
e3:2c:2d:4c:1c:a4:ef:a1:80:00:b4:75:77:9f:00:ae:3d:27:
78:64:c7:38
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUTznaqW1xf7KwXchHNP37iITNMaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMDYxODEwMzhaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyOWFjNDFlODc3Mzc4NjI2ZTdjNjhlMDU5MWIwY2M2MGU3ZmU2YzE4MWU5
ZTA2NmIzYWE0MmVmYThjNzE0MDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMBw4YSHFCIWZw+U6y3Lz1lQVx0d7ovCztPOvUN/LFzjy5NW2h7wg/tyZJjY
4/RhtVtNN5/Z4ue+mDcAR6TkpBidiZnd/gX5g65YRpgpFR1FWbhPA+GYh3Yt+AKo
FvFhvsRn3K1YiyuhwjKHJJbnoHj2+KwgUuoYpZZ08oV+9yY1vr4fJ2KMQXbfkxO/
4hQMCizCrrMXNMtEsI2YebktHqc88MfyCGMf4cZKSAKl2fv1cwoFim3iBxLSg5Ug
bqRFbV2xagjO02r8+BpRBZE1Aud4aB+/aub7B8gDK3r4LXWiywNGWipXgEzxWv39
pkB6IfiBQYL0EoxAwC8mtm7AtwsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBReHohu
jaKkDrb3KUoA6j6f43j9jTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
M2JiYTU4NGUtMmUwYi00NDkyLTk0YjAtZTcwMTc3YzhmMmNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAzloMA0G
CSqGSIb3DQEBCwUAA4IBAQBejk9666NJa+IsrBhJcRr4B1gRflLi+wOjMgZD2YzO
xD4maTVnEYCcAVQ2DNmOo7hIxy2jC4VV+OPUKjJP+Y12lU0B8aN5tTSHovrdbnvB
netlTUMHrO4+qb076QBgg/zaX4I2CyE+mcTn9W3cuTlwFq2GrIsMZ7r7XZyLEcxk
kohorAW2+Babd12hJ0p93LF9Gp8MpMOrxKs/aC8C6TGchhktConSf1qfzyTQMt9O
onRxcGs4a+CtSp6N0EWFD3LJQq7N3u5CmLxL3vnaI+1+feX6Uz/EkWZmqnmqLOIq
IE96TkYm8vsGm7XjLC1MHKTvoYAAtHV3nwCuPSd4ZMc4
-----END CERTIFICATE-----
Generated at Mon Oct 20 21:15:49 2025 by rpki-client