Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5112f144-85b1-4c62-8729-84d86ff353a1.roa
File: 5112f144-85b1-4c62-8729-84d86ff353a1.roa (raw, json)
Hash identifier: hEy6gy91MTxBLuChSzx/vaTZUh0u4LUbyHLOrGdhM0A=
Subject key identifier: 37:CC:2F:4B:5E:15:4E:43:FA:DE:92:6B:C6:BF:A8:9B:4B:EC:30:9C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0A5E6570CB9A0EB1B188CB149D895147E07E3503
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5112f144-85b1-4c62-8729-84d86ff353a1.roa
Signing time: Mon 06 Oct 2025 18:10:05 +0000
ROA not before: Mon 06 Oct 2025 18:10:05 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 84.48.128.0/17 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:5e:65:70:cb:9a:0e:b1:b1:88:cb:14:9d:89:51:47:e0:7e:35:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 6 18:10:05 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=3bbff2e9f4ddfde7b09e40770f50c273bd2042d205131559e3e9dd0f1bc26749, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:b2:79:0f:9e:43:92:2a:9e:6f:9a:d3:43:d1:
1e:ad:4d:3a:f2:9c:bd:e4:f6:85:81:d0:a9:a7:ed:
ea:85:0a:a2:5e:d8:10:c0:34:86:ce:3a:e3:c2:45:
97:fc:0c:eb:4c:9d:98:93:f5:b4:69:19:a8:fd:12:
c8:c2:7f:35:bf:60:55:3e:08:2c:37:b9:ef:5b:d1:
8e:91:ed:39:9e:53:64:e5:6f:5e:2b:eb:30:47:08:
b3:44:cf:62:25:e6:05:9d:20:b2:01:6d:94:ba:5c:
a1:da:57:47:e6:29:cd:b6:e6:08:21:c8:30:dd:ad:
56:82:7f:ea:56:78:a7:ab:a6:7e:16:9b:b6:ea:ff:
9b:ad:b9:01:0a:d3:15:ff:3e:a6:36:fc:64:1c:48:
5a:4c:25:a1:1b:c6:c1:9d:70:70:0d:2e:7f:91:99:
d6:65:b2:5f:7b:3e:c8:b3:54:39:a6:49:b9:71:34:
b1:ce:ca:e4:0d:84:d0:21:d9:ca:1d:3b:f9:5e:c8:
df:f1:84:d1:67:3f:47:c0:4b:e1:0f:18:84:4c:bf:
6f:32:11:76:94:74:76:34:35:1d:a7:0d:1d:5e:c6:
21:75:44:9d:67:64:06:61:f2:a4:8f:31:2a:38:3d:
f0:0b:04:61:74:57:1f:3b:ad:a4:8d:25:c7:5a:4e:
dd:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:CC:2F:4B:5E:15:4E:43:FA:DE:92:6B:C6:BF:A8:9B:4B:EC:30:9C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5112f144-85b1-4c62-8729-84d86ff353a1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.48.128.0/17
Signature Algorithm: sha256WithRSAEncryption
20:97:02:45:b5:3c:9c:74:bf:a8:81:50:f8:06:2f:1d:1f:32:
a9:a1:d4:eb:56:27:e5:0a:63:33:08:60:da:70:76:06:b6:64:
45:6d:d5:bb:97:53:9f:de:6c:7d:8c:b4:00:6d:ff:bd:61:47:
b3:90:f1:94:6f:0f:d4:68:c3:58:93:07:7f:16:b7:8e:e5:1f:
20:e5:f8:64:8c:3e:d7:bd:e7:78:2f:ef:6a:f3:bc:05:ef:57:
f1:0e:b5:c8:90:0c:2d:32:95:90:3f:61:ad:87:be:fb:5b:d5:
d2:53:78:27:af:6e:50:ba:e8:ac:f0:fd:36:a2:d1:07:99:45:
64:69:96:e3:30:97:eb:d5:b7:9c:82:d3:5f:94:cd:25:d5:91:
56:e9:66:55:17:b4:ce:ec:fc:58:4d:29:96:1d:17:ed:7f:93:
2b:ea:6b:d5:99:5a:91:c6:a0:39:43:48:8a:74:48:06:f0:2d:
a8:6c:aa:91:c5:97:de:e4:ba:dc:51:80:4a:5b:07:78:66:7b:
50:2c:0b:d0:0a:40:1c:9c:ed:73:10:1b:61:af:99:79:52:4a:
dd:eb:68:46:4a:3c:1b:f0:39:c0:ad:83:17:61:ef:6e:fe:8c:
51:cf:3b:14:bf:f8:01:13:be:cd:eb:78:1e:70:2f:95:08:50:
4b:b0:b4:5a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCl5lcMuaDrGxiMsUnYlRR+B+NQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMDYxODEwMDVaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDNiYmZmMmU5ZjRkZGZkZTdiMDllNDA3NzBmNTBjMjczYmQyMDQyZDIwNTEz
MTU1OWUzZTlkZDBmMWJjMjY3NDkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+yeQ+eQ5Iqnm+a00PRHq1NOvKcveT2hYHQqaft6oUKol7YEMA0hs4648JF
l/wM60ydmJP1tGkZqP0SyMJ/Nb9gVT4ILDe571vRjpHtOZ5TZOVvXivrMEcIs0TP
YiXmBZ0gsgFtlLpcodpXR+YpzbbmCCHIMN2tVoJ/6lZ4p6umfhabtur/m625AQrT
Ff8+pjb8ZBxIWkwloRvGwZ1wcA0uf5GZ1mWyX3s+yLNUOaZJuXE0sc7K5A2E0CHZ
yh07+V7I3/GE0Wc/R8BL4Q8YhEy/bzIRdpR0djQ1HacNHV7GIXVEnWdkBmHypI8x
Kjg98AsEYXRXHzutpI0lx1pO3eMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ3zC9L
XhVOQ/rekmvGv6ibS+wwnDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTExMmYxNDQtODViMS00YzYyLTg3MjktODRkODZmZjM1M2ExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB1QwgDAN
BgkqhkiG9w0BAQsFAAOCAQEAIJcCRbU8nHS/qIFQ+AYvHR8yqaHU61Yn5QpjMwhg
2nB2BrZkRW3Vu5dTn95sfYy0AG3/vWFHs5DxlG8P1GjDWJMHfxa3juUfIOX4ZIw+
173neC/vavO8Be9X8Q61yJAMLTKVkD9hrYe++1vV0lN4J69uULrorPD9NqLRB5lF
ZGmW4zCX69W3nILTX5TNJdWRVulmVRe0zuz8WE0plh0X7X+TK+pr1ZlakcagOUNI
inRIBvAtqGyqkcWX3uS63FGASlsHeGZ7UCwL0ApAHJztcxAbYa+ZeVJK3etoRko8
G/A5wK2DF2Hvbv6MUc87FL/4ARO+zet4HnAvlQhQS7C0Wg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:52:37 2025 by rpki-client