Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
File: 57870f13-82ea-4955-953f-742413b6a651.roa (raw, json)
Hash identifier: l+4a1bBIB7/+m1gnpkCfsjrH523MrU9GBYGUyvovyDg=
Subject key identifier: AC:3A:7D:98:96:11:63:FF:F5:75:64:4C:98:DB:DE:25:15:9B:C1:2D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 45427E58C8EFF3E73A604D91C9F53E125E0C3925
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
Signing time: Sat 27 Sep 2025 00:52:29 +0000
ROA not before: Sat 27 Sep 2025 00:52:29 +0000
ROA not after: Sat 01 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:42:7e:58:c8:ef:f3:e7:3a:60:4d:91:c9:f5:3e:12:5e:0c:39:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 27 00:52:29 2025 GMT
Not After : Nov 1 23:59:59 2025 GMT
Subject: serialNumber=1cf8d6db6a33a654b503f43d650929a9fcd5eede81884d691f83c1782cd2da9f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:e2:ce:7b:70:b0:ae:5a:f0:f7:c9:8f:0d:8c:
15:7b:05:a4:d7:36:e4:0c:e2:89:bd:6d:02:73:29:
0f:61:12:84:9c:29:65:9d:fa:ae:86:23:34:c8:25:
de:20:bd:03:e9:ed:a5:35:23:36:4c:c4:58:e7:cb:
06:0f:21:ca:4e:fb:00:3b:53:ba:5c:29:81:77:57:
e1:0d:aa:f8:08:ac:fe:bb:d1:38:b0:c7:0f:48:77:
cc:e4:30:24:d3:bc:82:b9:62:b7:85:da:2e:01:96:
19:83:c0:c4:c5:75:e2:a3:84:c7:01:ad:7d:e0:f7:
2c:0f:f1:a3:ee:a5:a0:b7:3c:ba:cc:d0:f2:42:31:
d4:9d:30:65:4a:6a:be:62:ad:f4:62:84:76:99:59:
d6:69:04:89:7f:ea:6b:19:17:db:b9:58:b6:2c:18:
b4:e6:ba:16:83:b6:fa:ba:55:29:b9:cf:f0:f2:b6:
42:38:4d:36:96:e6:ce:47:42:25:38:e7:b0:3e:bc:
31:03:90:e5:72:55:20:ac:37:f1:68:d6:47:f7:09:
b1:72:0b:1b:6a:91:2a:01:9c:3a:c4:f5:fb:1f:76:
36:0f:38:97:d7:11:4d:98:8c:3e:86:b4:0b:de:0a:
cd:3e:49:d9:82:b2:ae:42:16:ec:87:18:97:20:3b:
e3:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:3A:7D:98:96:11:63:FF:F5:75:64:4C:98:DB:DE:25:15:9B:C1:2D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578::/48
Signature Algorithm: sha256WithRSAEncryption
4c:2c:6c:52:92:53:51:fa:e8:ea:3e:82:37:a9:fa:a2:73:ed:
d9:2d:87:90:bf:00:74:06:b8:68:47:a8:1d:ed:2f:cf:62:b5:
27:c3:4a:1b:d1:32:34:00:0e:67:8a:b5:49:47:bc:e8:5a:41:
65:83:7f:ca:74:24:7a:0a:06:d0:fa:7e:a2:03:41:bd:be:2c:
28:e6:e9:8d:66:06:a0:6a:c1:d2:f9:5a:65:34:dc:fd:95:d6:
8f:82:03:ec:92:17:7d:ce:a8:79:e1:78:4d:a6:3e:83:de:64:
79:d8:39:3d:4b:3e:9d:40:83:2e:be:17:54:c7:67:d2:a2:e9:
4a:4c:81:78:91:fe:46:86:0e:8d:7b:03:d2:aa:fc:00:37:0d:
a8:b2:ff:70:48:0e:01:60:5d:4c:e6:19:e6:15:cc:5c:e5:b3:
fe:dd:d4:14:c1:e2:8e:47:ab:d7:66:af:de:2e:ba:48:78:0a:
ba:4b:39:30:50:31:ce:3b:4b:97:e7:14:88:41:e6:eb:24:73:
f7:3d:53:99:43:ec:b3:31:8c:80:57:d2:93:d0:ab:b5:ae:93:
d3:9e:48:9f:a2:69:0d:25:e1:1b:1f:b5:ae:3d:51:f5:e3:e9:
51:f4:c8:27:ce:38:c2:99:eb:8e:cb:15:bc:23:fb:9e:11:d6:
18:0b:36:b5
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURUJ+WMjv8+c6YE2RyfU+El4MOSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjcwMDUyMjlaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjZjhkNmRiNmEzM2E2NTRiNTAzZjQzZDY1MDkyOWE5ZmNkNWVlZGU4MTg4
NGQ2OTFmODNjMTc4MmNkMmRhOWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALvizntwsK5a8PfJjw2MFXsFpNc25Aziib1tAnMpD2EShJwpZZ36roYjNMgl
3iC9A+ntpTUjNkzEWOfLBg8hyk77ADtTulwpgXdX4Q2q+Ais/rvROLDHD0h3zOQw
JNO8grlit4XaLgGWGYPAxMV14qOExwGtfeD3LA/xo+6loLc8uszQ8kIx1J0wZUpq
vmKt9GKEdplZ1mkEiX/qaxkX27lYtiwYtOa6FoO2+rpVKbnP8PK2QjhNNpbmzkdC
JTjnsD68MQOQ5XJVIKw38WjWR/cJsXILG2qRKgGcOsT1+x92Ng84l9cRTZiMPoa0
C94KzT5J2YKyrkIW7IcYlyA7428CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSsOn2Y
lhFj//V1ZEyY294lFZvBLTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTc4NzBmMTMtODJlYS00OTU1LTk1M2YtNzQyNDEzYjZhNjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
ADANBgkqhkiG9w0BAQsFAAOCAQEATCxsUpJTUfro6j6CN6n6onPt2S2HkL8AdAa4
aEeoHe0vz2K1J8NKG9EyNAAOZ4q1SUe86FpBZYN/ynQkegoG0Pp+ogNBvb4sKObp
jWYGoGrB0vlaZTTc/ZXWj4ID7JIXfc6oeeF4TaY+g95kedg5PUs+nUCDLr4XVMdn
0qLpSkyBeJH+RoYOjXsD0qr8ADcNqLL/cEgOAWBdTOYZ5hXMXOWz/t3UFMHijker
12av3i66SHgKuks5MFAxzjtLl+cUiEHm6yRz9z1TmUPsszGMgFfSk9Crta6T055I
n6JpDSXhGx+1rj1R9ePpUfTIJ844wpnrjssVvCP7nhHWGAs2tQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:52:52 2025 by rpki-client