Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
File: 69988e45-d4fb-4896-be53-951c20d12c48.roa (raw, json)
Hash identifier: yUKpI2JPr9g1RriknP3NPGYBcA1yc3EeztqQSRWL8rM=
Subject key identifier: CE:34:55:01:F5:CD:4C:99:1E:73:97:13:24:0B:34:AB:74:0B:32:E2
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2A9D0353EEC0B6C89F83202E9060CF4C6BE93459
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
Signing time: Tue 21 Oct 2025 15:00:31 +0000
ROA not before: Tue 21 Oct 2025 15:00:31 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a11:47c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 25 Oct 2025 15:30:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:9d:03:53:ee:c0:b6:c8:9f:83:20:2e:90:60:cf:4c:6b:e9:34:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 15:00:31 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=1ca64bf2a6ef1fb623e7a05ab9624366264903479c40bde6ce526806ec857acc, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:c3:04:b1:8e:5e:58:de:b6:86:67:bf:36:8a:
32:59:71:9b:9d:d5:c1:98:e2:d8:c8:03:cb:d5:c4:
5e:f4:e7:92:ac:6a:2a:bf:c0:59:c0:6a:f2:55:a6:
c3:eb:04:61:1c:8f:31:ec:2a:72:3e:1b:74:d8:bb:
22:dc:8b:4f:26:d7:40:57:0e:c6:a5:1f:c1:0d:ea:
88:80:cb:f2:79:cd:0a:e3:05:9c:d4:54:87:ed:80:
71:42:45:d3:ec:75:6e:87:df:4c:f0:99:cd:4b:a4:
bd:83:42:83:a2:e2:e3:d5:0a:00:e4:b5:7b:54:1c:
d2:af:ba:ab:13:e6:b8:f3:d0:10:e5:11:68:64:90:
b8:da:89:b2:88:e3:ec:3b:a5:4f:50:5d:5a:e1:e8:
98:25:86:99:eb:d1:6c:cd:9a:84:2a:d9:69:c5:a5:
f0:8d:dc:54:b8:bb:4b:9f:56:d3:ee:c0:a3:ac:d3:
5e:67:db:ff:c0:0e:c7:30:42:cc:a0:e1:db:81:69:
c7:ac:8e:85:df:f9:a4:7a:22:41:db:13:0f:46:79:
7d:47:5f:3d:71:ee:b7:07:a7:83:da:35:01:ba:f8:
27:e2:7d:d0:bb:0b:dc:0d:39:2f:57:d2:e1:88:f2:
e2:8a:61:f4:cf:85:26:80:20:7e:ec:0a:d5:c5:b2:
75:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:34:55:01:F5:CD:4C:99:1E:73:97:13:24:0B:34:AB:74:0B:32:E2
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:47c0::/29
Signature Algorithm: sha256WithRSAEncryption
92:aa:85:dc:a7:44:27:a6:77:55:23:60:e1:71:c7:4f:ad:be:
7f:6a:a9:d2:22:d4:0d:5d:54:54:ef:76:00:3b:04:6d:78:e3:
2a:a9:e4:6e:2d:b3:59:35:c2:a2:30:f5:2a:12:76:09:23:2c:
b0:0a:2b:27:27:7f:a7:65:c2:4e:0c:cf:3e:2e:85:21:b5:37:
b2:f6:d3:b2:5a:b4:a8:0d:43:7c:63:7e:d3:2a:0c:5a:5c:cc:
9e:c2:2d:31:c0:1a:5d:27:03:af:8e:3e:97:43:f5:2f:10:b4:
9c:b0:3c:bb:cb:ec:79:50:45:d4:7b:95:cf:47:bd:26:e8:5c:
89:ac:ee:f0:52:df:09:25:02:ce:4c:ac:f3:d6:70:00:17:b6:
c7:3a:1c:cb:85:3c:63:6a:2d:4b:71:21:47:e5:93:af:6d:33:
db:3e:87:4c:5f:43:91:a4:db:91:ad:f5:35:d3:17:43:33:f4:
6b:87:c3:bb:2d:a7:a2:9f:47:62:9e:ac:13:eb:ac:2f:a5:b1:
09:f1:03:2a:b6:cb:9d:f4:cd:69:b8:83:67:aa:52:1f:76:ee:
65:5f:2b:c5:88:b7:45:31:ed:3c:a8:b6:63:26:4f:8e:d5:5f:
ce:6c:ae:f7:68:fb:76:c9:32:68:2b:a1:32:c5:7b:95:be:45:
36:b1:be:56
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUKp0DU+7AtsifgyAukGDPTGvpNFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNTAwMzFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjYTY0YmYyYTZlZjFmYjYyM2U3YTA1YWI5NjI0MzY2MjY0OTAzNDc5YzQw
YmRlNmNlNTI2ODA2ZWM4NTdhY2MxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI3DBLGOXljetoZnvzaKMllxm53VwZji2MgDy9XEXvTnkqxqKr/AWcBq8lWm
w+sEYRyPMewqcj4bdNi7ItyLTybXQFcOxqUfwQ3qiIDL8nnNCuMFnNRUh+2AcUJF
0+x1boffTPCZzUukvYNCg6Li49UKAOS1e1Qc0q+6qxPmuPPQEOURaGSQuNqJsojj
7DulT1BdWuHomCWGmevRbM2ahCrZacWl8I3cVLi7S59W0+7Ao6zTXmfb/8AOxzBC
zKDh24Fpx6yOhd/5pHoiQdsTD0Z5fUdfPXHutweng9o1Abr4J+J90LsL3A05L1fS
4Yjy4oph9M+FJoAgfuwK1cWydXkCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBTONFUB
9c1MmR5zlxMkCzSrdAsy4jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njk5ODhlNDUtZDRmYi00ODk2LWJlNTMtOTUxYzIwZDEyYzQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoRR8Aw
DQYJKoZIhvcNAQELBQADggEBAJKqhdynRCemd1UjYOFxx0+tvn9qqdIi1A1dVFTv
dgA7BG144yqp5G4ts1k1wqIw9SoSdgkjLLAKKycnf6dlwk4Mzz4uhSG1N7L207Ja
tKgNQ3xjftMqDFpczJ7CLTHAGl0nA6+OPpdD9S8QtJywPLvL7HlQRdR7lc9HvSbo
XIms7vBS3wklAs5MrPPWcAAXtsc6HMuFPGNqLUtxIUflk69tM9s+h0xfQ5Gk25Gt
9TXTF0Mz9GuHw7stp6KfR2KerBPrrC+lsQnxAyq2y530zWm4g2eqUh927mVfK8WI
t0Ux7TyotmMmT47VX85srvdo+3bJMmgroTLFe5W+RTaxvlY=
-----END CERTIFICATE-----
Generated at Fri Oct 24 19:36:12 2025 by rpki-client