Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
File: 6df8accc-a525-49ec-ad13-7401de62f775.roa (raw, json)
Hash identifier: 939LbhU0xEu0Oa2t8HBK9mI0ix9E7jvAs+wkdzvNQ9s=
Subject key identifier: 11:95:8E:F8:20:B8:46:46:2A:0D:61:0A:92:E3:55:58:D8:FF:71:73
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3C43614742EE644A0D46CAC7FDED38A329D74FEF
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
Signing time: Mon 01 Sep 2025 21:20:12 +0000
ROA not before: Mon 01 Sep 2025 21:20:12 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.109.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 15:33:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:43:61:47:42:ee:64:4a:0d:46:ca:c7:fd:ed:38:a3:29:d7:4f:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:20:12 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=2cae2276ef936cf1a9ac784a86157ef0dc3c016c17f637361c4dba226e122b9f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:86:89:f1:82:63:cd:64:14:83:59:e6:07:a4:
7f:10:0f:87:d3:2d:9b:85:31:b8:71:b5:25:e6:69:
5d:31:9f:ef:bf:4c:9d:fc:76:71:28:a5:60:20:db:
8a:6d:ce:3a:d9:be:04:cd:58:f3:67:fc:60:c7:91:
31:04:f8:32:c9:40:1d:48:af:24:8a:b2:7e:9d:52:
c3:6a:60:72:b7:ff:b2:b9:d1:4a:d5:20:5a:a9:e5:
37:1c:a7:c5:c6:c5:81:96:e4:f0:21:60:35:0f:d9:
57:ca:e6:aa:af:5d:2a:63:38:ec:89:3c:1f:59:ca:
da:f9:ae:11:e5:fa:7f:ba:3a:bc:88:c0:3b:b0:de:
75:89:41:0c:10:a8:be:99:35:ff:35:b0:f8:5e:5b:
6d:a5:6c:ff:b7:f3:ce:29:d1:bd:03:50:ea:51:aa:
48:d6:47:c6:79:5c:97:59:33:c5:46:39:fe:fe:27:
84:01:5c:65:51:b1:8f:e2:b3:7d:b6:dd:39:79:f9:
b0:24:46:06:11:18:42:0c:9a:05:68:c2:5e:a1:6d:
b3:a7:cb:4b:b9:52:b7:10:9f:6f:41:0e:89:dc:e3:
2e:7e:fe:5d:c7:be:32:47:96:1a:82:c9:03:c9:54:
9c:27:c2:53:16:21:63:d1:46:77:20:8f:2e:85:09:
0c:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:95:8E:F8:20:B8:46:46:2A:0D:61:0A:92:E3:55:58:D8:FF:71:73
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.109.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4f:fa:90:99:8e:92:be:de:b8:0a:a2:11:53:96:b1:a6:bf:ff:
2b:91:f4:3b:06:df:54:b3:c1:1b:8b:bf:24:01:09:4b:a3:f5:
aa:2e:38:cd:5c:3d:62:a3:19:a4:95:29:7b:1d:bd:ce:48:4a:
1d:14:49:39:fc:89:fc:76:0b:6b:5a:fb:45:02:48:ea:42:43:
da:02:db:96:6e:72:5f:93:0f:9b:84:13:17:bd:e3:76:7d:20:
be:bc:a5:74:a6:a8:ca:2f:13:2f:08:24:e7:c3:43:ac:ce:6a:
20:58:5c:a6:c5:26:8d:19:e4:02:7d:1b:7a:3f:47:b8:ad:48:
f7:a4:a7:e9:7c:24:6b:ba:66:e0:53:90:17:19:36:b1:7d:06:
b7:12:29:7f:28:00:48:25:db:be:a1:8f:8d:5d:80:d5:9d:df:
9f:7e:a7:c2:90:31:15:20:d1:8f:f1:7d:f1:5e:78:9b:16:65:
0d:2d:8b:23:83:86:5e:a7:70:76:a6:2b:36:79:29:41:85:2e:
c9:16:12:63:e6:57:55:6f:24:22:25:8a:b0:81:1c:8c:4b:fb:
d9:79:d6:f8:53:93:32:03:c0:b4:28:09:ca:61:d4:63:c7:b3:
47:d6:47:5b:25:65:ec:ce:30:85:95:a5:7a:fc:15:ad:88:7e:
b8:f7:79:93
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUPENhR0LuZEoNRsrH/e04oynXT+8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTIwMTJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDJjYWUyMjc2ZWY5MzZjZjFhOWFjNzg0YTg2MTU3ZWYwZGMzYzAxNmMxN2Y2
MzczNjFjNGRiYTIyNmUxMjJiOWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOCGifGCY81kFINZ5gekfxAPh9Mtm4UxuHG1JeZpXTGf779Mnfx2cSilYCDb
im3OOtm+BM1Y82f8YMeRMQT4MslAHUivJIqyfp1Sw2pgcrf/srnRStUgWqnlNxyn
xcbFgZbk8CFgNQ/ZV8rmqq9dKmM47Ik8H1nK2vmuEeX6f7o6vIjAO7DedYlBDBCo
vpk1/zWw+F5bbaVs/7fzzinRvQNQ6lGqSNZHxnlcl1kzxUY5/v4nhAFcZVGxj+Kz
fbbdOXn5sCRGBhEYQgyaBWjCXqFts6fLS7lStxCfb0EOidzjLn7+Xce+MkeWGoLJ
A8lUnCfCUxYhY9FGdyCPLoUJDBMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQRlY74
ILhGRioNYQqS41VY2P9xczAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmRmOGFjY2MtYTUyNS00OWVjLWFkMTMtNzQwMWRlNjJmNzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ9tMA0G
CSqGSIb3DQEBCwUAA4IBAQBP+pCZjpK+3rgKohFTlrGmv/8rkfQ7Bt9Us8Ebi78k
AQlLo/WqLjjNXD1ioxmklSl7Hb3OSEodFEk5/In8dgtrWvtFAkjqQkPaAtuWbnJf
kw+bhBMXveN2fSC+vKV0pqjKLxMvCCTnw0OszmogWFymxSaNGeQCfRt6P0e4rUj3
pKfpfCRrumbgU5AXGTaxfQa3Eil/KABIJdu+oY+NXYDVnd+ffqfCkDEVINGP8X3x
XnibFmUNLYsjg4Zep3B2pis2eSlBhS7JFhJj5ldVbyQiJYqwgRyMS/vZedb4U5My
A8C0KAnKYdRjx7NH1kdbJWXszjCFlaV6/BWtiH6493mT
-----END CERTIFICATE-----
Generated at Wed Sep 17 19:49:31 2025 by rpki-client