Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
File: 6df8accc-a525-49ec-ad13-7401de62f775.roa (raw, json)
Hash identifier: 3V2POqgvGXbFMU3sVPeyJ0YTPYsaSQgNrEwPUqrtsfc=
Subject key identifier: BD:41:20:4F:06:A5:6F:FF:2A:12:22:D7:FD:4E:E3:69:57:54:17:4F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0393C65CCA2F66538BBB4C00169E87DA1082DEF0
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
Signing time: Tue 21 Oct 2025 14:50:18 +0000
ROA not before: Tue 21 Oct 2025 14:50:18 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.109.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:93:c6:5c:ca:2f:66:53:8b:bb:4c:00:16:9e:87:da:10:82:de:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:18 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=e20f04ee706669730f33f600155c4271d6be021b94e6de8d3db947438057744f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:d0:1b:fc:93:ff:04:ed:14:eb:ec:df:0f:f1:
d7:cf:b6:81:c6:e5:73:1f:52:04:f7:8b:e8:d4:bf:
cd:6e:0d:02:87:f9:b8:c8:8b:9f:42:04:66:94:fa:
70:5e:bd:c2:15:b6:69:ae:ab:de:6d:93:c8:c5:85:
f7:c1:94:e3:4e:82:ee:12:af:fd:44:73:ba:d8:2e:
4e:a6:a8:50:5b:0d:41:40:74:ad:f9:5c:0c:81:73:
55:bd:03:81:55:03:41:0a:d4:05:06:67:95:fd:89:
66:8a:f9:8e:42:ef:26:fb:24:a9:09:82:4e:d2:ba:
56:df:a5:5d:28:50:0e:bc:ab:d6:61:d2:6f:91:39:
79:36:1f:95:dc:3c:19:88:f3:58:4a:32:3c:bd:7c:
18:f3:58:08:cd:bb:e7:5c:1c:69:b3:de:d9:fc:6d:
6b:28:9c:c9:f3:c1:2f:c8:a1:00:f8:94:dd:67:98:
93:90:81:c7:9b:a7:61:67:7b:b5:de:cd:d2:d5:15:
6d:96:fe:46:cd:94:c3:bc:55:dc:ff:cc:ef:c6:9c:
e9:65:e8:2e:f8:36:86:7b:9e:0e:03:73:e2:35:cc:
5b:bf:85:27:98:69:a0:8b:fc:68:94:78:63:3c:ee:
8c:28:c2:f7:00:d6:3d:dd:79:ac:e5:56:f8:13:df:
39:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:41:20:4F:06:A5:6F:FF:2A:12:22:D7:FD:4E:E3:69:57:54:17:4F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.109.0.0/16
Signature Algorithm: sha256WithRSAEncryption
68:15:71:62:f0:35:3e:04:b1:78:86:25:d6:82:2e:1b:23:6e:
66:89:3d:9b:44:2e:c7:31:56:57:4e:52:5c:10:70:92:dc:45:
92:24:b8:a6:04:7a:83:66:27:6e:20:c4:29:a9:59:b9:2a:89:
14:3d:bf:88:42:52:8d:01:a0:71:e4:36:3e:1d:99:6e:8e:05:
53:4d:f4:92:0a:b0:9d:ea:3d:bd:d1:2a:76:56:fa:35:2a:38:
bb:a1:10:30:62:fa:74:2f:83:39:bf:a6:21:0e:97:41:9f:1a:
15:57:17:d7:73:20:0f:af:1e:89:d9:d4:1f:e1:4d:4e:63:8c:
f1:9d:94:33:9f:17:4f:5d:90:8b:56:9b:51:bd:46:03:22:14:
c6:24:78:1c:81:ba:62:78:5e:80:8e:17:b4:62:3c:2c:3f:c9:
a6:83:bd:c4:f8:40:32:b5:e6:1f:ec:cc:02:1c:72:68:40:4e:
16:26:1f:d5:9b:00:fa:db:fc:39:55:42:b1:26:40:62:a2:4b:
ea:70:7a:60:26:e9:65:42:54:cd:fb:19:9f:95:d4:49:d4:41:
35:b7:8a:3a:e2:d5:21:77:4b:fe:59:b6:ed:09:b1:c7:af:3b:
f6:e0:95:e6:02:dd:79:ba:cf:41:07:92:03:56:22:2e:c5:08:
41:d2:7c:25
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUA5PGXMovZlOLu0wAFp6H2hCC3vAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMThaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyMGYwNGVlNzA2NjY5NzMwZjMzZjYwMDE1NWM0MjcxZDZiZTAyMWI5NGU2
ZGU4ZDNkYjk0NzQzODA1Nzc0NGYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANTQG/yT/wTtFOvs3w/x18+2gcblcx9SBPeL6NS/zW4NAof5uMiLn0IEZpT6
cF69whW2aa6r3m2TyMWF98GU406C7hKv/URzutguTqaoUFsNQUB0rflcDIFzVb0D
gVUDQQrUBQZnlf2JZor5jkLvJvskqQmCTtK6Vt+lXShQDryr1mHSb5E5eTYfldw8
GYjzWEoyPL18GPNYCM2751wcabPe2fxtayicyfPBL8ihAPiU3WeYk5CBx5unYWd7
td7N0tUVbZb+Rs2Uw7xV3P/M78ac6WXoLvg2hnueDgNz4jXMW7+FJ5hpoIv8aJR4
YzzujCjC9wDWPd15rOVW+BPfORsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS9QSBP
BqVv/yoSItf9TuNpV1QXTzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmRmOGFjY2MtYTUyNS00OWVjLWFkMTMtNzQwMWRlNjJmNzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ9tMA0G
CSqGSIb3DQEBCwUAA4IBAQBoFXFi8DU+BLF4hiXWgi4bI25miT2bRC7HMVZXTlJc
EHCS3EWSJLimBHqDZiduIMQpqVm5KokUPb+IQlKNAaBx5DY+HZlujgVTTfSSCrCd
6j290Sp2Vvo1Kji7oRAwYvp0L4M5v6YhDpdBnxoVVxfXcyAPrx6J2dQf4U1OY4zx
nZQznxdPXZCLVptRvUYDIhTGJHgcgbpieF6Ajhe0YjwsP8mmg73E+EAyteYf7MwC
HHJoQE4WJh/VmwD62/w5VUKxJkBiokvqcHpgJullQlTN+xmfldRJ1EE1t4o64tUh
d0v+WbbtCbHHrzv24JXmAt15us9BB5IDViIuxQhB0nwl
-----END CERTIFICATE-----
Generated at Tue Oct 28 02:59:55 2025 by rpki-client