Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
File: 6df8accc-a525-49ec-ad13-7401de62f775.roa (raw, json)
Hash identifier: lL+De9I1LAWJ4/+pAltVK+x8CHf0oQhsg76Ba+ZcCHI=
Subject key identifier: 5B:4D:5A:FE:34:2F:64:0F:B0:10:BC:23:D1:3E:54:2C:FD:52:6C:F4
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 065D6FF567EB04746E0807E698DB373B9BB736E2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
Signing time: Sat 15 Nov 2025 06:40:08 +0000
ROA not before: Sat 15 Nov 2025 06:40:08 +0000
ROA not after: Sat 20 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.109.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 21:55:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:5d:6f:f5:67:eb:04:74:6e:08:07:e6:98:db:37:3b:9b:b7:36:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Nov 15 06:40:08 2025 GMT
Not After : Dec 20 23:59:59 2025 GMT
Subject: serialNumber=116154d5e4436d409ecf559ce069dea0f33dcf6340d0fb328de5bf1647bbf1d6, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:9c:f5:16:27:7b:76:d8:59:5c:80:f8:2f:01:
dc:bd:2e:5b:81:22:0d:a4:92:c7:2b:dd:7f:ef:c9:
82:19:53:1d:38:52:ca:69:2c:bd:e1:fe:0d:ed:40:
20:2f:1a:cd:b3:cc:a1:21:7d:62:c9:91:eb:01:5f:
e3:09:e9:08:6a:87:33:96:be:df:bf:83:25:20:33:
02:2e:6a:61:7f:b4:7b:c5:71:c5:5a:1b:03:63:64:
59:cb:8d:46:6d:bc:a5:7d:1c:db:25:f5:79:ce:88:
29:e8:d0:58:aa:f1:3f:2e:1e:30:df:31:0c:23:bf:
cc:9f:d1:29:df:bb:53:e4:1a:64:7f:09:89:8b:1d:
74:1f:4d:fa:52:5d:3e:a8:f8:70:eb:c3:23:2b:36:
03:91:4f:7f:f7:ff:62:79:ef:6c:f6:5e:a0:28:4e:
65:98:b3:24:9a:7b:49:c2:9e:f2:af:e1:b4:1c:6b:
0f:6d:d9:79:69:71:86:44:91:c7:98:93:12:19:c2:
de:47:6b:a8:01:36:a4:c6:bb:91:50:f7:b9:f0:2b:
a2:3d:fe:01:a1:43:f5:62:97:f8:aa:fb:ff:9d:23:
40:34:47:ec:f5:0e:f0:92:fc:47:a1:a8:65:8e:33:
0f:0d:29:01:0d:28:3c:6c:b8:d0:2e:e9:9d:20:b5:
33:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:4D:5A:FE:34:2F:64:0F:B0:10:BC:23:D1:3E:54:2C:FD:52:6C:F4
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.109.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a2:73:62:ec:a4:e9:f6:12:9a:8c:cd:39:4b:08:0e:67:b0:b1:
fd:28:d7:45:67:00:7a:e7:c2:bd:f5:c5:6e:04:23:05:2e:82:
89:1e:24:0a:4b:89:76:9f:ff:ab:d6:d0:10:2e:63:48:0e:62:
5f:72:81:73:a3:28:51:c7:5f:23:a1:ab:b3:15:24:23:08:c6:
7b:72:34:8e:6a:1a:6f:86:d6:80:b2:b5:59:7c:7d:87:c5:cc:
9f:a6:46:5c:cd:8f:52:0c:0c:38:f9:e6:75:dc:f1:fa:6a:d6:
da:90:73:95:2b:99:d2:da:df:fb:cf:d7:6d:f0:37:59:fe:ad:
d9:a1:8e:9e:58:01:39:39:b1:8d:4e:55:c9:79:54:1f:82:3a:
e1:7e:bc:c4:22:74:3e:5b:c6:e8:72:68:48:3e:80:7b:e5:05:
21:82:45:58:be:62:4d:ee:86:ea:12:66:a3:a1:ac:9f:a2:de:
d4:0b:a8:61:76:aa:d7:49:ac:84:7d:6a:01:aa:64:d8:83:8d:
c7:0a:67:bc:a8:7e:53:46:a8:00:d9:d2:63:96:12:32:3a:ad:
96:ff:9d:e4:2f:af:aa:3b:f9:b7:7c:d9:98:1c:aa:e3:39:e1:
a3:de:81:91:4c:4f:7f:8a:23:aa:0c:0e:26:3d:5d:a8:ac:00:
9e:b4:b4:2a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBl1v9WfrBHRuCAfmmNs3O5u3NuIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTExMTUwNjQwMDhaFw0yNTEyMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDExNjE1NGQ1ZTQ0MzZkNDA5ZWNmNTU5Y2UwNjlkZWEwZjMzZGNmNjM0MGQw
ZmIzMjhkZTViZjE2NDdiYmYxZDYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL+c9RYne3bYWVyA+C8B3L0uW4EiDaSSxyvdf+/JghlTHThSymksveH+De1A
IC8azbPMoSF9YsmR6wFf4wnpCGqHM5a+37+DJSAzAi5qYX+0e8VxxVobA2NkWcuN
Rm28pX0c2yX1ec6IKejQWKrxPy4eMN8xDCO/zJ/RKd+7U+QaZH8JiYsddB9N+lJd
Pqj4cOvDIys2A5FPf/f/YnnvbPZeoChOZZizJJp7ScKe8q/htBxrD23ZeWlxhkSR
x5iTEhnC3kdrqAE2pMa7kVD3ufAroj3+AaFD9WKX+Kr7/50jQDRH7PUO8JL8R6Go
ZY4zDw0pAQ0oPGy40C7pnSC1M70CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRbTVr+
NC9kD7AQvCPRPlQs/VJs9DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmRmOGFjY2MtYTUyNS00OWVjLWFkMTMtNzQwMWRlNjJmNzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ9tMA0G
CSqGSIb3DQEBCwUAA4IBAQCic2LspOn2EpqMzTlLCA5nsLH9KNdFZwB658K99cVu
BCMFLoKJHiQKS4l2n/+r1tAQLmNIDmJfcoFzoyhRx18joauzFSQjCMZ7cjSOahpv
htaAsrVZfH2HxcyfpkZczY9SDAw4+eZ13PH6atbakHOVK5nS2t/7z9dt8DdZ/q3Z
oY6eWAE5ObGNTlXJeVQfgjrhfrzEInQ+W8bocmhIPoB75QUhgkVYvmJN7obqEmaj
oayfot7UC6hhdqrXSayEfWoBqmTYg43HCme8qH5TRqgA2dJjlhIyOq2W/53kL6+q
O/m3fNmYHKrjOeGj3oGRTE9/iiOqDA4mPV2orACetLQq
-----END CERTIFICATE-----
Generated at Tue Nov 18 03:01:03 2025 by rpki-client