Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
File: 7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa (raw, json)
Hash identifier: G5CFK/U0soLYvD6Ku3c/Jf7zZpICQ9v4pU8hrbkuXXQ=
Subject key identifier: C2:A4:87:73:6F:99:FE:D0:CA:B0:E9:67:9A:1A:8A:25:EB:F3:FF:A2
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3ABF51F15102F2BFFD2D91B6E915456537B947A6
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
Signing time: Fri 15 Aug 2025 15:50:37 +0000
ROA not before: Fri 15 Aug 2025 15:50:37 +0000
ROA not after: Fri 19 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 185.143.16.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 17:01:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:bf:51:f1:51:02:f2:bf:fd:2d:91:b6:e9:15:45:65:37:b9:47:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 15 15:50:37 2025 GMT
Not After : Sep 19 23:59:59 2025 GMT
Subject: serialNumber=58bc8ecf9c097bffc07b68570b34b511d739e8c6c814fd9524f2fe8ea2045045, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:ad:d2:15:22:41:4e:fc:cf:c0:5f:c3:2c:08:
ff:36:ea:f8:83:53:c5:8f:12:31:2b:fa:26:99:4f:
bc:59:31:ac:9c:f1:e2:aa:28:ba:38:76:a2:46:1f:
55:03:aa:28:b4:64:a5:d5:0a:43:86:e2:8c:00:d9:
30:d2:54:47:3b:b2:f1:69:18:0c:e9:c7:4f:ac:2b:
6f:cd:58:4b:ac:de:a1:ea:2c:2d:70:c5:fc:93:d7:
59:fc:7f:4d:35:1b:e1:54:68:08:ed:02:fe:76:43:
9f:9e:26:88:fb:fa:06:60:d6:26:c1:6f:31:af:80:
01:a0:ec:4f:7c:fb:d3:ae:01:e8:8e:88:6c:89:13:
32:37:ed:f4:32:06:a0:77:e7:e2:19:2c:e2:db:37:
be:6f:16:42:e8:11:d0:6e:ee:18:50:1c:dd:f3:b1:
f6:01:4a:92:29:ab:a8:d2:55:d8:cc:5f:95:5c:08:
08:be:cd:e3:d6:fd:73:e6:8b:20:e2:fc:cc:7b:7e:
48:3e:da:09:29:f0:36:a6:b5:79:e2:32:54:a5:fd:
08:95:c8:21:8e:51:8d:2a:ca:4a:e7:8e:28:d8:23:
74:5b:1f:eb:cf:48:97:1b:f4:27:1e:a1:3a:a7:b7:
73:6b:a2:90:43:55:ca:ce:11:1e:ce:3f:4e:74:49:
16:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:A4:87:73:6F:99:FE:D0:CA:B0:E9:67:9A:1A:8A:25:EB:F3:FF:A2
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.143.16.0/22
Signature Algorithm: sha256WithRSAEncryption
0b:4c:fb:ed:1f:29:21:0c:61:9b:4f:2b:3e:47:62:95:58:ed:
67:09:ea:5a:d0:a4:95:c6:27:31:1d:f4:16:0a:ce:a0:ac:92:
05:9d:16:27:43:5a:45:2e:96:e8:3e:77:30:6e:9f:80:ca:03:
8d:1b:bf:95:63:d7:6d:ab:32:ef:38:37:34:3e:8c:5f:c8:92:
3b:f5:ab:ee:7b:1f:78:1d:64:16:e4:d4:8b:60:01:46:49:8a:
a0:e1:a1:5d:63:36:62:fe:18:49:36:a9:94:9a:64:8e:a1:18:
10:24:9e:73:9c:d3:30:d9:cf:9c:a9:e8:ba:55:8b:57:2c:56:
22:29:0b:6d:fe:26:a2:7f:12:5f:59:c0:98:db:ca:a6:0d:76:
72:e2:95:99:5d:b8:e6:03:3a:bf:84:0c:bf:4d:87:b2:df:63:
33:74:c3:47:bd:59:c6:70:a5:b2:e8:da:cd:a2:8c:b9:07:6d:
ec:91:8f:c1:c1:37:16:2c:ce:60:70:86:e4:63:5f:27:d5:49:
d5:bb:a0:6f:a0:d1:e4:e3:2d:75:35:f6:17:47:a0:c5:89:61:
5e:cb:b3:bb:6b:c6:86:a8:21:c5:00:6d:96:0c:18:98:d0:20:
3f:65:0a:a3:e4:37:76:22:e4:5c:b3:32:93:9d:8d:6d:03:76:
b0:08:dd:16
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUOr9R8VEC8r/9LZG26RVFZTe5R6YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MTUxNTUwMzdaFw0yNTA5MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQDU4YmM4ZWNmOWMwOTdiZmZjMDdiNjg1NzBiMzRiNTExZDczOWU4YzZjODE0
ZmQ5NTI0ZjJmZThlYTIwNDUwNDUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmt0hUiQU78z8BfwywI/zbq+INTxY8SMSv6JplPvFkxrJzx4qooujh2okYf
VQOqKLRkpdUKQ4bijADZMNJURzuy8WkYDOnHT6wrb81YS6zeoeosLXDF/JPXWfx/
TTUb4VRoCO0C/nZDn54miPv6BmDWJsFvMa+AAaDsT3z7064B6I6IbIkTMjft9DIG
oHfn4hks4ts3vm8WQugR0G7uGFAc3fOx9gFKkimrqNJV2MxflVwICL7N49b9c+aL
IOL8zHt+SD7aCSnwNqa1eeIyVKX9CJXIIY5RjSrKSueOKNgjdFsf689Ilxv0Jx6h
Oqe3c2uikENVys4RHs4/TnRJFrMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTCpIdz
b5n+0Mqw6WeaGool6/P/ojAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2E5ZDQ5NzAtOGU5Yy00ZDExLWExYzYtNzcyYTU3MTMzNGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmPEDAN
BgkqhkiG9w0BAQsFAAOCAQEAC0z77R8pIQxhm08rPkdilVjtZwnqWtCklcYnMR30
FgrOoKySBZ0WJ0NaRS6W6D53MG6fgMoDjRu/lWPXbasy7zg3ND6MX8iSO/Wr7nsf
eB1kFuTUi2ABRkmKoOGhXWM2Yv4YSTaplJpkjqEYECSec5zTMNnPnKnoulWLVyxW
IikLbf4mon8SX1nAmNvKpg12cuKVmV245gM6v4QMv02Hst9jM3TDR71ZxnClsuja
zaKMuQdt7JGPwcE3FizOYHCG5GNfJ9VJ1bugb6DR5OMtdTX2F0egxYlhXsuzu2vG
hqghxQBtlgwYmNAgP2UKo+Q3diLkXLMyk52NbQN2sAjdFg==
-----END CERTIFICATE-----
Generated at Thu Aug 21 22:13:27 2025 by rpki-client