Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
File: 95019996-0ef4-4f98-90e2-dd7efc004375.roa (raw, json)
Hash identifier: 2QrJDUJ2MEfp4JgI3tQJyBzfgLkZzplsdvtu1pmr2vg=
Subject key identifier: 38:12:7A:7D:5E:8F:D5:DE:9E:40:8F:9C:E5:CB:0E:6D:4C:DA:FE:62
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0E9E888D39191795D59A06830A298576568223ED
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
Signing time: Tue 21 Oct 2025 14:40:02 +0000
ROA not before: Tue 21 Oct 2025 14:40:02 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.244.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 26 Oct 2025 11:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0e:9e:88:8d:39:19:17:95:d5:9a:06:83:0a:29:85:76:56:82:23:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:02 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=763d151b27183a8eef81ceadea9548a27ffbdaa2f3b9b5714a7e4307b50f8e36, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:6c:89:3e:94:73:2f:c5:a3:53:bd:80:4e:97:
fe:0e:d3:9e:7d:ad:1c:ee:0c:34:49:2b:cc:d5:b4:
a1:9a:29:88:a3:dc:ef:3b:e4:a2:5a:6f:e1:03:d1:
3f:0c:ca:98:23:93:80:37:fb:40:ff:73:46:49:00:
cf:a5:5b:c1:b2:a2:f3:0e:23:2f:0c:e0:3e:13:ec:
af:c4:88:74:36:6f:61:5f:d1:20:f2:cc:35:fc:45:
bf:c5:79:95:d8:33:97:38:8a:07:8f:3d:9c:95:32:
c3:51:c0:d9:2a:45:67:f5:ec:8b:4f:b6:1c:9a:13:
11:87:6f:ea:9f:61:c8:51:17:5d:41:61:19:26:da:
ee:6f:8b:09:b2:0b:0a:e4:ba:41:3b:db:59:6d:b2:
a5:2e:11:5e:3a:7d:5b:45:b9:0e:9e:62:1f:e3:53:
90:13:82:b0:21:e9:9a:7a:db:62:34:9d:dc:7a:ae:
06:99:41:2a:bc:3c:11:8a:10:b5:9c:f1:57:19:9a:
b7:e5:15:1d:47:12:dc:f3:c9:c6:52:f5:1c:0e:8a:
11:cc:f1:a9:dc:81:98:20:92:3f:a6:8e:45:79:d4:
8d:25:8b:c4:ef:d0:21:47:e3:14:d8:b6:cd:d4:51:
6d:c0:44:6d:97:e7:fc:dd:39:6b:b1:29:b3:ca:fb:
6b:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:12:7A:7D:5E:8F:D5:DE:9E:40:8F:9C:E5:CB:0E:6D:4C:DA:FE:62
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.244.0.0/16
Signature Algorithm: sha256WithRSAEncryption
63:e6:da:98:45:cc:b2:c1:ad:4f:60:fb:2b:25:bb:31:ef:c0:
8f:c6:19:c9:ab:20:39:52:ed:62:fa:39:b4:e8:c5:5b:7e:41:
0e:1c:6e:18:49:56:cf:f9:9e:b7:c7:2a:80:84:31:ca:ea:08:
92:89:21:33:94:c6:67:05:14:53:55:38:e2:4a:46:61:23:80:
5b:46:33:99:8b:87:a4:ec:ca:65:c3:d6:98:4b:83:2b:08:bd:
d8:d0:be:a5:6d:d5:e4:43:f7:66:f3:41:1a:95:19:52:38:91:
c3:e2:46:7f:5d:a2:87:81:4f:b1:b3:25:39:b2:c0:26:dc:f1:
27:25:fd:72:9a:74:13:09:96:60:e1:40:45:7c:28:6c:e8:9f:
55:b1:d5:fb:20:5d:f8:1e:10:e2:54:27:98:a3:5b:b8:60:d7:
31:69:67:ec:c0:13:93:b4:ff:6e:62:19:f8:c5:0c:48:8a:8e:
55:c0:d7:61:ca:7d:79:c2:93:a1:84:ac:c2:04:b1:85:92:d9:
94:31:be:c9:b1:1b:da:a8:4e:1e:58:28:59:ee:6d:fe:80:7f:
32:ac:d4:98:98:01:ed:46:9d:ca:93:cf:a8:bb:62:80:a7:1f:
4f:18:de:e6:19:2f:50:26:d7:ee:b1:d8:3e:8e:d3:cd:f0:22:
ea:2a:1e:ca
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDp6IjTkZF5XVmgaDCimFdlaCI+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMDJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc2M2QxNTFiMjcxODNhOGVlZjgxY2VhZGVhOTU0OGEyN2ZmYmRhYTJmM2I5
YjU3MTRhN2U0MzA3YjUwZjhlMzYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANZsiT6Ucy/Fo1O9gE6X/g7Tnn2tHO4MNEkrzNW0oZopiKPc7zvkolpv4QPR
PwzKmCOTgDf7QP9zRkkAz6VbwbKi8w4jLwzgPhPsr8SIdDZvYV/RIPLMNfxFv8V5
ldgzlziKB489nJUyw1HA2SpFZ/Xsi0+2HJoTEYdv6p9hyFEXXUFhGSba7m+LCbIL
CuS6QTvbWW2ypS4RXjp9W0W5Dp5iH+NTkBOCsCHpmnrbYjSd3HquBplBKrw8EYoQ
tZzxVxmat+UVHUcS3PPJxlL1HA6KEczxqdyBmCCSP6aORXnUjSWLxO/QIUfjFNi2
zdRRbcBEbZfn/N05a7Eps8r7a3kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ4Enp9
Xo/V3p5Aj5zlyw5tTNr+YjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTUwMTk5OTYtMGVmNC00Zjk4LTkwZTItZGQ3ZWZjMDA0Mzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ/0MA0G
CSqGSIb3DQEBCwUAA4IBAQBj5tqYRcyywa1PYPsrJbsx78CPxhnJqyA5Uu1i+jm0
6MVbfkEOHG4YSVbP+Z63xyqAhDHK6giSiSEzlMZnBRRTVTjiSkZhI4BbRjOZi4ek
7Mplw9aYS4MrCL3Y0L6lbdXkQ/dm80EalRlSOJHD4kZ/XaKHgU+xsyU5ssAm3PEn
Jf1ymnQTCZZg4UBFfChs6J9VsdX7IF34HhDiVCeYo1u4YNcxaWfswBOTtP9uYhn4
xQxIio5VwNdhyn15wpOhhKzCBLGFktmUMb7JsRvaqE4eWChZ7m3+gH8yrNSYmAHt
Rp3Kk8+ou2KApx9PGN7mGS9QJtfusdg+jtPN8CLqKh7K
-----END CERTIFICATE-----
Generated at Sat Oct 25 18:08:16 2025 by rpki-client