Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b5ec0568-ce5c-41f8-ae3e-0c14783e4068.roa
File: b5ec0568-ce5c-41f8-ae3e-0c14783e4068.roa (raw, json)
Hash identifier: kqFxdnkziMwtEgC4w4EPjNioqSDqoErBjmghVl2Y0u0=
Subject key identifier: 1B:AF:BA:3A:06:EC:EE:19:81:7F:42:1C:9E:84:44:7D:0E:3C:FB:4B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 6A747324BE027AAC5340314EB9AD95F375453501
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b5ec0568-ce5c-41f8-ae3e-0c14783e4068.roa
Signing time: Tue 05 Aug 2025 20:21:38 +0000
ROA not before: Tue 05 Aug 2025 20:21:38 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 194.198.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6a:74:73:24:be:02:7a:ac:53:40:31:4e:b9:ad:95:f3:75:45:35:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:21:38 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=877ab933a6fd276a8d543dd327c9e79fc9b91df70b9376ffa38158db73bb8b26, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:93:48:5c:92:49:62:40:a1:44:4c:97:a3:8e:
bf:88:bc:1a:1d:b2:96:b1:7d:60:fd:b1:3d:71:3b:
f0:50:a9:b9:a6:81:ca:a5:d1:cc:ed:43:ce:6d:b8:
0c:59:57:c9:25:9a:48:0f:56:6d:28:2b:ca:fe:e1:
19:8f:14:fd:f3:8f:c4:88:b2:14:a3:b3:b5:e5:16:
81:23:a9:6d:41:71:0f:8d:7e:ce:ba:87:e7:de:b5:
8a:07:c9:f6:94:64:13:4b:20:41:be:d5:60:39:82:
63:91:3d:3c:44:26:fc:58:1c:5e:5a:3a:c0:00:b9:
35:87:5a:08:f5:5b:5e:ed:bd:ab:17:50:56:67:3c:
cf:69:dc:6a:b3:0f:32:44:0b:10:6a:9a:a7:ed:3c:
ca:80:92:a6:5a:69:92:ce:d5:d8:4a:64:17:63:ad:
5e:26:2a:a3:30:c2:20:9f:61:c5:c1:94:7f:08:4c:
da:6d:c2:18:20:39:e2:07:81:d4:d9:9b:dd:0e:3d:
84:21:1d:77:5d:9d:ec:58:98:34:69:ff:1c:9f:04:
18:97:97:59:67:4a:81:85:c7:37:6c:32:f7:f5:70:
41:92:ff:fa:54:c7:87:4b:f9:9a:65:92:f1:88:2f:
c3:7d:71:b8:6f:66:2d:5b:a4:e6:b6:49:11:e2:8e:
7f:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:AF:BA:3A:06:EC:EE:19:81:7F:42:1C:9E:84:44:7D:0E:3C:FB:4B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b5ec0568-ce5c-41f8-ae3e-0c14783e4068.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.198.0.0/16
Signature Algorithm: sha256WithRSAEncryption
94:27:06:41:58:3d:99:e4:72:32:af:ca:ee:02:61:96:18:f5:
47:4d:f6:ba:21:6b:da:0d:e1:4e:f4:aa:68:37:5a:68:9b:7d:
82:64:e8:3e:b1:7b:7a:da:fa:d3:c8:80:56:11:cf:25:62:95:
41:c6:80:67:2a:35:2c:db:2b:fb:92:0f:ac:f7:33:d2:d0:18:
cc:29:e7:a4:30:98:3f:23:1e:9e:a4:9c:94:4e:eb:b6:fc:df:
93:c3:90:c3:54:98:f0:a0:52:a6:3d:82:b3:7f:2c:71:fd:e8:
bb:9f:73:dd:a1:cd:43:f5:18:2d:ec:4f:58:a9:07:fd:13:19:
99:be:7f:1f:3f:f8:a2:ea:6b:1c:31:70:6d:89:47:20:f0:78:
1d:72:a8:4f:8c:4e:49:12:c5:5f:d1:29:a4:cc:ea:4f:d2:85:
7a:83:8a:2f:2a:7c:c5:3b:7e:1a:bc:ea:f2:a8:a3:4f:9a:c6:
89:28:e1:df:45:e9:15:9c:cf:c7:ef:72:2e:8b:e8:c2:45:38:
e6:4d:ee:03:8f:8a:7c:56:20:89:04:56:66:22:ba:d2:33:81:
3a:46:31:39:53:8d:6e:db:14:23:7d:2a:dd:f7:2a:47:46:00:
7c:a0:d3:c0:73:ea:eb:39:f8:92:c8:d7:44:8e:35:77:b0:e0:
eb:af:cf:83
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUanRzJL4CeqxTQDFOua2V83VFNQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDIxMzhaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDg3N2FiOTMzYTZmZDI3NmE4ZDU0M2RkMzI3YzllNzlmYzliOTFkZjcwYjkz
NzZmZmEzODE1OGRiNzNiYjhiMjYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALKTSFySSWJAoURMl6OOv4i8Gh2ylrF9YP2xPXE78FCpuaaByqXRzO1Dzm24
DFlXySWaSA9WbSgryv7hGY8U/fOPxIiyFKOzteUWgSOpbUFxD41+zrqH5961igfJ
9pRkE0sgQb7VYDmCY5E9PEQm/FgcXlo6wAC5NYdaCPVbXu29qxdQVmc8z2ncarMP
MkQLEGqap+08yoCSplppks7V2EpkF2OtXiYqozDCIJ9hxcGUfwhM2m3CGCA54geB
1Nmb3Q49hCEdd12d7FiYNGn/HJ8EGJeXWWdKgYXHN2wy9/VwQZL/+lTHh0v5mmWS
8Ygvw31xuG9mLVuk5rZJEeKOf00CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQbr7o6
BuzuGYF/QhyehER9Djz7SzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjVlYzA1NjgtY2U1Yy00MWY4LWFlM2UtMGMxNDc4M2U0MDY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMLGMA0G
CSqGSIb3DQEBCwUAA4IBAQCUJwZBWD2Z5HIyr8ruAmGWGPVHTfa6IWvaDeFO9Kpo
N1pom32CZOg+sXt62vrTyIBWEc8lYpVBxoBnKjUs2yv7kg+s9zPS0BjMKeekMJg/
Ix6epJyUTuu2/N+Tw5DDVJjwoFKmPYKzfyxx/ei7n3Pdoc1D9Rgt7E9YqQf9ExmZ
vn8fP/ii6mscMXBtiUcg8HgdcqhPjE5JEsVf0SmkzOpP0oV6g4ovKnzFO34avOry
qKNPmsaJKOHfRekVnM/H73Iui+jCRTjmTe4Dj4p8ViCJBFZmIrrSM4E6RjE5U41u
2xQjfSrd9ypHRgB8oNPAc+rrOfiSyNdEjjV3sODrr8+D
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:39:58 2025 by rpki-client