Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c0cc077c-c457-49fe-8373-08e978cb64fd.roa
File: c0cc077c-c457-49fe-8373-08e978cb64fd.roa (raw, json)
Hash identifier: s7kUVcxfeGpjTKeN+Pe9JY4YezHwMggjqhPLYDE6gzk=
Subject key identifier: DF:F0:7E:F2:A8:22:16:3E:68:8D:26:17:F3:8D:D9:C8:A9:FC:84:31
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3855D3459A703982F8DB715CEAB0F8B44E3BC3F5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c0cc077c-c457-49fe-8373-08e978cb64fd.roa
Signing time: Tue 21 Oct 2025 14:50:02 +0000
ROA not before: Tue 21 Oct 2025 14:50:02 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 195.254.0.0/17 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 23:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:55:d3:45:9a:70:39:82:f8:db:71:5c:ea:b0:f8:b4:4e:3b:c3:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:02 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=7dbeb7f2d85b69312322d4cb91365dc45fa00e5ba27047513c37c22e1c22172a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:a0:f9:b7:9b:31:1a:37:18:84:42:db:e1:2a:
c2:67:3a:43:85:6e:34:da:bf:10:2f:d0:a1:25:91:
4f:1f:53:d5:bf:33:5a:e3:62:57:91:49:61:d9:cb:
8e:aa:bd:91:10:6c:65:15:0a:65:e8:19:c6:48:dd:
b0:24:62:43:3d:8d:6a:2e:75:80:59:ca:f3:59:a7:
c0:79:7b:a0:af:b1:b0:f6:58:2d:57:9b:08:bf:8b:
56:a9:3a:b0:c3:eb:de:46:c9:8d:09:9c:b5:ea:f8:
b9:4c:2d:56:e7:7e:3e:ca:96:a7:69:79:aa:1b:e0:
f8:c9:aa:72:bd:6f:49:15:8a:fb:8e:f8:f3:97:6c:
70:54:42:1b:4d:f4:ae:f2:3c:ef:24:5b:b4:52:33:
47:72:26:19:15:ad:e3:c9:4d:6d:2e:97:b6:88:e9:
7c:b6:95:4f:e3:d7:03:5e:4e:5a:f0:f0:fd:94:d0:
96:78:79:b5:61:f2:24:73:f1:c6:13:eb:93:9f:34:
53:13:07:3f:75:dc:0c:5f:11:36:16:71:d0:e6:f7:
11:e7:57:a1:cf:6e:42:38:7b:0f:17:d8:94:0c:ba:
66:a3:cd:5b:9e:98:20:33:f1:b7:c7:df:2a:4c:c4:
c2:a3:7e:91:a8:a0:16:58:41:0e:cd:7c:c0:ba:44:
ee:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:F0:7E:F2:A8:22:16:3E:68:8D:26:17:F3:8D:D9:C8:A9:FC:84:31
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c0cc077c-c457-49fe-8373-08e978cb64fd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.254.0.0/17
Signature Algorithm: sha256WithRSAEncryption
10:ec:db:f9:c2:b2:93:4b:21:a7:db:8b:eb:2a:d5:97:bd:ab:
0e:51:fa:42:ae:ad:34:d3:0a:d2:92:ca:90:3e:81:99:96:15:
1b:d2:76:4c:8b:a8:0d:1d:fc:52:38:b5:7d:35:45:84:0d:59:
2c:99:44:29:f2:44:89:55:61:0f:1a:a6:e8:6b:bb:85:15:42:
4b:79:3b:44:ba:8b:a1:1d:27:5e:87:fa:52:43:ae:16:c1:bd:
69:57:10:01:7f:00:4a:8b:bd:30:bf:37:46:10:ea:b3:1a:b6:
f2:ce:15:6d:75:43:36:d2:f9:4d:75:e5:09:cb:03:78:5e:9b:
97:d1:37:4b:35:a4:9d:43:b4:e5:9e:7c:0e:90:b1:90:71:32:
da:2d:95:e7:ad:4e:e4:c2:49:71:09:33:17:ed:43:5b:3b:22:
e7:b2:06:61:3f:4c:7d:c8:ee:87:ba:d2:4c:2e:84:4b:8c:6a:
3d:18:27:da:6e:9b:3f:ba:b3:e8:18:67:fa:c9:55:46:85:52:
4a:25:9c:9f:d5:0a:6b:69:23:8b:06:53:94:84:df:d7:43:77:
33:da:bb:73:92:2b:bc:8f:23:d5:3d:46:56:b0:21:29:a7:a9:
99:e0:84:f1:73:0d:80:72:3d:aa:30:34:1f:84:6c:78:f7:c3:
5a:61:25:35
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUOFXTRZpwOYL423Fc6rD4tE47w/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMDJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdkYmViN2YyZDg1YjY5MzEyMzIyZDRjYjkxMzY1ZGM0NWZhMDBlNWJhMjcw
NDc1MTNjMzdjMjJlMWMyMjE3MmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMSg+bebMRo3GIRC2+Eqwmc6Q4VuNNq/EC/QoSWRTx9T1b8zWuNiV5FJYdnL
jqq9kRBsZRUKZegZxkjdsCRiQz2Nai51gFnK81mnwHl7oK+xsPZYLVebCL+LVqk6
sMPr3kbJjQmcter4uUwtVud+PsqWp2l5qhvg+Mmqcr1vSRWK+47485dscFRCG030
rvI87yRbtFIzR3ImGRWt48lNbS6XtojpfLaVT+PXA15OWvDw/ZTQlnh5tWHyJHPx
xhPrk580UxMHP3XcDF8RNhZx0Ob3EedXoc9uQjh7DxfYlAy6ZqPNW56YIDPxt8ff
KkzEwqN+kaigFlhBDs18wLpE7mUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTf8H7y
qCIWPmiNJhfzjdnIqfyEMTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzBjYzA3N2MtYzQ1Ny00OWZlLTgzNzMtMDhlOTc4Y2I2NGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB8P+ADAN
BgkqhkiG9w0BAQsFAAOCAQEAEOzb+cKyk0shp9uL6yrVl72rDlH6Qq6tNNMK0pLK
kD6BmZYVG9J2TIuoDR38Uji1fTVFhA1ZLJlEKfJEiVVhDxqm6Gu7hRVCS3k7RLqL
oR0nXof6UkOuFsG9aVcQAX8ASou9ML83RhDqsxq28s4VbXVDNtL5TXXlCcsDeF6b
l9E3SzWknUO05Z58DpCxkHEy2i2V561O5MJJcQkzF+1DWzsi57IGYT9Mfcjuh7rS
TC6ES4xqPRgn2m6bP7qz6Bhn+slVRoVSSiWcn9UKa2kjiwZTlITf10N3M9q7c5Ir
vI8j1T1GVrAhKaepmeCE8XMNgHI9qjA0H4RsePfDWmElNQ==
-----END CERTIFICATE-----
Generated at Wed Oct 29 02:56:11 2025 by rpki-client