Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c3872047-e1f4-4ee3-832d-c624ea352355.roa
File: c3872047-e1f4-4ee3-832d-c624ea352355.roa (raw, json)
Hash identifier: BP9e18RWeWyVmf/Ko7QNlCo4EwrpijAib2Xm1rwY22g=
Subject key identifier: 13:25:70:D0:FD:A7:22:4D:74:5B:D0:02:71:BB:47:6C:92:AF:DD:1D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 28C6699574CA4733E9682CB20F0A956AF6D07C33
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c3872047-e1f4-4ee3-832d-c624ea352355.roa
Signing time: Mon 01 Sep 2025 21:20:19 +0000
ROA not before: Mon 01 Sep 2025 21:20:19 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 193.57.169.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 19 Sep 2025 00:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:c6:69:95:74:ca:47:33:e9:68:2c:b2:0f:0a:95:6a:f6:d0:7c:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:20:19 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=cb5d6c6a368a6ce87fd93f26b210cffbc2b559f605713322c8520987cc79dc97, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:58:7f:0f:24:2a:93:9e:85:44:5e:85:12:b7:
7d:57:1d:83:5f:6f:66:22:5b:f0:25:f3:e0:b6:05:
6f:25:b3:3c:e5:92:cc:65:b3:7d:62:60:b0:5c:75:
42:e6:3d:37:b2:3c:30:d5:11:03:c2:1a:94:31:0a:
47:8a:4d:f4:fc:9a:97:23:33:c1:63:df:2b:f1:21:
89:3a:cd:a0:20:c0:8d:15:ea:19:5f:c2:67:91:6c:
7d:d2:d7:66:c4:90:89:c3:90:1c:08:9c:e7:47:62:
3e:64:39:4f:14:22:7a:97:c2:f4:7e:5f:0e:e7:bc:
ee:94:9d:3a:e4:ce:3c:1f:84:a4:7c:e2:96:6c:50:
a5:e6:d8:59:28:de:d4:0e:13:f6:8f:08:10:99:ec:
b1:29:58:19:e5:03:f7:f4:ed:bc:f0:6e:47:d4:2d:
c5:21:cf:88:d2:57:3d:83:b2:13:62:5f:d0:fb:9b:
f6:d2:1c:31:d8:d7:71:1b:3a:53:90:bb:d4:1c:ad:
0e:f8:74:71:55:de:fb:64:27:aa:52:12:01:fe:72:
28:96:bf:c1:95:d9:b1:1f:36:3b:b0:dd:42:b8:0c:
2a:71:a7:c8:b6:e0:05:12:e2:d7:72:fe:cd:54:0f:
9e:85:74:30:13:f3:4d:8c:96:bd:6a:0f:8c:a8:52:
cc:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:25:70:D0:FD:A7:22:4D:74:5B:D0:02:71:BB:47:6C:92:AF:DD:1D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c3872047-e1f4-4ee3-832d-c624ea352355.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.57.169.0/24
Signature Algorithm: sha256WithRSAEncryption
83:bb:0c:54:b8:c0:0d:59:00:73:d3:28:5b:be:95:05:ee:8d:
ff:9d:5e:aa:eb:c3:79:f3:7a:8d:bd:df:9e:0f:88:8b:ee:59:
80:a1:69:b8:85:c0:60:c9:33:75:bf:8b:d1:3f:a2:73:f1:bd:
ce:aa:cb:b2:01:04:af:5e:a5:9f:36:7e:88:46:19:78:c7:aa:
ec:a2:d3:79:e2:f1:26:0a:9b:e9:b0:cb:2e:50:86:47:57:50:
bf:65:25:87:21:6d:3a:cc:d3:f5:50:77:4d:c8:29:60:5f:cd:
7b:45:22:e8:24:a3:8e:49:21:e1:d1:53:b8:a0:dc:ab:51:4e:
b0:9c:cb:93:41:8e:aa:d7:82:f6:52:c8:28:94:3f:c0:aa:28:
46:bf:24:61:d8:2b:74:b3:48:de:5f:06:e8:fb:e0:38:19:22:
70:02:32:75:c2:8d:e2:7a:37:a5:1f:f0:e1:09:39:98:77:e1:
2c:3f:23:88:3e:83:47:31:41:84:92:6b:0c:46:42:28:77:ab:
f2:61:42:8c:b5:d6:8e:cf:05:b3:7b:e5:59:23:b3:8b:9d:b7:
d2:ad:5e:82:cd:10:27:7f:21:f8:32:75:f7:8c:3f:15:99:0f:
ae:c1:e9:a4:e6:1c:f7:31:f2:e0:7a:04:71:bd:78:ff:0b:14:
8f:a5:55:71
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUKMZplXTKRzPpaCyyDwqVavbQfDMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTIwMTlaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiNWQ2YzZhMzY4YTZjZTg3ZmQ5M2YyNmIyMTBjZmZiYzJiNTU5ZjYwNTcx
MzMyMmM4NTIwOTg3Y2M3OWRjOTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKRYfw8kKpOehURehRK3fVcdg19vZiJb8CXz4LYFbyWzPOWSzGWzfWJgsFx1
QuY9N7I8MNURA8IalDEKR4pN9PyalyMzwWPfK/EhiTrNoCDAjRXqGV/CZ5FsfdLX
ZsSQicOQHAic50diPmQ5TxQiepfC9H5fDue87pSdOuTOPB+EpHzilmxQpebYWSje
1A4T9o8IEJnssSlYGeUD9/TtvPBuR9QtxSHPiNJXPYOyE2Jf0Pub9tIcMdjXcRs6
U5C71BytDvh0cVXe+2QnqlISAf5yKJa/wZXZsR82O7DdQrgMKnGnyLbgBRLi13L+
zVQPnoV0MBPzTYyWvWoPjKhSzFcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQTJXDQ
/aciTXRb0AJxu0dskq/dHTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzM4NzIwNDctZTFmNC00ZWUzLTgzMmQtYzYyNGVhMzUyMzU1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAME5qTAN
BgkqhkiG9w0BAQsFAAOCAQEAg7sMVLjADVkAc9MoW76VBe6N/51equvDefN6jb3f
ng+Ii+5ZgKFpuIXAYMkzdb+L0T+ic/G9zqrLsgEEr16lnzZ+iEYZeMeq7KLTeeLx
Jgqb6bDLLlCGR1dQv2UlhyFtOszT9VB3TcgpYF/Ne0Ui6CSjjkkh4dFTuKDcq1FO
sJzLk0GOqteC9lLIKJQ/wKooRr8kYdgrdLNI3l8G6PvgOBkicAIydcKN4no3pR/w
4Qk5mHfhLD8jiD6DRzFBhJJrDEZCKHer8mFCjLXWjs8Fs3vlWSOzi5230q1egs0Q
J38h+DJ194w/FZkPrsHppOYc9zHy4HoEcb14/wsUj6VVcQ==
-----END CERTIFICATE-----
Generated at Thu Sep 18 08:17:42 2025 by rpki-client