Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
File: ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa (raw, json)
Hash identifier: ki8zaDeRdCVHeKl068AtnjPRoCdqyPVfRzgnA3z++QE=
Subject key identifier: 78:A4:60:FB:4E:6D:C5:67:CE:DF:AB:84:53:C7:A8:A0:C0:BC:F4:37
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5E0ABED1EA3A6F7EDB2AF856A8087673D197371E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
Signing time: Mon 01 Sep 2025 21:40:48 +0000
ROA not before: Mon 01 Sep 2025 21:40:48 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 57.99.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 16 Sep 2025 13:46:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:0a:be:d1:ea:3a:6f:7e:db:2a:f8:56:a8:08:76:73:d1:97:37:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:40:48 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=ee86e0cefe81466d08e2120f4244aab862b850b319efa935d2580b07a412b37e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:07:43:6d:b3:77:35:09:48:90:6d:ed:8f:9f:
34:72:51:8e:c8:44:e7:42:0b:93:e1:ab:8b:b8:cd:
b7:d7:c6:60:16:5e:28:8d:87:18:23:d2:61:31:c7:
43:23:29:64:c9:20:86:90:57:b7:f6:f1:54:33:22:
64:c1:32:41:0f:2e:44:9b:c3:d3:a7:f2:21:89:c4:
cd:d2:8d:f1:1c:2f:e8:5e:2f:ee:81:63:10:a1:aa:
e7:7a:0c:e8:e5:59:23:ba:16:72:40:f3:58:93:ef:
7c:82:57:74:d8:87:a0:92:d3:11:f1:5d:7c:f2:55:
26:a5:69:35:e3:25:67:50:22:9e:5f:bb:67:a1:30:
c8:a0:2f:75:ab:61:98:e4:db:fb:21:cc:b9:d8:65:
d0:4d:41:1f:94:a3:6d:f7:2a:54:7b:06:c4:97:1e:
c6:b2:aa:f9:ca:28:2b:97:02:70:2a:59:61:4c:94:
69:7f:80:54:50:80:f0:04:a1:6e:78:88:95:c7:04:
8b:32:3a:1d:92:54:4f:1d:52:9a:6c:82:56:86:73:
91:1f:36:fb:96:6e:20:bd:cd:44:d4:01:11:df:17:
e8:22:e7:18:12:e3:1d:ca:1b:af:9b:05:b1:5b:bb:
20:b0:c8:b4:68:8f:86:84:60:2c:13:ba:99:da:11:
46:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:A4:60:FB:4E:6D:C5:67:CE:DF:AB:84:53:C7:A8:A0:C0:BC:F4:37
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
57.99.0.0/16
Signature Algorithm: sha256WithRSAEncryption
78:59:18:ae:9e:5c:04:1a:d6:d9:d8:2d:a2:89:d4:dc:f2:42:
fb:bc:05:eb:49:ea:7e:54:9a:17:e1:f6:46:76:67:b4:21:c6:
63:19:fe:ee:df:4d:ea:a4:73:07:08:8a:47:ab:1d:d9:b3:59:
c7:ec:7b:d4:b1:17:ef:76:3c:c8:4e:28:da:cb:86:1d:29:0a:
66:9c:09:48:59:83:d8:cd:be:36:08:24:37:ec:a4:d7:d3:c6:
33:8c:4e:ef:13:23:d8:7e:b3:9c:54:23:33:27:a2:6c:14:df:
9d:a6:b2:f0:c8:94:a2:b1:ce:47:3d:02:0e:21:48:50:dd:c8:
5f:1a:7c:c3:26:32:69:88:a0:fd:6d:75:41:fb:31:9f:b1:45:
ae:3a:ef:4d:1a:a2:fd:87:63:05:c8:29:70:fe:fc:51:dd:a8:
c2:e3:7e:d0:ff:f9:ef:62:57:42:f5:0d:11:54:6b:46:66:24:
4f:80:0b:5b:12:52:50:a4:ab:eb:97:45:0c:d9:c2:d6:7b:f1:
3f:25:76:66:8b:18:da:f5:c3:a0:26:7f:4f:a3:64:a5:5c:9d:
06:06:6a:e0:fe:ca:ca:2e:e3:ed:67:56:d1:1c:97:68:f6:19:
ce:f0:de:6b:7d:53:ce:f7:63:ec:e3:6d:52:14:10:7c:ac:aa:
a7:8f:f7:0e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXgq+0eo6b37bKvhWqAh2c9GXNx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTQwNDhaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGVlODZlMGNlZmU4MTQ2NmQwOGUyMTIwZjQyNDRhYWI4NjJiODUwYjMxOWVm
YTkzNWQyNTgwYjA3YTQxMmIzN2UxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMHQ22zdzUJSJBt7Y+fNHJRjshE50ILk+Gri7jNt9fGYBZeKI2HGCPSYTHH
QyMpZMkghpBXt/bxVDMiZMEyQQ8uRJvD06fyIYnEzdKN8Rwv6F4v7oFjEKGq53oM
6OVZI7oWckDzWJPvfIJXdNiHoJLTEfFdfPJVJqVpNeMlZ1Ainl+7Z6EwyKAvdath
mOTb+yHMudhl0E1BH5SjbfcqVHsGxJcexrKq+cooK5cCcCpZYUyUaX+AVFCA8ASh
bniIlccEizI6HZJUTx1SmmyCVoZzkR82+5ZuIL3NRNQBEd8X6CLnGBLjHcobr5sF
sVu7ILDItGiPhoRgLBO6mdoRRh0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR4pGD7
Tm3FZ87fq4RTx6igwLz0NzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2U4N2RiYjktNDQxMy00MmMyLWJhODEtNDRjY2RmOTViZDJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADljMA0G
CSqGSIb3DQEBCwUAA4IBAQB4WRiunlwEGtbZ2C2iidTc8kL7vAXrSep+VJoX4fZG
dme0IcZjGf7u303qpHMHCIpHqx3Zs1nH7HvUsRfvdjzITijay4YdKQpmnAlIWYPY
zb42CCQ37KTX08YzjE7vEyPYfrOcVCMzJ6JsFN+dprLwyJSisc5HPQIOIUhQ3chf
GnzDJjJpiKD9bXVB+zGfsUWuOu9NGqL9h2MFyClw/vxR3ajC437Q//nvYldC9Q0R
VGtGZiRPgAtbElJQpKvrl0UM2cLWe/E/JXZmixja9cOgJn9Po2SlXJ0GBmrg/srK
LuPtZ1bRHJdo9hnO8N5rfVPO92Ps421SFBB8rKqnj/cO
-----END CERTIFICATE-----
Generated at Mon Sep 15 22:23:36 2025 by rpki-client