Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
File: ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa (raw, json)
Hash identifier: t+JdTWqb6caDskTlVca/DIa9ip6Fv8XwDxf4yp78e0A=
Subject key identifier: 81:20:5C:81:D0:7A:F0:4A:51:C5:50:95:64:2D:F8:47:CD:16:05:65
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 76046CF585110F5A8EED72107520D1264005A57F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
Signing time: Sat 15 Nov 2025 06:50:32 +0000
ROA not before: Sat 15 Nov 2025 06:50:32 +0000
ROA not after: Sat 20 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 57.99.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:04:6c:f5:85:11:0f:5a:8e:ed:72:10:75:20:d1:26:40:05:a5:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Nov 15 06:50:32 2025 GMT
Not After : Dec 20 23:59:59 2025 GMT
Subject: serialNumber=2f9bdda6e091e0175e2e4304e707241859893b342cabbfee2cf3d006edf1db19, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:23:0d:15:9c:7a:5e:95:e2:7d:e9:9f:ea:c2:
12:d8:6f:21:17:02:44:e5:d4:16:98:43:ee:85:70:
77:a6:a3:1b:ef:7e:fc:11:8a:12:53:e1:b0:0f:e3:
c0:b6:66:cf:10:bb:c2:58:22:85:c0:6e:b5:36:a1:
09:67:18:49:84:f0:a7:57:12:a6:bd:82:75:4f:fd:
68:fe:00:85:ff:94:bf:62:46:1e:86:93:ff:be:74:
52:99:fc:b7:73:fa:7f:5a:26:9f:f1:9f:07:fd:10:
96:a5:09:38:d2:46:e5:6a:ae:16:72:4b:d6:99:9f:
b4:b1:48:cc:42:3c:3a:d1:66:9f:61:9b:67:20:54:
81:83:4c:d7:4a:c7:6f:45:e2:8f:2e:c5:f5:48:9b:
05:a2:20:b3:8f:eb:fb:ad:28:36:8e:8b:c5:bd:6c:
83:30:37:c4:10:f1:06:62:3d:5b:6a:d1:28:5c:76:
5d:f1:b4:04:6e:5e:6c:03:f5:8a:02:2f:39:1b:c0:
3a:f8:42:b9:d8:f9:86:7d:f8:fe:9d:58:b0:98:a5:
ca:a3:9a:49:19:7f:15:21:19:b8:30:50:e0:9d:20:
e5:8e:6c:c3:11:af:e0:c5:e7:36:0f:fe:6b:37:9b:
03:96:62:83:b0:c5:47:95:12:3c:6c:ad:c7:b3:9b:
ca:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:20:5C:81:D0:7A:F0:4A:51:C5:50:95:64:2D:F8:47:CD:16:05:65
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
57.99.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9b:6d:a3:a9:cf:38:ff:d1:5d:d1:0a:a8:19:6f:6b:9d:a0:89:
ba:79:e6:81:f7:79:86:f7:9c:1a:65:83:3e:f0:34:b8:2c:f1:
20:f2:4d:c7:6f:59:b4:36:38:1f:77:38:17:86:67:8d:de:32:
10:a3:08:5a:7d:7e:04:e9:e7:51:42:20:76:75:54:f9:a6:cf:
62:d1:41:b7:4c:9a:41:56:ee:61:91:50:25:97:23:e7:f1:a0:
95:db:03:33:28:a8:77:62:81:e3:55:5b:73:93:25:5c:27:41:
9a:57:21:61:bf:b4:83:42:24:35:6f:95:be:6d:14:ca:bd:10:
d5:02:83:6e:4d:46:e0:ee:d2:9d:c0:bc:54:9b:84:a0:7a:5c:
a1:d8:b7:05:9c:40:d2:b9:e4:e4:09:f7:1e:67:e5:c8:0d:74:
1a:dd:5b:4e:c9:d1:96:9e:09:2e:bf:a8:12:b3:3b:2c:f6:17:
35:cb:04:d2:26:7f:75:79:95:46:e2:07:da:6b:c8:d5:d4:c3:
e0:b8:a0:e2:3a:eb:a0:db:5d:7b:35:1e:f7:8c:2b:f5:fa:95:
ed:a8:c1:93:ca:38:86:c5:4b:4c:f3:ed:a5:0a:74:82:05:4a:
ec:6d:4d:fe:c2:89:fe:a3:e4:50:c2:19:2c:7e:c7:1d:51:7b:
a3:cf:65:48
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdgRs9YURD1qO7XIQdSDRJkAFpX8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTExMTUwNjUwMzJaFw0yNTEyMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmOWJkZGE2ZTA5MWUwMTc1ZTJlNDMwNGU3MDcyNDE4NTk4OTNiMzQyY2Fi
YmZlZTJjZjNkMDA2ZWRmMWRiMTkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKEjDRWcel6V4n3pn+rCEthvIRcCROXUFphD7oVwd6ajG+9+/BGKElPhsA/j
wLZmzxC7wlgihcButTahCWcYSYTwp1cSpr2CdU/9aP4Ahf+Uv2JGHoaT/750Upn8
t3P6f1omn/GfB/0QlqUJONJG5WquFnJL1pmftLFIzEI8OtFmn2GbZyBUgYNM10rH
b0Xijy7F9UibBaIgs4/r+60oNo6Lxb1sgzA3xBDxBmI9W2rRKFx2XfG0BG5ebAP1
igIvORvAOvhCudj5hn34/p1YsJilyqOaSRl/FSEZuDBQ4J0g5Y5swxGv4MXnNg/+
azebA5Zig7DFR5USPGytx7ObymsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSBIFyB
0HrwSlHFUJVkLfhHzRYFZTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2U4N2RiYjktNDQxMy00MmMyLWJhODEtNDRjY2RmOTViZDJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADljMA0G
CSqGSIb3DQEBCwUAA4IBAQCbbaOpzzj/0V3RCqgZb2udoIm6eeaB93mG95waZYM+
8DS4LPEg8k3Hb1m0NjgfdzgXhmeN3jIQowhafX4E6edRQiB2dVT5ps9i0UG3TJpB
Vu5hkVAllyPn8aCV2wMzKKh3YoHjVVtzkyVcJ0GaVyFhv7SDQiQ1b5W+bRTKvRDV
AoNuTUbg7tKdwLxUm4Sgelyh2LcFnEDSueTkCfceZ+XIDXQa3VtOydGWngkuv6gS
szss9hc1ywTSJn91eZVG4gfaa8jV1MPguKDiOuug2117NR73jCv1+pXtqMGTyjiG
xUtM8+2lCnSCBUrsbU3+won+o+RQwhksfscdUXujz2VI
-----END CERTIFICATE-----
Generated at Mon Nov 17 14:22:21 2025 by rpki-client