Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
File: ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa (raw, json)
Hash identifier: CesQ+9iWWe5PEIUHQYOXBmxvBbNureWwoGO6Izd/zPU=
Subject key identifier: AB:59:44:43:5D:DE:FC:7C:A1:3E:A1:9B:0C:28:07:B2:00:66:53:44
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1ACB553CEF0EE11556FD0002EEE33316EAF60D3E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
Signing time: Tue 05 Aug 2025 20:30:50 +0000
ROA not before: Tue 05 Aug 2025 20:30:50 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 57.99.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:cb:55:3c:ef:0e:e1:15:56:fd:00:02:ee:e3:33:16:ea:f6:0d:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:30:50 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=c73a286c01ebfab6af64083ef66defe013b0677ddb27fdc467723d48d75a1f96, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:0a:8f:e6:17:69:36:32:cf:f8:32:0b:00:ff:
df:ba:e1:fa:73:bc:2b:43:86:cc:c6:27:a6:e4:0a:
66:9b:40:1e:5a:f4:28:99:7b:78:7b:c7:85:15:72:
30:1e:77:f5:47:a5:4a:1b:c8:fc:30:f9:d0:c8:14:
66:ca:33:75:e1:b8:c4:51:1a:68:26:31:e1:89:32:
45:ec:6a:b8:c5:b7:83:e7:a6:76:2c:be:4c:7d:a5:
a4:68:a6:36:73:16:45:2a:42:82:23:c2:45:50:e2:
4c:2d:e1:d6:08:a7:8e:68:93:61:16:c2:2f:77:b4:
90:3b:a9:1b:d4:f6:63:5c:44:ef:d7:e2:68:c4:3b:
fc:05:8b:a3:7f:38:6e:03:d1:d6:c5:64:b1:84:27:
00:dc:d1:bf:4d:c0:ec:31:c7:72:a7:1a:a3:cc:0e:
1d:be:88:a6:9d:20:6e:55:8b:0c:f7:ae:a2:1f:88:
a8:75:a0:e9:5a:89:8f:f4:44:ee:8e:e4:43:76:5e:
db:03:65:d5:54:5c:6f:3f:b8:7d:28:cd:18:ae:54:
a8:2b:5d:75:fe:f8:4a:72:99:47:ce:0a:dd:15:e4:
6d:0a:17:bd:87:c4:95:34:b3:58:2f:79:52:c4:60:
37:5d:41:8c:7f:d1:a9:4b:c9:1b:4e:3b:99:c3:6e:
57:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:59:44:43:5D:DE:FC:7C:A1:3E:A1:9B:0C:28:07:B2:00:66:53:44
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
57.99.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ac:05:d5:b6:de:33:66:81:f5:27:81:ba:a0:a5:5f:37:76:f9:
54:4a:ab:08:3d:e1:ea:e6:ee:7b:ab:6e:5d:73:3f:23:a8:41:
8f:01:9e:80:38:60:2b:6f:85:16:86:7a:61:08:3a:c8:51:48:
80:b6:4d:7e:b6:dd:70:6a:ab:e6:f3:a7:65:9b:b3:be:24:3d:
67:c3:8f:a9:b3:2d:68:1d:db:05:be:1d:93:21:54:68:56:54:
55:e1:90:45:67:e5:0a:2b:41:6b:8d:70:93:9d:c6:c4:24:e3:
af:17:4c:94:29:0b:df:1e:c2:38:4a:f8:3c:a4:91:26:81:20:
e5:95:d2:f5:50:94:48:15:dd:07:79:74:fe:4f:30:43:33:05:
92:e1:4d:49:23:23:2f:fa:e0:0c:7a:9a:48:02:84:ee:98:21:
7a:51:5f:6a:9e:e3:c8:00:7e:09:af:81:23:4f:4d:6f:4f:d0:
7e:ba:fd:32:06:b1:96:85:cd:19:75:c0:da:8b:7f:d9:38:52:
a2:85:5d:f0:69:0e:a4:a8:75:ed:cc:ca:96:e1:0d:d5:90:89:
72:94:ad:70:b2:e8:d5:88:c1:ae:78:2c:a2:88:43:d4:b2:c1:
75:ac:93:9d:2f:3a:35:c4:74:dc:41:65:16:6d:89:85:b7:f8:
a0:8b:e3:5a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUGstVPO8O4RVW/QAC7uMzFur2DT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDMwNTBaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM3M2EyODZjMDFlYmZhYjZhZjY0MDgzZWY2NmRlZmUwMTNiMDY3N2RkYjI3
ZmRjNDY3NzIzZDQ4ZDc1YTFmOTYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI4Kj+YXaTYyz/gyCwD/37rh+nO8K0OGzMYnpuQKZptAHlr0KJl7eHvHhRVy
MB539UelShvI/DD50MgUZsozdeG4xFEaaCYx4YkyRexquMW3g+emdiy+TH2lpGim
NnMWRSpCgiPCRVDiTC3h1ginjmiTYRbCL3e0kDupG9T2Y1xE79fiaMQ7/AWLo384
bgPR1sVksYQnANzRv03A7DHHcqcao8wOHb6Ipp0gblWLDPeuoh+IqHWg6VqJj/RE
7o7kQ3Ze2wNl1VRcbz+4fSjNGK5UqCtddf74SnKZR84K3RXkbQoXvYfElTSzWC95
UsRgN11BjH/RqUvJG047mcNuV00CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSrWURD
Xd78fKE+oZsMKAeyAGZTRDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2U4N2RiYjktNDQxMy00MmMyLWJhODEtNDRjY2RmOTViZDJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADljMA0G
CSqGSIb3DQEBCwUAA4IBAQCsBdW23jNmgfUngbqgpV83dvlUSqsIPeHq5u57q25d
cz8jqEGPAZ6AOGArb4UWhnphCDrIUUiAtk1+tt1waqvm86dlm7O+JD1nw4+psy1o
HdsFvh2TIVRoVlRV4ZBFZ+UKK0FrjXCTncbEJOOvF0yUKQvfHsI4Svg8pJEmgSDl
ldL1UJRIFd0HeXT+TzBDMwWS4U1JIyMv+uAMeppIAoTumCF6UV9qnuPIAH4Jr4Ej
T01vT9B+uv0yBrGWhc0ZdcDai3/ZOFKihV3waQ6kqHXtzMqW4Q3VkIlylK1wsujV
iMGueCyiiEPUssF1rJOdLzo1xHTcQWUWbYmFt/igi+Na
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:37:52 2025 by rpki-client