Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
File: d485a465-65e9-4a19-a397-f29d1a36d166.roa (raw, json)
Hash identifier: 10cQSzoMPeZShIfB76HAeAaVilWyTxYBtXCgVIDC4wI=
Subject key identifier: 57:87:54:26:0A:1D:59:5A:B0:C9:CD:7D:B5:75:ED:50:DE:2C:47:B9
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 24C87E61B4F3011D17EF819793CCB673BE5A79E4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
Signing time: Tue 21 Oct 2025 15:00:30 +0000
ROA not before: Tue 21 Oct 2025 15:00:30 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 195.17.0.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 25 Oct 2025 08:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:c8:7e:61:b4:f3:01:1d:17:ef:81:97:93:cc:b6:73:be:5a:79:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 15:00:30 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=8397b7d9e852e9d29a1c3d50e0adfb020180a4648d8e94f328e225fee7e6096b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:65:8d:f4:45:f7:b5:10:f6:81:08:b8:37:b9:
78:6f:51:7b:99:44:76:41:1a:31:06:bd:18:73:d9:
11:5d:63:56:99:79:3d:e8:8f:2d:df:bb:8a:ee:2e:
e0:66:2e:38:ae:90:8d:59:d2:82:b9:56:d0:66:e2:
72:dc:af:0a:52:4b:54:39:2f:b4:34:e7:69:55:6e:
19:63:eb:74:89:ae:51:eb:4d:37:d2:67:d7:f8:a7:
ff:92:68:b8:73:e6:d4:72:08:12:76:04:ed:11:c6:
84:99:1e:81:fc:08:79:39:aa:f2:4e:29:cf:61:5c:
2d:e4:cd:07:17:05:fb:a1:3a:f7:55:f8:97:02:b1:
91:62:3e:0b:56:2a:db:14:25:60:07:1b:15:36:1b:
7c:54:fd:5a:0a:56:c3:0d:3e:c3:4d:4b:3b:b6:a1:
48:7b:40:48:62:e8:11:b3:8e:a2:c0:06:e0:79:d0:
61:cb:6d:6f:b5:af:66:63:ac:dd:44:79:ce:8b:3b:
2a:fa:ae:bf:62:9a:df:1c:60:9c:d8:12:bb:6a:2c:
ec:ba:69:16:1c:31:f1:d2:df:21:36:2d:a5:2c:ca:
eb:b4:71:67:c9:4d:0c:93:1e:f4:e6:ea:3b:3c:11:
78:73:83:52:ea:7d:e7:52:87:4e:53:fc:48:da:30:
de:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:87:54:26:0A:1D:59:5A:B0:C9:CD:7D:B5:75:ED:50:DE:2C:47:B9
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.17.0.0/24
Signature Algorithm: sha256WithRSAEncryption
ad:65:c9:45:3f:a4:d7:f1:e6:16:c8:34:86:fe:9d:80:ee:0c:
c4:ac:62:e7:9b:2d:c5:83:7d:b2:5a:09:6e:05:49:4b:d5:15:
ee:92:ed:31:6b:69:e0:03:fd:02:54:6d:cd:f6:db:1f:eb:ea:
41:c9:3d:ee:98:84:f2:0d:09:34:8a:1a:8b:be:4b:38:8b:96:
33:cd:97:cf:48:52:fb:19:9e:13:e3:e8:6c:16:df:0c:b3:dc:
00:c4:3e:9c:9f:94:68:53:f4:e9:0c:e3:32:af:ee:11:bf:14:
63:b4:cf:79:90:10:88:68:f7:0f:82:eb:33:9e:88:f3:40:9d:
60:6c:cf:8b:25:3e:13:b5:d1:14:0c:0c:49:7b:8c:02:73:66:
e5:b6:d3:87:56:8b:f7:45:28:33:23:2f:54:89:a6:54:76:6d:
2a:5e:7d:61:a7:91:71:ab:3b:a9:53:a6:ef:fb:48:4f:2f:de:
2b:4f:bf:49:ed:d0:75:b4:92:75:0a:f6:4c:20:4f:fb:85:e0:
d3:1e:6c:99:a3:ed:f7:1c:cc:6f:9f:f6:d5:d5:7a:b1:12:d9:
90:7a:9b:41:13:c1:37:30:e3:31:db:cb:82:25:9b:f1:47:36:
cf:3d:40:7c:ea:d3:8a:33:f7:0f:d6:d0:ac:b3:93:7b:4d:af:
bd:14:4a:c7
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUJMh+YbTzAR0X74GXk8y2c75aeeQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNTAwMzBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDgzOTdiN2Q5ZTg1MmU5ZDI5YTFjM2Q1MGUwYWRmYjAyMDE4MGE0NjQ4ZDhl
OTRmMzI4ZTIyNWZlZTdlNjA5NmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANdljfRF97UQ9oEIuDe5eG9Re5lEdkEaMQa9GHPZEV1jVpl5PeiPLd+7iu4u
4GYuOK6QjVnSgrlW0GbictyvClJLVDkvtDTnaVVuGWPrdImuUetNN9Jn1/in/5Jo
uHPm1HIIEnYE7RHGhJkegfwIeTmq8k4pz2FcLeTNBxcF+6E691X4lwKxkWI+C1Yq
2xQlYAcbFTYbfFT9WgpWww0+w01LO7ahSHtASGLoEbOOosAG4HnQYcttb7WvZmOs
3UR5zos7Kvquv2Ka3xxgnNgSu2os7LppFhwx8dLfITYtpSzK67RxZ8lNDJMe9Obq
OzwReHODUup951KHTlP8SNow3iUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRXh1Qm
Ch1ZWrDJzX21de1Q3ixHuTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDQ4NWE0NjUtNjVlOS00YTE5LWEzOTctZjI5ZDFhMzZkMTY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMRADAN
BgkqhkiG9w0BAQsFAAOCAQEArWXJRT+k1/HmFsg0hv6dgO4MxKxi55stxYN9sloJ
bgVJS9UV7pLtMWtp4AP9AlRtzfbbH+vqQck97piE8g0JNIoai75LOIuWM82Xz0hS
+xmeE+PobBbfDLPcAMQ+nJ+UaFP06QzjMq/uEb8UY7TPeZAQiGj3D4LrM56I80Cd
YGzPiyU+E7XRFAwMSXuMAnNm5bbTh1aL90UoMyMvVImmVHZtKl59YaeRcas7qVOm
7/tITy/eK0+/Se3QdbSSdQr2TCBP+4Xg0x5smaPt9xzMb5/21dV6sRLZkHqbQRPB
NzDjMdvLgiWb8Uc2zz1AfOrTijP3D9bQrLOTe02vvRRKxw==
-----END CERTIFICATE-----
Generated at Fri Oct 24 14:10:14 2025 by rpki-client