Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
File: dc5d2309-ce0f-4816-b8d0-260ce079f694.roa (raw, json)
Hash identifier: 7hMZHkt8Po04DFAS0wk3iw0UQBPqVzA+1K+WEpgCT2Q=
Subject key identifier: 98:39:A4:BD:B8:E0:EE:CE:71:DD:7B:F1:91:E3:94:9D:F4:DA:7F:3D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5576447D9CA09A2453C1C3F058F5A8130458ED6E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
Signing time: Fri 26 Sep 2025 20:21:09 +0000
ROA not before: Fri 26 Sep 2025 20:21:09 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 212.255.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:76:44:7d:9c:a0:9a:24:53:c1:c3:f0:58:f5:a8:13:04:58:ed:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:21:09 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=7a84abbfe21d2fe4d4a7196279c813716a3494e5685735c5e4648b51d5b2bfbe, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:52:a4:ef:22:37:17:16:b0:a1:3f:35:ed:cc:
c3:91:69:23:ef:49:9a:d1:ad:49:81:f2:6e:b9:0c:
cc:c6:3c:e6:24:5f:f1:aa:95:0d:ca:0e:5b:7c:71:
ec:de:7a:b1:79:99:71:bb:51:7d:75:33:cf:df:2c:
da:a2:ae:1a:1a:59:e7:7e:78:47:0a:c1:10:a2:5e:
ea:d1:4d:31:c1:e0:79:d4:f0:6b:97:50:fd:20:67:
8f:2c:fe:a7:98:3f:23:24:9f:ac:b3:c4:1c:31:a0:
be:9a:df:26:99:e0:3e:ee:a3:ec:53:13:16:a7:e8:
c7:00:f5:f9:bc:6f:3d:fa:fb:68:63:ae:6f:6c:59:
da:7c:61:dc:d5:dc:c2:ee:58:5d:df:5f:96:f7:59:
db:3a:90:e9:59:45:46:39:cd:e5:13:d4:16:76:c0:
37:5c:96:bd:d5:9a:dd:b4:e0:a4:ac:b6:cb:54:af:
7d:b6:99:3a:08:7a:86:e0:bc:7d:ba:ed:9d:f8:19:
09:34:34:96:96:24:4e:c8:cc:d0:6e:be:72:c1:c9:
ad:db:9f:df:df:fb:a2:d2:16:33:90:a3:d5:75:23:
78:73:45:d0:da:b8:54:20:40:9f:1d:96:a1:47:5b:
55:b1:ef:17:9f:3a:91:2c:a9:dc:c0:45:fe:09:56:
08:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:39:A4:BD:B8:E0:EE:CE:71:DD:7B:F1:91:E3:94:9D:F4:DA:7F:3D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.255.0.0/16
Signature Algorithm: sha256WithRSAEncryption
97:fc:a6:6d:2b:cd:9e:64:74:f4:88:53:0b:ce:0a:d1:91:35:
e4:2d:19:a6:30:64:9e:e3:71:af:69:12:8e:91:bc:7f:41:2d:
fd:90:f0:70:0e:00:ff:a5:fb:15:e9:b6:15:45:3c:f8:37:d5:
dd:19:2e:af:5e:ee:a8:eb:f1:85:99:f9:dc:5b:3c:95:d7:09:
71:d0:54:43:6d:71:48:87:2f:f1:36:21:83:32:7a:61:d2:ae:
8a:af:8e:3d:75:7d:1d:74:da:d2:b3:3e:fd:05:56:ff:b5:de:
71:bf:76:30:e9:d3:46:ce:4d:96:4a:4f:ce:dc:b0:a1:20:b7:
33:46:9a:3e:90:45:5b:f1:4d:b1:bb:e4:6b:d4:a6:fa:03:e1:
11:9e:64:9f:3c:8d:89:49:41:4f:da:86:74:58:50:ab:77:ce:
8b:f8:94:49:32:f4:73:d7:64:82:ca:88:a5:bf:ca:11:af:79:
00:75:e1:94:87:63:75:0e:a9:e6:70:81:8b:84:13:9a:06:52:
9f:3e:de:02:34:60:a8:aa:e0:2d:12:0a:1a:f8:b5:0a:42:0a:
fa:19:e4:aa:2d:12:c7:7d:c2:d0:73:03:9c:7b:13:7d:d7:80:
ef:d5:13:7f:ec:4e:5f:a0:b5:90:00:4f:95:22:1c:17:97:c0:
97:55:43:dd
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVXZEfZygmiRTwcPwWPWoEwRY7W4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIxMDlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDdhODRhYmJmZTIxZDJmZTRkNGE3MTk2Mjc5YzgxMzcxNmEzNDk0ZTU2ODU3
MzVjNWU0NjQ4YjUxZDViMmJmYmUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOhSpO8iNxcWsKE/Ne3Mw5FpI+9JmtGtSYHybrkMzMY85iRf8aqVDcoOW3xx
7N56sXmZcbtRfXUzz98s2qKuGhpZ5354RwrBEKJe6tFNMcHgedTwa5dQ/SBnjyz+
p5g/IySfrLPEHDGgvprfJpngPu6j7FMTFqfoxwD1+bxvPfr7aGOub2xZ2nxh3NXc
wu5YXd9flvdZ2zqQ6VlFRjnN5RPUFnbAN1yWvdWa3bTgpKy2y1SvfbaZOgh6huC8
fbrtnfgZCTQ0lpYkTsjM0G6+csHJrduf39/7otIWM5Cj1XUjeHNF0Nq4VCBAnx2W
oUdbVbHvF586kSyp3MBF/glWCGECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSYOaS9
uODuznHde/GR45Sd9Np/PTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGM1ZDIzMDktY2UwZi00ODE2LWI4ZDAtMjYwY2UwNzlmNjk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDANT/MA0G
CSqGSIb3DQEBCwUAA4IBAQCX/KZtK82eZHT0iFMLzgrRkTXkLRmmMGSe43GvaRKO
kbx/QS39kPBwDgD/pfsV6bYVRTz4N9XdGS6vXu6o6/GFmfncWzyV1wlx0FRDbXFI
hy/xNiGDMnph0q6Kr449dX0ddNrSsz79BVb/td5xv3Yw6dNGzk2WSk/O3LChILcz
Rpo+kEVb8U2xu+Rr1Kb6A+ERnmSfPI2JSUFP2oZ0WFCrd86L+JRJMvRz12SCyoil
v8oRr3kAdeGUh2N1DqnmcIGLhBOaBlKfPt4CNGCoquAtEgoa+LUKQgr6GeSqLRLH
fcLQcwOcexN914Dv1RN/7E5foLWQAE+VIhwXl8CXVUPd
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:53:01 2025 by rpki-client