Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fb2bc1bb-cbbe-4f6c-8ef3-eabfdb4fa7b9.roa
File: fb2bc1bb-cbbe-4f6c-8ef3-eabfdb4fa7b9.roa (raw, json)
Hash identifier: 7r326/b1BnYJo6ojEuknSgH4tySzKFKsa7d97cn6Sn8=
Subject key identifier: 3F:BD:E8:EF:C3:72:68:68:6D:43:E9:49:34:58:C2:3C:10:A2:60:CE
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 70ACEB99F8CFD1AC36D79D0612144F323B74E721
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fb2bc1bb-cbbe-4f6c-8ef3-eabfdb4fa7b9.roa
Signing time: Tue 05 Aug 2025 20:20:50 +0000
ROA not before: Tue 05 Aug 2025 20:20:50 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 212.167.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:ac:eb:99:f8:cf:d1:ac:36:d7:9d:06:12:14:4f:32:3b:74:e7:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:20:50 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=62067c1ed6a5a62a3852f5b0fe1e94af397017d8dcc39966ef8a6e715b63edc9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:0d:a5:f5:80:bc:e6:6f:ca:c6:9f:15:9b:17:
c3:3a:72:af:10:3e:96:70:73:da:bd:67:48:66:37:
3e:a5:c9:9e:29:fd:f9:5e:48:ef:05:98:92:15:ec:
f7:10:b0:d6:fd:12:a9:1c:3c:09:49:9f:71:03:d3:
d1:e9:c2:c3:44:65:50:a6:26:06:ee:fb:5f:58:04:
ca:9b:e3:da:7c:fb:2b:12:b3:d5:69:64:5d:66:c7:
8d:97:78:f0:11:29:44:97:8f:f6:ee:e8:ce:09:d9:
89:59:f8:d4:25:f4:aa:b7:04:c3:0a:0a:84:34:5b:
fd:d9:bf:db:d8:b6:6a:77:dc:ad:34:10:a2:f7:a0:
8b:02:c2:cd:de:6c:85:04:02:66:17:bf:5d:5f:ef:
db:86:45:91:2d:4e:aa:52:71:e9:1e:bf:72:a8:87:
06:18:51:9c:d1:75:a7:1c:11:b0:b8:98:df:f6:63:
5f:3b:5a:6a:f2:2a:21:e3:50:10:3f:fc:18:f6:91:
a9:c1:ca:64:1c:fe:bf:2d:05:5c:b8:a6:05:53:c7:
a1:2a:fe:b9:f8:af:5f:70:e4:c4:35:bf:04:4b:59:
4a:41:dd:ed:f2:57:9b:82:40:38:9b:97:d7:42:cd:
d6:4a:33:3a:e1:6d:74:5f:c2:ed:2a:80:a7:6a:95:
10:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:BD:E8:EF:C3:72:68:68:6D:43:E9:49:34:58:C2:3C:10:A2:60:CE
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fb2bc1bb-cbbe-4f6c-8ef3-eabfdb4fa7b9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.167.0.0/16
Signature Algorithm: sha256WithRSAEncryption
99:99:9b:15:2e:ab:43:9b:16:80:b5:6f:d8:55:47:f8:e8:ad:
09:ba:20:e3:4f:a7:60:fc:41:0f:ba:60:8b:46:5f:9a:98:ac:
8f:67:7e:1b:90:b8:16:85:a2:74:27:9d:fa:d1:27:7c:82:8e:
60:c5:a8:65:9c:70:a8:bc:e7:82:5a:a5:56:1e:9d:52:e8:48:
bf:42:b4:8c:fc:e0:a4:2b:0e:76:86:72:e2:fa:c0:70:7f:17:
62:90:2c:05:1c:c7:cd:92:39:07:ee:7b:3c:39:5e:e9:a6:2c:
86:31:29:21:0e:82:ac:ac:ce:f2:b3:e0:21:7b:43:3e:e3:c7:
ef:bf:5b:f3:b5:87:3c:f5:49:0d:d0:3f:d8:27:dd:99:6e:33:
9d:e6:78:5f:a1:e9:da:ac:4b:ff:a5:c4:53:59:1e:58:fe:fb:
bc:53:c9:05:fb:4c:d8:a6:ae:11:98:e4:d5:be:44:5e:50:9d:
97:71:98:eb:68:e9:a3:e7:81:69:ab:04:70:10:c5:8e:c6:3f:
0b:ff:ca:c1:72:5e:c8:9e:22:41:d5:b1:a6:ff:22:3a:d6:6d:
70:76:d8:af:b5:93:3c:16:6a:81:64:73:b4:41:ab:1e:98:8c:
77:1d:45:aa:2c:d2:96:6c:32:94:5a:6a:8e:55:41:45:2b:f0:
ba:ca:cd:ff
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUcKzrmfjP0aw2150GEhRPMjt05yEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDIwNTBaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDYyMDY3YzFlZDZhNWE2MmEzODUyZjViMGZlMWU5NGFmMzk3MDE3ZDhkY2Mz
OTk2NmVmOGE2ZTcxNWI2M2VkYzkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMkNpfWAvOZvysafFZsXwzpyrxA+lnBz2r1nSGY3PqXJnin9+V5I7wWYkhXs
9xCw1v0SqRw8CUmfcQPT0enCw0RlUKYmBu77X1gEypvj2nz7KxKz1WlkXWbHjZd4
8BEpRJeP9u7ozgnZiVn41CX0qrcEwwoKhDRb/dm/29i2anfcrTQQovegiwLCzd5s
hQQCZhe/XV/v24ZFkS1OqlJx6R6/cqiHBhhRnNF1pxwRsLiY3/ZjXztaavIqIeNQ
ED/8GPaRqcHKZBz+vy0FXLimBVPHoSr+ufivX3DkxDW/BEtZSkHd7fJXm4JAOJuX
10LN1kozOuFtdF/C7SqAp2qVEPsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ/vejv
w3JoaG1D6Uk0WMI8EKJgzjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmIyYmMxYmItY2JiZS00ZjZjLThlZjMtZWFiZmRiNGZhN2I5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDANSnMA0G
CSqGSIb3DQEBCwUAA4IBAQCZmZsVLqtDmxaAtW/YVUf46K0JuiDjT6dg/EEPumCL
Rl+amKyPZ34bkLgWhaJ0J5360Sd8go5gxahlnHCovOeCWqVWHp1S6Ei/QrSM/OCk
Kw52hnLi+sBwfxdikCwFHMfNkjkH7ns8OV7ppiyGMSkhDoKsrM7ys+Ahe0M+48fv
v1vztYc89UkN0D/YJ92ZbjOd5nhfoenarEv/pcRTWR5Y/vu8U8kF+0zYpq4RmOTV
vkReUJ2XcZjraOmj54FpqwRwEMWOxj8L/8rBcl7IniJB1bGm/yI61m1wdtivtZM8
FmqBZHO0QasemIx3HUWqLNKWbDKUWmqOVUFFK/C6ys3/
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:37:23 2025 by rpki-client