Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
File: fc353215-935f-47d2-9298-767ccc0eae1a.roa (raw, json)
Hash identifier: djH7udXNnlUhUoDJm2Vj5NC209zA+n5iMSk/TBoY/9A=
Subject key identifier: F0:87:E9:C2:B3:DE:F3:B2:2C:5D:E8:78:9D:67:48:84:3B:A6:72:B7
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7DF94D9A93981B4DE88E404FF4E72F828840B308
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
Signing time: Tue 05 Aug 2025 20:30:52 +0000
ROA not before: Tue 05 Aug 2025 20:30:52 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 85.151.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7d:f9:4d:9a:93:98:1b:4d:e8:8e:40:4f:f4:e7:2f:82:88:40:b3:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:30:52 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=c40007ecfae2f8dc5a8176c6c5b76de05a9c0fb37459c733d78f0d940a681eaa, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:b9:59:ef:ba:41:f5:f3:0b:72:c2:52:fd:5a:
d8:33:78:1a:f9:ba:19:71:aa:18:04:8b:4a:d1:10:
fe:02:78:61:9f:62:bc:9c:b4:dd:16:c3:b8:11:17:
03:92:be:07:b6:cd:1f:05:94:b1:f7:24:9c:33:b5:
e5:f3:5b:da:22:82:ae:a4:16:05:5c:9d:68:6c:73:
90:3a:7b:f0:cf:57:77:76:03:22:c4:e6:27:2e:8d:
dd:d0:de:ae:28:a1:fe:84:b3:b5:7f:cb:a8:00:25:
70:53:31:ca:20:57:6d:3c:40:25:65:82:9b:9a:44:
b1:8b:42:a4:60:d2:af:65:da:4f:05:25:8e:25:39:
06:62:c2:e0:b1:e1:a8:0b:4a:38:92:aa:a1:55:8d:
a8:77:63:c9:6e:f0:c6:6d:f5:a3:47:0f:66:23:f5:
9f:c9:7b:66:66:ce:00:25:7b:dc:20:bb:6d:43:2e:
e9:98:9f:ba:f8:47:89:7f:f9:b7:0b:89:0c:15:e8:
2f:79:37:62:0a:95:41:ab:f8:f6:d1:fa:2e:43:76:
fa:e7:aa:37:3d:f7:a5:35:df:2e:49:20:05:0f:e3:
2b:aa:73:13:f0:cb:65:23:db:2d:6c:f2:28:37:6e:
d2:a6:e3:4f:37:52:5a:67:ce:da:be:51:d1:e0:df:
11:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:87:E9:C2:B3:DE:F3:B2:2C:5D:E8:78:9D:67:48:84:3B:A6:72:B7
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.151.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6b:04:ea:af:8b:ec:65:5f:b6:98:ec:19:2e:e6:21:9f:90:a2:
e2:08:06:28:74:ba:89:06:23:b0:b4:c3:33:9b:bf:2c:9b:5a:
7e:6d:2b:aa:a1:7b:dd:58:ed:37:44:2d:12:5b:8f:f9:b1:57:
8e:f4:5b:75:d2:1a:43:19:a4:4b:9f:4a:e9:3b:52:e6:10:9f:
1a:ce:d1:5f:7f:ff:07:c0:e6:d4:66:1e:61:d0:8e:2e:e8:f7:
48:55:ac:1f:4e:c2:02:19:1b:e9:73:77:35:4b:d2:51:02:12:
35:0c:b4:55:be:b5:d2:eb:04:06:9d:4b:57:b3:54:86:6e:2e:
0e:d5:9c:67:07:38:a1:43:db:57:08:17:44:68:93:4f:4b:37:
86:e0:ac:d5:6b:a6:d6:31:82:c8:ca:1c:c2:b8:cf:b7:83:da:
3b:0d:eb:4b:f3:f2:15:9e:e9:fa:b4:5a:29:ea:55:99:d9:ac:
47:2b:9e:9d:93:46:ff:d8:b4:82:50:06:93:dc:27:ac:0e:60:
82:10:85:a9:5f:a7:37:ce:4a:df:00:05:78:94:b1:12:cb:33:
1d:44:1d:58:e4:dc:2e:63:b8:d8:e2:41:a6:1e:f6:5b:9a:24:
14:9f:0c:04:bb:72:a2:7d:aa:45:ec:52:d3:78:7a:4e:53:db:
a8:55:40:8d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUfflNmpOYG03ojkBP9OcvgohAswgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDMwNTJaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM0MDAwN2VjZmFlMmY4ZGM1YTgxNzZjNmM1Yjc2ZGUwNWE5YzBmYjM3NDU5
YzczM2Q3OGYwZDk0MGE2ODFlYWExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIe5We+6QfXzC3LCUv1a2DN4Gvm6GXGqGASLStEQ/gJ4YZ9ivJy03RbDuBEX
A5K+B7bNHwWUsfcknDO15fNb2iKCrqQWBVydaGxzkDp78M9Xd3YDIsTmJy6N3dDe
riih/oSztX/LqAAlcFMxyiBXbTxAJWWCm5pEsYtCpGDSr2XaTwUljiU5BmLC4LHh
qAtKOJKqoVWNqHdjyW7wxm31o0cPZiP1n8l7ZmbOACV73CC7bUMu6ZifuvhHiX/5
twuJDBXoL3k3YgqVQav49tH6LkN2+ueqNz33pTXfLkkgBQ/jK6pzE/DLZSPbLWzy
KDdu0qbjTzdSWmfO2r5R0eDfEQUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTwh+nC
s97zsixd6HidZ0iEO6ZytzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmMzNTMyMTUtOTM1Zi00N2QyLTkyOTgtNzY3Y2NjMGVhZTFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAFWXMA0G
CSqGSIb3DQEBCwUAA4IBAQBrBOqvi+xlX7aY7Bku5iGfkKLiCAYodLqJBiOwtMMz
m78sm1p+bSuqoXvdWO03RC0SW4/5sVeO9Ft10hpDGaRLn0rpO1LmEJ8aztFff/8H
wObUZh5h0I4u6PdIVawfTsICGRvpc3c1S9JRAhI1DLRVvrXS6wQGnUtXs1SGbi4O
1ZxnBzihQ9tXCBdEaJNPSzeG4KzVa6bWMYLIyhzCuM+3g9o7DetL8/IVnun6tFop
6lWZ2axHK56dk0b/2LSCUAaT3CesDmCCEIWpX6c3zkrfAAV4lLESyzMdRB1Y5Nwu
Y7jY4kGmHvZbmiQUnwwEu3KifapF7FLTeHpOU9uoVUCN
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:41:33 2025 by rpki-client