Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/21ed4032-a4d1-486a-97f8-a4eed91bb627.roa
File: 21ed4032-a4d1-486a-97f8-a4eed91bb627.roa (raw, json)
Hash identifier: 4HnuNlZjNgCaIPIlrvMKfoYfpjrunncLTPImGXDFC/w=
Subject key identifier: ED:FC:B3:C0:C1:A1:A2:B8:DA:FB:10:D9:94:83:06:EB:F6:AF:BE:92
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 75B6F8948F785623B11F78B88E118B11AECFC279
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/21ed4032-a4d1-486a-97f8-a4eed91bb627.roa
Signing time: Tue 21 Oct 2025 14:50:19 +0000
ROA not before: Tue 21 Oct 2025 14:50:19 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 194.52.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:b6:f8:94:8f:78:56:23:b1:1f:78:b8:8e:11:8b:11:ae:cf:c2:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:19 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=fb0694f3f15be362acd913a5359a208095a0c4367d3d766a2cd3ece7b1516b1c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:44:89:67:c0:a3:b7:12:ae:52:43:a5:f0:ee:
37:3e:f6:92:46:c4:8c:9e:ca:d5:e4:0e:63:c3:ec:
f4:ce:67:f6:4a:96:71:b1:ff:7e:4f:1f:43:33:4e:
f2:f0:5e:f5:78:c4:05:c9:a9:6e:23:b1:b5:04:ad:
cf:d5:8d:10:90:bd:98:cb:75:cc:16:37:ea:2a:a4:
be:3a:ad:a8:6c:53:40:ab:f0:a1:f1:f7:83:47:b1:
f1:84:9b:ee:57:df:5a:34:ed:56:f5:e4:9d:59:00:
41:49:8f:ea:e3:1e:54:38:32:da:44:c3:76:a0:22:
c0:a1:4a:4e:b7:0e:0b:ac:d8:e7:5a:07:ef:05:6f:
98:74:69:fd:1f:9c:e1:25:60:c4:c2:b2:62:91:c6:
84:13:62:0e:03:e7:31:5b:6f:72:50:9c:98:db:a4:
de:39:a6:75:bf:32:c0:6d:57:89:16:2e:fd:8c:15:
27:01:36:1e:3e:89:6a:2e:90:0a:9d:94:2c:bc:4f:
42:81:6f:25:a1:1f:cd:29:d9:b9:19:60:0e:75:e0:
23:90:bf:c8:cb:7d:a2:d9:a5:28:d1:9a:f5:c9:62:
17:e4:02:5c:fc:91:c8:80:80:6d:c6:90:05:46:fe:
b5:0f:53:e4:97:9f:f5:59:75:34:26:de:53:a8:2c:
01:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:FC:B3:C0:C1:A1:A2:B8:DA:FB:10:D9:94:83:06:EB:F6:AF:BE:92
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/21ed4032-a4d1-486a-97f8-a4eed91bb627.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.52.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a9:db:76:1b:b9:cb:d5:eb:8c:0e:e2:64:52:f4:e4:7e:9c:96:
23:c0:90:da:63:69:02:54:d8:6d:77:41:8b:a8:d2:2e:9a:16:
7b:fd:d0:ce:b7:2b:f6:a7:c8:c6:93:cc:04:71:54:47:8f:76:
bc:0d:84:4a:92:2d:41:0b:8f:92:5e:f1:64:fe:f6:e1:6f:e5:
9b:8b:b5:da:1e:56:4c:99:c4:bd:2f:b5:3a:c4:d0:17:6b:af:
e0:8a:f4:55:4c:32:af:51:10:d4:85:1c:dc:26:ae:48:1d:55:
20:bd:59:6d:27:14:eb:0a:89:27:c2:97:e2:ae:b6:eb:6c:b6:
48:46:e2:2f:b0:2e:e3:0d:97:1b:ce:b4:d4:bd:21:69:2d:c8:
a1:7c:03:c0:f1:73:6e:4c:ad:cb:d9:34:b2:9d:d9:01:ab:13:
ae:1f:27:55:6c:4e:12:96:58:9a:d9:ae:92:27:0f:58:39:70:
3d:25:19:96:7c:2f:54:ad:d2:4b:c4:57:62:28:6b:b8:b2:8c:
07:f7:d2:e7:fa:81:e5:fe:59:e6:24:e3:10:c4:c8:ba:67:cd:
2b:93:f8:a3:a1:20:22:24:af:fc:74:3d:c4:a5:6a:10:f2:4c:
51:4c:ab:c9:a1:f6:d0:8a:09:ff:26:0e:e1:a3:1b:d0:9a:db:
e1:2d:da:0d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdbb4lI94ViOxH3i4jhGLEa7PwnkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMTlaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZiMDY5NGYzZjE1YmUzNjJhY2Q5MTNhNTM1OWEyMDgwOTVhMGM0MzY3ZDNk
NzY2YTJjZDNlY2U3YjE1MTZiMWMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOhEiWfAo7cSrlJDpfDuNz72kkbEjJ7K1eQOY8Ps9M5n9kqWcbH/fk8fQzNO
8vBe9XjEBcmpbiOxtQStz9WNEJC9mMt1zBY36iqkvjqtqGxTQKvwofH3g0ex8YSb
7lffWjTtVvXknVkAQUmP6uMeVDgy2kTDdqAiwKFKTrcOC6zY51oH7wVvmHRp/R+c
4SVgxMKyYpHGhBNiDgPnMVtvclCcmNuk3jmmdb8ywG1XiRYu/YwVJwE2Hj6Jai6Q
Cp2ULLxPQoFvJaEfzSnZuRlgDnXgI5C/yMt9otmlKNGa9cliF+QCXPyRyICAbcaQ
BUb+tQ9T5Jef9Vl1NCbeU6gsAYsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTt/LPA
waGiuNr7ENmUgwbr9q++kjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjFlZDQwMzItYTRkMS00ODZhLTk3ZjgtYTRlZWQ5MWJiNjI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMI0MA0G
CSqGSIb3DQEBCwUAA4IBAQCp23YbucvV64wO4mRS9OR+nJYjwJDaY2kCVNhtd0GL
qNIumhZ7/dDOtyv2p8jGk8wEcVRHj3a8DYRKki1BC4+SXvFk/vbhb+Wbi7XaHlZM
mcS9L7U6xNAXa6/givRVTDKvURDUhRzcJq5IHVUgvVltJxTrCoknwpfirrbrbLZI
RuIvsC7jDZcbzrTUvSFpLcihfAPA8XNuTK3L2TSyndkBqxOuHydVbE4Sllia2a6S
Jw9YOXA9JRmWfC9UrdJLxFdiKGu4sowH99Ln+oHl/lnmJOMQxMi6Z80rk/ijoSAi
JK/8dD3EpWoQ8kxRTKvJofbQign/Jg7hoxvQmtvhLdoN
-----END CERTIFICATE-----
Generated at Wed Nov 5 00:01:18 2025 by rpki-client