Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
File: 238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa (raw, json)
Hash identifier: zDDSQ1KgGJSwHCWOhmF/YZS4TIcDgFnegbOgdipbL/Y=
Subject key identifier: 6A:32:EF:40:D8:F9:FF:C6:D6:69:B1:07:3E:59:67:72:70:C2:F1:16
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 29B9F71996528E76D267662A7330910E6197D739
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
Signing time: Tue 21 Oct 2025 15:00:30 +0000
ROA not before: Tue 21 Oct 2025 15:00:30 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 200.197.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:b9:f7:19:96:52:8e:76:d2:67:66:2a:73:30:91:0e:61:97:d7:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 15:00:30 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=24d9257dba908f35da39027cd4a645145cd12396e83b0f1d3de5f6cc30a19d7b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:d8:70:a8:de:df:6f:26:d9:67:57:29:b1:b5:
89:f3:0a:50:1d:fe:c3:d3:78:07:d1:90:4e:28:e7:
a9:30:f0:65:f9:50:4a:56:39:b7:b1:de:fa:17:9c:
03:bd:53:90:a1:cc:d8:a5:19:35:93:f6:0f:36:12:
88:d9:f2:be:30:30:c5:d4:a3:00:31:1a:26:6f:e7:
75:4d:b5:1f:1b:1f:41:83:97:92:d1:f8:0b:d6:88:
c2:6f:c3:5e:56:47:ba:f8:a6:46:9d:a2:b9:2f:a2:
5e:a4:6c:e4:f3:a7:17:38:74:b1:a8:d5:52:5d:a6:
4c:c0:5f:48:72:e3:17:6a:d3:d8:10:c5:4a:1b:56:
10:7f:4a:6f:d8:f8:13:55:74:3e:30:fe:ab:72:c3:
b2:18:3f:3b:d6:a9:40:6e:5b:58:cc:4d:6d:04:69:
75:fb:50:a4:43:0f:d3:f3:58:51:d7:39:e3:df:39:
47:c8:84:21:7f:a3:50:07:d1:0d:a0:ce:88:f0:5d:
ac:d9:c4:8d:3c:2d:9f:90:33:9a:51:93:83:4b:11:
80:49:6e:cc:a4:7c:93:91:9f:f0:a5:fa:82:5c:71:
eb:5c:18:0c:fd:67:53:1f:5b:6c:1c:a9:14:66:1b:
7c:c0:24:fb:10:95:38:0a:8f:c3:65:18:96:90:6e:
62:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:32:EF:40:D8:F9:FF:C6:D6:69:B1:07:3E:59:67:72:70:C2:F1:16
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.197.0.0/16
Signature Algorithm: sha256WithRSAEncryption
87:e3:08:6b:d3:3a:44:db:0e:ba:3e:b8:52:3e:29:bb:c2:e8:
22:ec:c2:27:39:26:ab:6f:4e:f8:9c:bd:79:67:45:bf:d7:0b:
2d:54:b5:45:b3:6d:f8:27:0d:48:fb:94:b3:ee:01:40:3f:8b:
30:6c:ea:18:29:72:0a:eb:e6:df:dc:96:50:d6:eb:6e:c6:8a:
ea:05:36:01:04:d3:d4:75:f5:1a:6d:cc:00:ab:79:60:f5:ff:
a8:83:04:98:df:83:39:75:6e:5c:fe:b3:36:02:7d:80:32:18:
9e:65:6d:97:de:04:61:4b:27:a8:e8:df:5f:7d:8b:ed:29:7b:
8a:64:44:75:32:27:7a:de:ed:8f:c6:12:8e:1a:8d:34:06:6b:
4c:f2:56:3e:0a:84:81:35:32:71:70:82:7e:c2:c5:b6:24:47:
bc:5f:36:d7:9f:f9:4f:e2:f9:4c:c0:6c:7d:3d:92:6c:f7:32:
53:82:9b:d1:06:61:84:1c:9b:66:66:a5:9e:d7:8b:7f:0d:d4:
fb:44:42:5b:8c:62:6d:2b:25:df:92:7f:8b:9e:0e:ac:6e:1e:
59:41:ab:4a:de:6c:d4:b4:93:b2:96:5a:b3:22:27:40:1b:c0:
48:b8:4c:25:cf:4e:87:be:06:db:d5:0a:14:17:40:b9:a8:0a:
bd:da:18:59
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKbn3GZZSjnbSZ2YqczCRDmGX1zkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNTAwMzBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDI0ZDkyNTdkYmE5MDhmMzVkYTM5MDI3Y2Q0YTY0NTE0NWNkMTIzOTZlODNi
MGYxZDNkZTVmNmNjMzBhMTlkN2IxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANnYcKje328m2WdXKbG1ifMKUB3+w9N4B9GQTijnqTDwZflQSlY5t7He+hec
A71TkKHM2KUZNZP2DzYSiNnyvjAwxdSjADEaJm/ndU21HxsfQYOXktH4C9aIwm/D
XlZHuvimRp2iuS+iXqRs5POnFzh0sajVUl2mTMBfSHLjF2rT2BDFShtWEH9Kb9j4
E1V0PjD+q3LDshg/O9apQG5bWMxNbQRpdftQpEMP0/NYUdc54985R8iEIX+jUAfR
DaDOiPBdrNnEjTwtn5AzmlGTg0sRgEluzKR8k5Gf8KX6glxx61wYDP1nUx9bbByp
FGYbfMAk+xCVOAqPw2UYlpBuYhMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRqMu9A
2Pn/xtZpsQc+WWdycMLxFjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjM4ZGJmYmItMGUxOC00NWUwLWJhOTEtNmU4OGJiNTA4MDJhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjFMA0G
CSqGSIb3DQEBCwUAA4IBAQCH4whr0zpE2w66PrhSPim7wugi7MInOSarb074nL15
Z0W/1wstVLVFs234Jw1I+5Sz7gFAP4swbOoYKXIK6+bf3JZQ1utuxorqBTYBBNPU
dfUabcwAq3lg9f+ogwSY34M5dW5c/rM2An2AMhieZW2X3gRhSyeo6N9ffYvtKXuK
ZER1Mid63u2PxhKOGo00BmtM8lY+CoSBNTJxcIJ+wsW2JEe8XzbXn/lP4vlMwGx9
PZJs9zJTgpvRBmGEHJtmZqWe14t/DdT7REJbjGJtKyXfkn+Lng6sbh5ZQatK3mzU
tJOyllqzIidAG8BIuEwlz06Hvgbb1QoUF0C5qAq92hhZ
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:31:53 2025 by rpki-client