Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
File: 238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa (raw, json)
Hash identifier: S/pAMk/otHCSJpGVyuN6Ym98liWgIMrDXMAQPti44v4=
Subject key identifier: A7:54:5D:08:E9:BC:57:36:08:A7:9E:3E:4A:34:D1:AB:C9:85:A1:C4
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3EF01163E9C767BCB337955913EACD7CCC1E8DCE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
Signing time: Fri 11 Jul 2025 20:50:06 +0000
ROA not before: Fri 11 Jul 2025 20:50:06 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 200.197.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 Aug 2025 14:37:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:f0:11:63:e9:c7:67:bc:b3:37:95:59:13:ea:cd:7c:cc:1e:8d:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 20:50:06 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=7f7aa32852f14862275519fce23506fbce607812d8bcd0fab5c4ac0e2bd205d0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:34:09:09:91:c4:6c:fc:44:9e:ac:70:99:da:
00:13:1f:57:3d:92:c2:ef:56:65:58:32:61:14:fb:
b1:60:7a:6d:54:f4:ab:c3:5e:4a:be:bb:d4:b7:9a:
a1:17:e9:a9:99:f5:06:86:89:32:cc:de:86:bb:de:
a0:27:07:be:16:d0:0a:88:98:30:ff:a1:08:74:12:
a1:92:95:6c:04:70:0c:53:d5:16:e3:8c:dd:75:dd:
bd:5b:60:69:78:ee:fc:01:55:9f:ac:dd:57:3b:12:
0b:12:f3:a3:cc:93:93:6d:8f:bd:dc:54:a5:74:40:
16:7f:0a:96:57:86:e5:fe:57:89:34:fe:c4:08:ff:
f3:27:fe:b6:6e:c0:ee:ee:6d:82:47:21:e7:91:1f:
56:56:63:9c:9a:40:7f:69:35:f8:8b:04:47:29:eb:
80:5a:b4:64:00:cc:fe:e9:c1:49:ba:e1:f6:71:a6:
4f:3f:67:8b:0d:76:de:41:3c:9d:6f:ec:0a:b3:0f:
d9:7c:ba:4b:ac:9d:cc:fd:a9:ad:f4:be:ab:cf:04:
aa:7d:b2:dc:1c:12:60:4a:6f:84:79:46:9c:5c:dd:
84:d5:d1:c5:a8:9b:c9:c9:ef:47:ef:1c:50:03:bf:
25:21:1b:0b:5f:c3:be:c6:ef:5d:c1:6d:bd:82:0a:
20:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:54:5D:08:E9:BC:57:36:08:A7:9E:3E:4A:34:D1:AB:C9:85:A1:C4
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.197.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b4:84:f1:03:15:1c:2c:24:2d:2c:5c:14:e5:d5:23:26:2c:d9:
c7:65:dd:85:a2:6a:6a:11:ac:dc:05:e5:8f:bf:2f:cc:44:a0:
cb:e5:2d:da:dd:4f:5d:19:be:a7:a5:c9:22:f8:b3:9a:0e:2f:
98:50:c7:dd:68:82:12:af:62:b7:88:14:16:68:3f:87:ef:4b:
fa:7d:2c:03:bc:5d:04:f4:1e:c5:6f:2a:b5:92:d2:90:1c:e4:
da:de:35:84:58:ba:1b:a8:a5:fd:1d:e9:80:6d:60:3b:73:e5:
99:e7:f1:c1:75:62:3d:af:57:fa:06:ac:65:6e:89:73:95:3b:
70:39:51:eb:27:de:b4:a1:ca:32:0d:29:72:75:f3:de:ea:a5:
96:97:ef:13:e8:e7:b1:37:be:2a:b5:c8:f2:41:c7:98:4c:17:
23:d3:08:8f:54:fa:ac:23:55:f0:ae:7c:c9:7e:7b:bc:35:37:
08:c9:73:83:f2:c2:6b:e5:f2:0b:82:d0:e3:fa:1f:8e:f7:18:
de:8d:94:e8:90:af:f7:7d:5e:f7:bb:c9:47:ac:44:24:22:3a:
70:8a:1e:92:db:a8:11:09:4d:8b:c6:40:11:ae:6b:57:31:91:
6a:ab:08:d8:9f:bf:2a:ab:07:a3:27:47:68:8b:90:de:e4:19:
fb:46:fa:39
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUPvARY+nHZ7yzN5VZE+rNfMwejc4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMDUwMDZaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdmN2FhMzI4NTJmMTQ4NjIyNzU1MTlmY2UyMzUwNmZiY2U2MDc4MTJkOGJj
ZDBmYWI1YzRhYzBlMmJkMjA1ZDAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOg0CQmRxGz8RJ6scJnaABMfVz2Swu9WZVgyYRT7sWB6bVT0q8NeSr671Lea
oRfpqZn1BoaJMszehrveoCcHvhbQCoiYMP+hCHQSoZKVbARwDFPVFuOM3XXdvVtg
aXju/AFVn6zdVzsSCxLzo8yTk22PvdxUpXRAFn8KlleG5f5XiTT+xAj/8yf+tm7A
7u5tgkch55EfVlZjnJpAf2k1+IsERynrgFq0ZADM/unBSbrh9nGmTz9niw123kE8
nW/sCrMP2Xy6S6ydzP2prfS+q88Eqn2y3BwSYEpvhHlGnFzdhNXRxaibycnvR+8c
UAO/JSEbC1/DvsbvXcFtvYIKIL8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSnVF0I
6bxXNginnj5KNNGryYWhxDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjM4ZGJmYmItMGUxOC00NWUwLWJhOTEtNmU4OGJiNTA4MDJhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjFMA0G
CSqGSIb3DQEBCwUAA4IBAQC0hPEDFRwsJC0sXBTl1SMmLNnHZd2FompqEazcBeWP
vy/MRKDL5S3a3U9dGb6npcki+LOaDi+YUMfdaIISr2K3iBQWaD+H70v6fSwDvF0E
9B7Fbyq1ktKQHOTa3jWEWLobqKX9HemAbWA7c+WZ5/HBdWI9r1f6BqxlbolzlTtw
OVHrJ960ocoyDSlydfPe6qWWl+8T6OexN74qtcjyQceYTBcj0wiPVPqsI1XwrnzJ
fnu8NTcIyXOD8sJr5fILgtDj+h+O9xjejZTokK/3fV73u8lHrEQkIjpwih6S26gR
CU2LxkARrmtXMZFqqwjYn78qqwejJ0doi5De5Bn7Rvo5
-----END CERTIFICATE-----
Generated at Tue Aug 5 16:40:37 2025 by rpki-client