Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/338cbdf4-937d-41ee-8ec5-ca45e166a036.roa
File: 338cbdf4-937d-41ee-8ec5-ca45e166a036.roa (raw, json)
Hash identifier: 6PVcIe33M3fv69/t386MUWutp8C7v1CkKoeh+rvdMxA=
Subject key identifier: 6E:56:25:F9:77:BC:9B:A3:C5:B7:EC:1B:58:CE:AD:12:36:E7:3A:D4
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1D8C97ACA9E8072DEFF27756AE0171C50754702C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/338cbdf4-937d-41ee-8ec5-ca45e166a036.roa
Signing time: Tue 21 Oct 2025 14:40:04 +0000
ROA not before: Tue 21 Oct 2025 14:40:04 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 7224
IP address blocks: 193.57.182.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:8c:97:ac:a9:e8:07:2d:ef:f2:77:56:ae:01:71:c5:07:54:70:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:04 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=fa2166bb16eb4ea099318425236caf15a5e7fa58b2fbf2fcb1a41363da96796b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:56:bd:90:1f:a1:c9:99:99:34:82:90:a9:7e:
d9:fc:97:2e:5f:50:ad:b4:7a:42:5f:0c:8b:68:a0:
ad:a2:34:72:4d:9e:0d:7a:b0:54:91:55:6e:7c:71:
af:21:29:1f:6f:c2:b0:e7:6f:f7:0c:81:c9:de:d6:
40:d2:52:46:e4:46:fd:c9:99:9c:04:44:8a:c0:17:
10:d9:c2:7e:96:91:48:e6:3d:07:7c:5a:cf:f0:c1:
5c:7f:e4:8d:58:cc:13:bd:3e:51:ae:b6:69:33:0a:
e7:90:0f:0c:7d:8f:7e:8f:13:76:96:df:1b:31:d2:
ca:82:9f:dc:71:92:b2:8b:ce:2c:20:30:df:c7:16:
d6:86:9c:82:ff:be:4a:7b:38:04:4e:0c:66:df:bc:
cf:dc:c1:93:c3:ff:50:12:f5:3c:40:7e:d0:7e:70:
ec:4b:94:56:86:2b:21:74:0f:fc:40:27:e9:0c:66:
77:09:68:13:36:48:6f:e9:ff:a5:b7:34:f4:84:34:
3c:a3:67:b0:b4:91:72:39:69:a3:94:39:11:5a:7e:
ef:22:5c:4d:06:e4:54:92:77:e7:e0:36:c2:3d:e9:
81:70:3c:eb:ce:34:b1:cf:bc:19:75:fb:59:8e:7f:
be:ed:a4:59:a7:5c:96:31:b4:01:73:88:9b:0d:19:
fe:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:56:25:F9:77:BC:9B:A3:C5:B7:EC:1B:58:CE:AD:12:36:E7:3A:D4
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/338cbdf4-937d-41ee-8ec5-ca45e166a036.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.57.182.0/23
Signature Algorithm: sha256WithRSAEncryption
8f:11:ec:58:4d:44:0f:ee:f3:05:1f:50:a2:44:b8:71:19:06:
1b:21:8a:65:50:b6:62:7f:a8:ff:39:2b:06:8f:37:9f:03:1b:
29:d8:0e:11:4c:fb:af:ac:ef:08:0b:31:9a:a0:59:80:d7:5c:
9b:57:b8:cd:03:7a:91:8d:75:ef:c7:21:40:d8:db:9d:0b:b8:
61:26:b1:3c:ad:d0:bd:c7:ea:65:90:6c:e3:59:2c:82:30:08:
9d:27:95:d9:e0:6f:b9:fa:fa:ea:a6:11:2c:67:23:e0:09:77:
e7:94:a0:4c:f8:49:15:52:2c:61:29:46:51:7b:bc:7f:2b:75:
b0:4a:3f:73:5f:6a:71:f0:b5:c4:55:8f:34:9a:19:cd:5f:d6:
db:8a:48:6a:c3:d1:98:9b:da:2a:f5:6e:cb:67:ee:ab:94:9f:
c8:5c:44:48:5d:71:a6:c3:f8:c3:43:68:0e:ad:da:6a:a6:4e:
7b:a7:21:04:89:ef:9c:d6:4a:5e:a1:0a:54:80:51:be:97:64:
db:db:ed:d7:d0:c4:ad:f9:5a:ba:d5:e7:6e:53:c5:36:07:d0:
ab:ff:70:0c:67:d2:da:6c:db:71:7b:16:09:c5:5d:5e:ea:ff:
9d:cc:cb:95:85:03:75:9b:b1:e9:76:96:d4:5f:c0:cb:20:b5:
62:1c:68:f2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUHYyXrKnoBy3v8ndWrgFxxQdUcCwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMDRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZhMjE2NmJiMTZlYjRlYTA5OTMxODQyNTIzNmNhZjE1YTVlN2ZhNThiMmZi
ZjJmY2IxYTQxMzYzZGE5Njc5NmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKFWvZAfocmZmTSCkKl+2fyXLl9QrbR6Ql8Mi2igraI0ck2eDXqwVJFVbnxx
ryEpH2/CsOdv9wyByd7WQNJSRuRG/cmZnAREisAXENnCfpaRSOY9B3xaz/DBXH/k
jVjME70+Ua62aTMK55APDH2Pfo8TdpbfGzHSyoKf3HGSsovOLCAw38cW1oacgv++
Sns4BE4MZt+8z9zBk8P/UBL1PEB+0H5w7EuUVoYrIXQP/EAn6QxmdwloEzZIb+n/
pbc09IQ0PKNnsLSRcjlpo5Q5EVp+7yJcTQbkVJJ35+A2wj3pgXA86840sc+8GXX7
WY5/vu2kWadcljG0AXOImw0Z/tUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRuViX5
d7ybo8W37BtYzq0SNuc61DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzM4Y2JkZjQtOTM3ZC00MWVlLThlYzUtY2E0NWUxNjZhMDM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcE5tjAN
BgkqhkiG9w0BAQsFAAOCAQEAjxHsWE1ED+7zBR9QokS4cRkGGyGKZVC2Yn+o/zkr
Bo83nwMbKdgOEUz7r6zvCAsxmqBZgNdcm1e4zQN6kY1178chQNjbnQu4YSaxPK3Q
vcfqZZBs41ksgjAInSeV2eBvufr66qYRLGcj4Al355SgTPhJFVIsYSlGUXu8fyt1
sEo/c19qcfC1xFWPNJoZzV/W24pIasPRmJvaKvVuy2fuq5SfyFxESF1xpsP4w0No
Dq3aaqZOe6chBInvnNZKXqEKVIBRvpdk29vt19DErflautXnblPFNgfQq/9wDGfS
2mzbcXsWCcVdXur/nczLlYUDdZux6XaW1F/AyyC1Yhxo8g==
-----END CERTIFICATE-----
Generated at Wed Nov 5 14:19:08 2025 by rpki-client