Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
File: 383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa (raw, json)
Hash identifier: Ho5332wVttfh93zheReQHsB39nb9o3/Z3ElwijBFg6Q=
Subject key identifier: 6D:91:9D:2E:25:8C:FE:FD:E2:09:06:FC:4A:C0:69:50:10:55:5C:3C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7A64D5F01DC85B6CA610754AB6019684490BA7E9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
Signing time: Fri 11 Jul 2025 20:50:06 +0000
ROA not before: Fri 11 Jul 2025 20:50:06 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 200.224.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:64:d5:f0:1d:c8:5b:6c:a6:10:75:4a:b6:01:96:84:49:0b:a7:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 20:50:06 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=205494fdafd0beeb179849ea07680c240f428da222a31a13586e0d212393903d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:e7:e2:6d:c0:09:67:54:a2:dd:b4:69:80:3b:
30:70:87:55:85:a4:56:63:dd:a6:c7:16:af:cd:a7:
c1:7f:17:d0:5c:89:68:3b:08:cb:50:bb:ef:c4:b8:
d1:3b:95:22:32:72:78:0a:7b:ae:f1:e4:2e:14:63:
31:47:97:5b:a5:58:74:d4:0c:30:c8:18:08:3f:c4:
7e:71:3a:b6:83:fd:94:51:ef:a8:c6:49:57:56:59:
11:ef:a1:45:b1:bb:d6:70:9f:74:ac:c6:c9:c0:05:
68:f1:18:9d:9d:5b:57:69:8c:1c:db:c8:c2:93:74:
e8:bf:be:86:76:06:3e:e3:13:12:8a:27:61:4d:bc:
e6:18:35:07:58:87:f9:ff:3b:21:61:c2:05:fa:54:
1a:b3:0b:4d:20:94:2d:e7:cb:8c:8b:60:28:0e:b0:
6e:b6:28:67:1a:e8:90:ef:c3:fa:07:9a:40:10:4f:
c4:26:be:57:0e:53:0d:c4:c4:db:f8:83:05:84:bb:
d3:61:0b:d0:57:e9:b8:35:87:78:7a:5c:26:b0:e9:
e7:dd:43:2b:99:16:cd:12:ed:73:67:c5:93:6c:ab:
f6:e2:40:86:59:38:fa:19:ca:ba:44:a5:6d:bc:a0:
6a:b9:c7:ff:a0:e8:f0:f6:b4:1f:7e:7f:63:d8:b3:
2f:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:91:9D:2E:25:8C:FE:FD:E2:09:06:FC:4A:C0:69:50:10:55:5C:3C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.224.0.0/16
Signature Algorithm: sha256WithRSAEncryption
d3:a7:cd:23:34:4f:39:a7:f4:c4:b3:74:17:b1:61:b0:87:73:
05:55:58:01:22:50:3d:75:33:55:c1:db:75:c6:1e:dc:3c:32:
f3:ae:09:5e:4b:dd:38:0b:1a:b8:01:bf:65:44:03:b1:b6:d7:
10:5c:5a:ef:18:c1:84:c1:8a:02:72:0e:84:d6:6e:19:7c:e8:
02:15:92:6a:b0:cf:95:c4:68:d7:d3:d4:5e:8c:69:51:7f:1e:
45:1a:fb:8a:04:a5:9c:77:8d:62:c0:2a:7e:f6:54:2b:cd:44:
eb:39:d3:8b:15:4b:ff:b4:da:62:84:c1:f7:a8:0f:e0:df:9a:
af:1a:8b:a9:7c:d4:40:fb:fe:4e:eb:f1:3c:58:a9:a1:33:cd:
89:5b:69:05:79:e0:76:79:f9:0b:78:93:ac:1a:5f:e3:18:f7:
d0:92:ac:fb:58:89:ee:25:36:f2:82:40:cd:a5:84:4c:30:95:
ba:33:92:5b:4c:3e:48:48:4d:29:73:d4:d8:e5:38:bb:fc:db:
70:69:75:37:bb:c9:72:86:cc:a2:13:5a:87:62:16:e4:c8:8c:
89:34:fa:59:56:c3:22:37:77:8e:a1:3c:ed:da:f1:fc:3a:a8:
47:2a:89:b3:79:d8:18:53:2a:b9:4e:00:1a:af:fc:2f:53:0b:
ee:b5:7e:92
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUemTV8B3IW2ymEHVKtgGWhEkLp+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMDUwMDZaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDIwNTQ5NGZkYWZkMGJlZWIxNzk4NDllYTA3NjgwYzI0MGY0MjhkYTIyMmEz
MWExMzU4NmUwZDIxMjM5MzkwM2QxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/n4m3ACWdUot20aYA7MHCHVYWkVmPdpscWr82nwX8X0FyJaDsIy1C778S4
0TuVIjJyeAp7rvHkLhRjMUeXW6VYdNQMMMgYCD/EfnE6toP9lFHvqMZJV1ZZEe+h
RbG71nCfdKzGycAFaPEYnZ1bV2mMHNvIwpN06L++hnYGPuMTEoonYU285hg1B1iH
+f87IWHCBfpUGrMLTSCULefLjItgKA6wbrYoZxrokO/D+geaQBBPxCa+Vw5TDcTE
2/iDBYS702EL0FfpuDWHeHpcJrDp591DK5kWzRLtc2fFk2yr9uJAhlk4+hnKukSl
bbygarnH/6Do8Pa0H35/Y9izL48CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRtkZ0u
JYz+/eIJBvxKwGlQEFVcPDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzgzYzFmNmQtNGUwZS00ZTMzLWEyY2UtZjQ5Mzg2ZGNjMWYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjgMA0G
CSqGSIb3DQEBCwUAA4IBAQDTp80jNE85p/TEs3QXsWGwh3MFVVgBIlA9dTNVwdt1
xh7cPDLzrgleS904Cxq4Ab9lRAOxttcQXFrvGMGEwYoCcg6E1m4ZfOgCFZJqsM+V
xGjX09RejGlRfx5FGvuKBKWcd41iwCp+9lQrzUTrOdOLFUv/tNpihMH3qA/g35qv
GoupfNRA+/5O6/E8WKmhM82JW2kFeeB2efkLeJOsGl/jGPfQkqz7WInuJTbygkDN
pYRMMJW6M5JbTD5ISE0pc9TY5Ti7/NtwaXU3u8lyhsyiE1qHYhbkyIyJNPpZVsMi
N3eOoTzt2vH8OqhHKomzedgYUyq5TgAar/wvUwvutX6S
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:49:17 2025 by rpki-client