Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa
File: 3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa (raw, json)
Hash identifier: fgScZQXdxymtotAsHyqSXySsTlRt/GAv7XG1XoOPxgQ=
Subject key identifier: 16:74:AA:39:D0:54:F3:63:FF:4F:70:4F:99:67:D5:33:34:BA:5D:2C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 156B43E580C8DDFC97138C8647F65062162FF8E9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa
Signing time: Fri 31 Oct 2025 02:00:07 +0000
ROA not before: Fri 31 Oct 2025 02:00:07 +0000
ROA not after: Fri 05 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 57.104.0.0/13 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:6b:43:e5:80:c8:dd:fc:97:13:8c:86:47:f6:50:62:16:2f:f8:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 31 02:00:07 2025 GMT
Not After : Dec 5 23:59:59 2025 GMT
Subject: serialNumber=20fb4378b1b9936e3d8678b500dbc6d773c96cd7b5ecbc57084af4721fb5a781, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:a1:9a:53:d5:93:4b:2c:e4:5f:b5:42:99:16:
d1:57:22:8c:7b:5f:92:35:37:78:f0:0f:35:19:4e:
33:ee:6b:dc:e0:9b:62:3a:52:e2:f3:a0:66:b3:93:
24:77:25:ba:bd:12:e9:37:ad:83:cb:41:a5:70:55:
85:4d:1d:e0:1d:98:42:0f:38:49:b1:20:1e:09:76:
7d:5d:82:66:d9:45:7a:53:86:54:4e:76:e9:e7:15:
be:5f:1a:11:79:ed:fa:b5:99:35:a4:5c:e5:c0:b1:
4f:f6:e6:dd:89:c1:b8:80:62:75:32:ff:ca:ac:00:
14:8b:62:4a:43:4c:1e:27:e2:21:ab:06:e1:03:ae:
9a:11:4b:c9:11:4b:0f:87:36:14:cc:1c:8c:18:f8:
30:a1:88:b7:92:bb:4b:c3:74:61:c8:77:77:83:6b:
df:17:4f:09:49:3a:8f:e1:38:d2:39:cb:0a:fa:15:
d4:b0:44:53:3c:9e:6b:60:89:50:cc:04:8b:7f:6c:
5e:eb:6a:b1:45:bf:3a:7c:25:87:30:f9:98:2c:0d:
69:37:36:74:a9:a1:2d:bd:67:07:94:f6:e9:ae:e6:
15:b9:00:46:17:f2:63:68:2b:62:a7:b7:21:6d:8c:
eb:bf:66:c3:ca:a4:82:49:4b:75:e3:9c:56:c8:62:
bc:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:74:AA:39:D0:54:F3:63:FF:4F:70:4F:99:67:D5:33:34:BA:5D:2C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
57.104.0.0/13
Signature Algorithm: sha256WithRSAEncryption
48:17:d6:7c:95:d7:31:8c:b8:0c:40:f2:31:d5:0f:4a:c8:51:
f5:8e:b8:82:d8:5c:20:d1:0b:35:db:1d:5f:51:2e:e3:46:4b:
b3:bf:b1:10:e9:ba:e2:85:e8:9a:b0:ce:7c:ba:f8:60:88:fa:
53:9d:90:98:d3:9d:4c:9e:87:bc:b5:2a:ce:24:57:7a:70:b1:
70:b4:39:4f:88:64:08:92:79:a4:cc:b8:e3:14:f4:0b:39:e5:
f4:fd:01:c6:47:5c:1a:5f:52:d5:93:49:85:5f:cf:b6:c0:95:
0d:ba:a0:1b:f2:49:5e:b3:07:f7:8e:06:3b:b2:62:91:77:2c:
ef:eb:57:9d:51:1e:f7:c9:8e:13:f0:d0:36:2d:ca:66:6a:31:
89:8d:d0:bd:81:1a:5a:00:e4:70:d1:52:fb:db:42:44:b9:b9:
bc:48:e9:81:1a:09:ff:9d:6f:6a:09:6a:39:28:1c:74:7b:89:
b5:e2:5d:90:bc:96:17:f5:e6:b5:7a:48:4c:f7:aa:2a:df:5e:
50:ea:0c:f3:2a:3f:5a:08:c8:db:79:96:ff:0b:23:6f:8b:fb:
cd:8d:57:e9:6d:c9:b8:db:70:ca:9d:bf:80:f5:89:1d:0a:a2:
d1:63:c9:40:cb:a6:b5:f3:a7:cd:0b:6a:28:9a:69:6f:1e:79:
0d:fe:f4:d9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUFWtD5YDI3fyXE4yGR/ZQYhYv+OkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMzEwMjAwMDdaFw0yNTEyMDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDIwZmI0Mzc4YjFiOTkzNmUzZDg2NzhiNTAwZGJjNmQ3NzNjOTZjZDdiNWVj
YmM1NzA4NGFmNDcyMWZiNWE3ODExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMihmlPVk0ss5F+1QpkW0VcijHtfkjU3ePAPNRlOM+5r3OCbYjpS4vOgZrOT
JHclur0S6Tetg8tBpXBVhU0d4B2YQg84SbEgHgl2fV2CZtlFelOGVE526ecVvl8a
EXnt+rWZNaRc5cCxT/bm3YnBuIBidTL/yqwAFItiSkNMHifiIasG4QOumhFLyRFL
D4c2FMwcjBj4MKGIt5K7S8N0Ych3d4Nr3xdPCUk6j+E40jnLCvoV1LBEUzyea2CJ
UMwEi39sXutqsUW/OnwlhzD5mCwNaTc2dKmhLb1nB5T26a7mFbkARhfyY2grYqe3
IW2M679mw8qkgklLdeOcVshivF0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQWdKo5
0FTzY/9PcE+ZZ9UzNLpdLDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
M2JiYTU4NGUtMmUwYi00NDkyLTk0YjAtZTcwMTc3YzhmMmNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAzloMA0G
CSqGSIb3DQEBCwUAA4IBAQBIF9Z8ldcxjLgMQPIx1Q9KyFH1jriC2Fwg0Qs12x1f
US7jRkuzv7EQ6briheiasM58uvhgiPpTnZCY051Mnoe8tSrOJFd6cLFwtDlPiGQI
knmkzLjjFPQLOeX0/QHGR1waX1LVk0mFX8+2wJUNuqAb8kleswf3jgY7smKRdyzv
61edUR73yY4T8NA2LcpmajGJjdC9gRpaAORw0VL720JEubm8SOmBGgn/nW9qCWo5
KBx0e4m14l2QvJYX9ea1ekhM96oq315Q6gzzKj9aCMjbeZb/CyNvi/vNjVfpbcm4
23DKnb+A9YkdCqLRY8lAy6a186fNC2oommlvHnkN/vTZ
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:30:32 2025 by rpki-client