Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4eb66819-e335-446d-8ca8-7436f3cd196d.roa
File: 4eb66819-e335-446d-8ca8-7436f3cd196d.roa (raw, json)
Hash identifier: TK+52LI8kwN9QwPtnWbm73pMe6pHYa4H/QLeovQkjs4=
Subject key identifier: 29:F9:C6:C2:D6:2C:CE:C8:8B:D1:A8:19:63:62:54:8B:9F:D5:7C:52
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 763F3A482D297EFD1B2BB7E5E05F5B510899A502
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4eb66819-e335-446d-8ca8-7436f3cd196d.roa
Signing time: Tue 21 Oct 2025 14:40:01 +0000
ROA not before: Tue 21 Oct 2025 14:40:01 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 143.65.128.0/18 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:3f:3a:48:2d:29:7e:fd:1b:2b:b7:e5:e0:5f:5b:51:08:99:a5:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:01 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=dd26012c53023d9db934bd86a96e9ae8b68aabc704cb3fcd5a78283f4bf7e720, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:87:a6:4f:04:39:1c:ff:92:6d:47:74:3b:af:
aa:9e:94:64:49:87:da:8e:dd:88:8a:5a:d4:c9:06:
38:27:57:5e:4d:d3:c7:5d:40:62:c1:39:97:18:38:
d9:d0:e4:a8:5d:58:16:72:7e:f7:a7:56:30:16:28:
4a:1c:73:75:83:26:21:5c:8c:32:19:fe:5c:8c:66:
e2:09:4f:58:57:12:b6:49:62:73:02:0f:b9:8e:7f:
e0:59:31:a1:c4:1e:9c:8d:a4:91:af:9e:96:bb:67:
92:51:33:45:7b:bd:ca:54:10:c0:5a:37:ab:ee:8e:
4f:eb:58:8b:e4:f0:99:c1:cb:06:23:a3:77:f6:51:
58:b3:b7:34:d1:dd:95:34:e1:b1:6d:f0:6d:64:cc:
1e:ed:29:86:8a:5b:a7:68:c4:57:d5:26:32:fd:75:
8f:d7:dd:77:68:3f:b5:f6:22:50:ca:55:3c:5f:4d:
4b:6f:a6:22:ae:ab:d4:c7:da:52:34:b4:08:da:8e:
d8:28:db:74:6f:f7:0e:24:e3:19:bb:ce:62:04:15:
08:7f:04:a3:fc:7c:06:4e:30:9d:bf:4a:96:81:27:
77:cb:4f:71:92:83:10:c1:19:71:8d:45:c9:af:00:
fd:11:9a:a3:47:24:51:f9:f5:df:53:25:dd:60:15:
48:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:F9:C6:C2:D6:2C:CE:C8:8B:D1:A8:19:63:62:54:8B:9F:D5:7C:52
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4eb66819-e335-446d-8ca8-7436f3cd196d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.65.128.0/18
Signature Algorithm: sha256WithRSAEncryption
3d:99:dd:73:55:c7:80:c3:6b:02:35:d2:f1:a5:82:e0:09:c4:
b8:2c:f0:fb:2c:2d:08:e1:d8:28:6f:06:68:e2:04:3f:c3:37:
6b:4e:89:64:58:9e:b8:a6:0d:a5:a2:76:23:5d:05:6a:27:ca:
d6:bc:a4:cf:df:af:9b:6c:59:b0:24:31:e0:63:ce:d1:06:0d:
ab:82:18:22:a8:2c:69:1d:7a:e9:3a:6e:fb:90:42:f0:c3:cf:
ec:5c:7a:3d:61:3d:b6:1e:06:1b:fe:9b:d6:0a:3a:cd:d5:23:
60:f1:11:4b:ca:0a:4c:ab:52:0a:a9:80:a2:65:55:ff:58:a1:
c7:69:b9:0b:8f:93:f2:4f:71:1b:4a:d6:17:5d:d7:33:dc:4d:
3d:70:34:64:cc:55:d5:ea:fd:75:14:bd:7a:73:a0:ea:5a:cd:
bd:77:ba:2a:b0:41:b2:12:e1:67:0f:f9:38:73:6a:9a:8a:82:
44:e1:3e:44:a6:7d:71:6f:2d:60:87:73:4d:84:72:84:40:a9:
36:6f:44:7c:42:59:d2:97:a0:74:30:9f:8f:b8:1a:71:60:48:
64:b6:e7:da:ad:40:a7:0f:70:ec:ff:e7:a5:55:18:a8:95:15:
7a:76:31:5d:32:4d:19:5f:25:d6:a5:0a:2b:f5:ed:d2:61:dc:
be:82:8d:a8
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUdj86SC0pfv0bK7fl4F9bUQiZpQIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMDFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkMjYwMTJjNTMwMjNkOWRiOTM0YmQ4NmE5NmU5YWU4YjY4YWFiYzcwNGNi
M2ZjZDVhNzgyODNmNGJmN2U3MjAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALaHpk8EORz/km1HdDuvqp6UZEmH2o7diIpa1MkGOCdXXk3Tx11AYsE5lxg4
2dDkqF1YFnJ+96dWMBYoShxzdYMmIVyMMhn+XIxm4glPWFcStklicwIPuY5/4Fkx
ocQenI2kka+elrtnklEzRXu9ylQQwFo3q+6OT+tYi+TwmcHLBiOjd/ZRWLO3NNHd
lTThsW3wbWTMHu0phopbp2jEV9UmMv11j9fdd2g/tfYiUMpVPF9NS2+mIq6r1Mfa
UjS0CNqO2CjbdG/3DiTjGbvOYgQVCH8Eo/x8Bk4wnb9KloEnd8tPcZKDEMEZcY1F
ya8A/RGao0ckUfn131Ml3WAVSI0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQp+cbC
1izOyIvRqBljYlSLn9V8UjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGViNjY4MTktZTMzNS00NDZkLThjYTgtNzQzNmYzY2QxOTZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBo9BgDAN
BgkqhkiG9w0BAQsFAAOCAQEAPZndc1XHgMNrAjXS8aWC4AnEuCzw+ywtCOHYKG8G
aOIEP8M3a06JZFieuKYNpaJ2I10FaifK1rykz9+vm2xZsCQx4GPO0QYNq4IYIqgs
aR166Tpu+5BC8MPP7Fx6PWE9th4GG/6b1go6zdUjYPERS8oKTKtSCqmAomVV/1ih
x2m5C4+T8k9xG0rWF13XM9xNPXA0ZMxV1er9dRS9enOg6lrNvXe6KrBBshLhZw/5
OHNqmoqCROE+RKZ9cW8tYIdzTYRyhECpNm9EfEJZ0pegdDCfj7gacWBIZLbn2q1A
pw9w7P/npVUYqJUVenYxXTJNGV8l1qUKK/Xt0mHcvoKNqA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 14:06:04 2025 by rpki-client