Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5112f144-85b1-4c62-8729-84d86ff353a1.roa
File: 5112f144-85b1-4c62-8729-84d86ff353a1.roa (raw, json)
Hash identifier: qS7rnSJdS4uIKttr32Eqr0HZECFgLefa/ZzE7L2EvyA=
Subject key identifier: 88:74:43:0F:94:A6:AD:5C:AC:E4:DB:61:09:3D:72:FD:15:28:0B:1F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 43CF1EEC920CD2440A85DF2D657D1C70C306EA06
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5112f144-85b1-4c62-8729-84d86ff353a1.roa
Signing time: Fri 31 Oct 2025 02:00:23 +0000
ROA not before: Fri 31 Oct 2025 02:00:23 +0000
ROA not after: Fri 05 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 84.48.128.0/17 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:cf:1e:ec:92:0c:d2:44:0a:85:df:2d:65:7d:1c:70:c3:06:ea:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 31 02:00:23 2025 GMT
Not After : Dec 5 23:59:59 2025 GMT
Subject: serialNumber=514e046dcb82a48393132e7db3dbc4859734e705ce68f1decd039c9a7c908b8b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:59:7f:d9:f2:26:61:3e:d1:fe:79:e0:00:ff:
6b:0d:c3:ce:35:77:a7:c3:7e:5a:31:3e:3c:97:dd:
b3:97:6b:64:a4:0e:99:0d:74:b1:89:b9:c8:d2:e7:
64:5e:33:91:23:8b:d4:9d:92:b5:0d:6f:d5:22:4f:
3f:1c:f3:43:35:38:d7:43:fd:2b:42:44:9b:29:fb:
90:3c:f2:dc:44:ac:44:07:54:64:ae:aa:95:52:8d:
0c:f2:04:7e:97:82:4a:d9:d1:22:b3:e6:5a:a7:f3:
eb:3b:3b:19:3c:aa:3e:34:db:41:3f:68:2c:e1:24:
0c:26:d7:2a:df:c8:5f:a6:80:fe:8c:5d:bd:d3:d6:
08:e8:61:f6:37:1d:f2:5a:79:f5:d2:1b:2b:13:70:
dd:2b:f3:4d:0b:7b:f5:dd:3e:a3:e5:d4:50:17:fb:
71:ea:20:e1:54:69:b3:2e:c9:90:da:5c:16:93:95:
83:69:49:de:a9:a9:77:69:01:85:30:e1:64:2e:45:
6d:c1:02:5b:c0:84:b6:ba:82:c2:15:61:7f:62:7b:
6e:ac:0a:fc:fc:cf:28:45:27:45:73:94:56:ee:cc:
47:b8:30:41:8d:81:c7:e5:bc:fe:53:a5:cd:54:41:
ba:16:ea:e3:57:82:44:87:d6:2a:da:d2:5c:30:75:
f5:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:74:43:0F:94:A6:AD:5C:AC:E4:DB:61:09:3D:72:FD:15:28:0B:1F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5112f144-85b1-4c62-8729-84d86ff353a1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.48.128.0/17
Signature Algorithm: sha256WithRSAEncryption
4e:89:01:73:34:ab:51:05:5f:98:39:7b:04:34:3d:62:bc:ea:
a8:be:27:f5:d4:12:a8:74:ab:dc:70:1a:bc:33:5b:b0:cf:de:
ff:0a:02:b6:16:01:ab:cc:e9:d8:8b:10:1e:37:0c:13:22:9f:
cf:f1:f2:9d:44:9a:cf:06:7e:4c:7f:90:81:78:44:38:6d:50:
21:a2:5d:eb:31:0f:7b:64:58:24:a9:50:b3:56:24:55:19:36:
59:ae:f9:14:3c:32:9d:42:ac:c0:a7:5c:fe:89:6a:29:9d:0f:
aa:3a:f9:f6:b4:84:b7:ec:48:6b:93:99:9e:fa:fe:67:19:71:
26:4f:66:fb:54:84:7e:c6:55:b8:37:15:3c:03:6f:43:97:09:
2a:cd:b0:9c:2f:db:a2:31:2c:7e:df:42:bd:74:9c:0c:f1:e8:
d0:9c:8e:a2:96:62:90:9e:eb:93:fc:4c:38:b9:80:5a:55:54:
3d:99:c0:4d:d5:22:a8:1f:28:9f:69:81:af:cc:df:1e:b4:97:
81:c4:0a:3e:ba:96:66:ac:bd:e2:85:9d:cf:43:71:4a:5b:17:
1e:85:3a:43:63:6e:97:66:39:3a:3d:1c:38:96:da:f2:f8:1d:
e6:df:11:4f:16:5c:8b:2d:8d:27:27:28:70:e5:c8:44:a7:07:
9d:c4:1c:62
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQ88e7JIM0kQKhd8tZX0ccMMG6gYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMzEwMjAwMjNaFw0yNTEyMDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDUxNGUwNDZkY2I4MmE0ODM5MzEzMmU3ZGIzZGJjNDg1OTczNGU3MDVjZTY4
ZjFkZWNkMDM5YzlhN2M5MDhiOGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMpZf9nyJmE+0f554AD/aw3DzjV3p8N+WjE+PJfds5drZKQOmQ10sYm5yNLn
ZF4zkSOL1J2StQ1v1SJPPxzzQzU410P9K0JEmyn7kDzy3ESsRAdUZK6qlVKNDPIE
fpeCStnRIrPmWqfz6zs7GTyqPjTbQT9oLOEkDCbXKt/IX6aA/oxdvdPWCOhh9jcd
8lp59dIbKxNw3SvzTQt79d0+o+XUUBf7ceog4VRpsy7JkNpcFpOVg2lJ3qmpd2kB
hTDhZC5FbcECW8CEtrqCwhVhf2J7bqwK/PzPKEUnRXOUVu7MR7gwQY2Bx+W8/lOl
zVRBuhbq41eCRIfWKtrSXDB19VkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSIdEMP
lKatXKzk22EJPXL9FSgLHzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTExMmYxNDQtODViMS00YzYyLTg3MjktODRkODZmZjM1M2ExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB1QwgDAN
BgkqhkiG9w0BAQsFAAOCAQEATokBczSrUQVfmDl7BDQ9YrzqqL4n9dQSqHSr3HAa
vDNbsM/e/woCthYBq8zp2IsQHjcMEyKfz/HynUSazwZ+TH+QgXhEOG1QIaJd6zEP
e2RYJKlQs1YkVRk2Wa75FDwynUKswKdc/olqKZ0Pqjr59rSEt+xIa5OZnvr+Zxlx
Jk9m+1SEfsZVuDcVPANvQ5cJKs2wnC/bojEsft9CvXScDPHo0JyOopZikJ7rk/xM
OLmAWlVUPZnATdUiqB8on2mBr8zfHrSXgcQKPrqWZqy94oWdz0NxSlsXHoU6Q2Nu
l2Y5Oj0cOJba8vgd5t8RTxZciy2NJycocOXIRKcHncQcYg==
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:38:34 2025 by rpki-client