Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5b8eca1c-0001-4580-9357-36838b685542.roa
File: 5b8eca1c-0001-4580-9357-36838b685542.roa (raw, json)
Hash identifier: a4Ie/sunmtZqkLE4NyTTywNgcVJoomcGmst9rGFvYOY=
Subject key identifier: D5:4E:7F:52:ED:82:3E:13:AC:AF:65:FE:B5:11:CF:50:8C:69:5C:A1
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2EC31A7D216A79C11437C7AA49CF65F630939461
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5b8eca1c-0001-4580-9357-36838b685542.roa
Signing time: Fri 31 Oct 2025 02:00:16 +0000
ROA not before: Fri 31 Oct 2025 02:00:16 +0000
ROA not after: Fri 05 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.239.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:c3:1a:7d:21:6a:79:c1:14:37:c7:aa:49:cf:65:f6:30:93:94:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 31 02:00:16 2025 GMT
Not After : Dec 5 23:59:59 2025 GMT
Subject: serialNumber=a6fe157a51768c3ba4163ffaf4002b39df0a6d91df59eee7062ace169fcdc4a4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:1b:8d:ac:e4:98:52:a9:2b:b4:b5:b9:f3:34:
31:c5:0c:e8:76:3a:89:84:09:f4:b2:7a:ef:8b:99:
d6:bc:79:a1:ca:8a:88:9e:ac:63:6b:b4:c2:af:27:
6a:8a:c5:1b:13:4b:78:1c:cf:28:b2:ab:93:d3:de:
bf:8c:7f:71:95:d1:b7:51:87:9c:10:07:42:e4:cd:
ea:31:be:ac:0d:88:23:10:ad:3b:d3:a6:38:ce:86:
54:47:67:eb:40:b0:c0:27:71:8c:c8:f0:1c:bf:90:
78:0a:60:a9:5a:c3:0c:d2:50:a2:35:04:9d:86:f3:
de:5e:9a:d9:53:e6:d3:db:67:16:6b:7f:b8:10:e5:
1d:12:7e:c0:33:46:7e:2d:8c:2f:e2:d3:d9:19:ae:
b1:29:3f:d6:d0:72:d3:18:b4:81:b5:b5:1c:89:fa:
b2:42:6a:d5:57:e8:4d:0a:da:69:03:59:b9:1e:55:
17:e2:c8:5a:c6:59:f3:14:4e:75:a9:21:20:a4:1a:
87:02:d1:90:00:a1:17:ba:d6:3c:20:8d:9a:20:67:
b6:64:d1:26:5e:38:9b:d9:fe:2c:57:48:8c:5e:dc:
b2:4c:c5:92:b7:cb:47:d5:25:62:36:87:11:dd:21:
fc:69:f7:f0:b8:8a:43:a4:75:56:e0:e4:51:eb:f6:
1e:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:4E:7F:52:ED:82:3E:13:AC:AF:65:FE:B5:11:CF:50:8C:69:5C:A1
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5b8eca1c-0001-4580-9357-36838b685542.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.239.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5d:31:d4:f1:d6:88:f9:60:58:ee:51:9b:83:40:79:89:fc:10:
58:41:4f:d0:ec:25:b6:18:46:65:2d:82:67:e6:39:75:16:84:
54:5c:d1:1c:10:be:ff:b9:27:55:0e:04:b7:c6:86:76:06:41:
3a:6f:54:f9:85:91:9a:51:c2:85:91:c2:f2:19:5e:c1:38:3a:
0c:21:58:eb:77:62:29:df:e6:25:25:6a:56:f6:b3:45:3e:1c:
cd:0d:a7:51:05:9a:a8:fd:b6:83:89:8a:79:dd:e8:b9:1b:8c:
45:2a:e7:21:74:dd:64:09:5f:db:b2:00:05:bd:9a:0b:3e:37:
93:ae:f9:eb:3c:5d:0e:da:d7:15:17:a3:90:d0:c6:11:de:c8:
34:c4:8f:74:3b:e0:f2:0e:4b:9e:02:43:d8:f6:8f:94:24:63:
56:27:b4:6c:37:77:ce:ec:67:7e:b6:cc:e1:99:3a:fe:61:34:
9f:f2:04:10:54:ca:95:ba:76:e6:57:55:ad:6d:6c:e8:3e:a9:
27:eb:c4:73:b1:52:79:a7:26:2a:8c:30:a4:71:18:75:08:d4:
80:46:82:ba:33:2e:20:5e:6d:70:11:2d:00:ba:0a:e2:e2:44:
15:9e:de:b3:a0:62:76:10:da:11:e0:db:c7:38:2c:c3:ad:aa:
40:06:af:08
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULsMafSFqecEUN8eqSc9l9jCTlGEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMzEwMjAwMTZaFw0yNTEyMDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE2ZmUxNTdhNTE3NjhjM2JhNDE2M2ZmYWY0MDAyYjM5ZGYwYTZkOTFkZjU5
ZWVlNzA2MmFjZTE2OWZjZGM0YTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKgbjazkmFKpK7S1ufM0McUM6HY6iYQJ9LJ674uZ1rx5ocqKiJ6sY2u0wq8n
aorFGxNLeBzPKLKrk9Pev4x/cZXRt1GHnBAHQuTN6jG+rA2IIxCtO9OmOM6GVEdn
60CwwCdxjMjwHL+QeApgqVrDDNJQojUEnYbz3l6a2VPm09tnFmt/uBDlHRJ+wDNG
fi2ML+LT2RmusSk/1tBy0xi0gbW1HIn6skJq1VfoTQraaQNZuR5VF+LIWsZZ8xRO
dakhIKQahwLRkAChF7rWPCCNmiBntmTRJl44m9n+LFdIjF7cskzFkrfLR9UlYjaH
Ed0h/Gn38LiKQ6R1VuDkUev2HuECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTVTn9S
7YI+E6yvZf61Ec9QjGlcoTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NWI4ZWNhMWMtMDAwMS00NTgwLTkzNTctMzY4MzhiNjg1NTQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ/vMA0G
CSqGSIb3DQEBCwUAA4IBAQBdMdTx1oj5YFjuUZuDQHmJ/BBYQU/Q7CW2GEZlLYJn
5jl1FoRUXNEcEL7/uSdVDgS3xoZ2BkE6b1T5hZGaUcKFkcLyGV7BODoMIVjrd2Ip
3+YlJWpW9rNFPhzNDadRBZqo/baDiYp53ei5G4xFKuchdN1kCV/bsgAFvZoLPjeT
rvnrPF0O2tcVF6OQ0MYR3sg0xI90O+DyDkueAkPY9o+UJGNWJ7RsN3fO7Gd+tszh
mTr+YTSf8gQQVMqVunbmV1WtbWzoPqkn68RzsVJ5pyYqjDCkcRh1CNSARoK6My4g
Xm1wES0Augri4kQVnt6zoGJ2ENoR4NvHOCzDrapABq8I
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:31:13 2025 by rpki-client