Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
File: 6df8accc-a525-49ec-ad13-7401de62f775.roa (raw, json)
Hash identifier: eSfSFBcrDosIZJl7JsjfhkcaSoN6Vku3F5wjV/3zG+0=
Subject key identifier: E8:30:18:1E:26:B9:8A:09:77:17:6F:04:9D:D4:D9:1C:28:18:F5:1F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0C86D6002564154804C6D052957F470BB1F62F14
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
Signing time: Fri 11 Jul 2025 20:50:50 +0000
ROA not before: Fri 11 Jul 2025 20:50:50 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.109.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 Aug 2025 00:46:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:86:d6:00:25:64:15:48:04:c6:d0:52:95:7f:47:0b:b1:f6:2f:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 20:50:50 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=b460463d54158b9d97e336f117dc5e9c3928f98582d690a21c1252e09410a137, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:b1:bf:74:99:b4:4c:98:23:6d:0b:4c:75:76:
69:3e:0b:79:1d:1d:71:5b:ba:0b:8e:2c:c9:53:9e:
82:e0:bf:c6:d7:e4:0a:06:b7:8d:98:14:b9:94:37:
57:72:41:b0:54:32:cd:4c:a3:90:7b:07:4d:59:e2:
50:69:d6:ea:c0:cd:cc:dc:3b:d2:66:31:0a:32:1c:
ee:27:28:50:63:f6:1b:4a:14:f9:80:6d:93:02:13:
35:b8:57:5b:b2:89:d5:4b:84:db:ce:fe:c2:2a:03:
bd:e0:da:45:d8:b8:64:44:ef:94:a9:7a:f9:20:e3:
e7:62:fe:f6:ea:73:ff:1f:d9:02:bb:15:3a:31:b7:
c9:7f:64:6b:05:90:18:07:03:c9:6d:91:2a:0c:9d:
0d:88:81:b1:bb:e6:7c:a0:3f:e5:b4:96:af:7d:66:
86:62:34:8c:1c:a8:54:d6:42:9c:2b:6f:bd:d5:86:
f0:8a:48:43:7c:db:0e:0b:ef:ea:1f:48:cc:3c:a2:
16:98:0d:f4:f2:14:f3:a7:11:8f:70:6f:28:b7:60:
02:36:73:97:61:c6:9f:27:b7:26:47:04:89:ac:c6:
fe:8e:41:57:11:6b:2c:c5:b1:0c:da:dd:c0:21:29:
02:9b:6e:53:d3:8c:d6:9e:f6:e6:a2:26:15:14:36:
4c:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:30:18:1E:26:B9:8A:09:77:17:6F:04:9D:D4:D9:1C:28:18:F5:1F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.109.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8b:e0:6d:3e:28:e1:ca:ad:0c:42:29:e3:15:e2:b0:a5:5d:fe:
ca:8d:4c:31:49:19:e8:8e:62:42:2f:6a:0f:d3:86:0e:78:11:
e6:6e:fa:a6:69:51:d6:70:21:15:1f:98:f2:12:a5:b8:46:e8:
58:65:4f:85:65:17:f1:44:26:09:46:97:98:ed:5c:d8:81:cf:
84:88:58:21:ba:4c:1e:e4:1b:9a:f7:69:d5:45:d9:49:6b:e8:
96:f8:96:94:ff:cb:d1:70:31:df:8d:0c:b4:a4:62:ec:e7:42:
24:c0:30:d8:e5:8f:c8:1e:aa:0d:d7:df:02:bf:2e:7c:2d:ec:
98:3c:6b:d6:50:53:cc:fc:1c:4a:6a:a1:58:8d:b6:de:8a:d8:
c7:b1:9a:26:f2:3a:26:c5:fc:23:ee:39:cc:c4:44:e1:fe:81:
88:cc:7c:c4:bc:68:a5:38:9d:2e:3f:d0:64:8b:13:35:19:2c:
46:20:41:85:58:c6:9d:20:b3:60:11:ce:1f:96:5b:bf:1d:97:
00:79:7a:df:05:e6:96:5c:34:0f:c5:10:db:a2:7f:e4:fc:52:
e1:c8:3a:55:3b:3a:12:e9:e7:3e:4b:7a:a2:33:19:ed:a6:89:
fa:1d:cd:13:24:3c:60:62:f4:41:1e:cd:b6:3b:8c:e6:ea:ad:
7f:f9:a6:83
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDIbWACVkFUgExtBSlX9HC7H2LxQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMDUwNTBaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0NjA0NjNkNTQxNThiOWQ5N2UzMzZmMTE3ZGM1ZTljMzkyOGY5ODU4MmQ2
OTBhMjFjMTI1MmUwOTQxMGExMzcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmxv3SZtEyYI20LTHV2aT4LeR0dcVu6C44syVOeguC/xtfkCga3jZgUuZQ3
V3JBsFQyzUyjkHsHTVniUGnW6sDNzNw70mYxCjIc7icoUGP2G0oU+YBtkwITNbhX
W7KJ1UuE287+wioDveDaRdi4ZETvlKl6+SDj52L+9upz/x/ZArsVOjG3yX9kawWQ
GAcDyW2RKgydDYiBsbvmfKA/5bSWr31mhmI0jByoVNZCnCtvvdWG8IpIQ3zbDgvv
6h9IzDyiFpgN9PIU86cRj3BvKLdgAjZzl2HGnye3JkcEiazG/o5BVxFrLMWxDNrd
wCEpAptuU9OM1p725qImFRQ2TGUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBToMBge
JrmKCXcXbwSd1NkcKBj1HzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmRmOGFjY2MtYTUyNS00OWVjLWFkMTMtNzQwMWRlNjJmNzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ9tMA0G
CSqGSIb3DQEBCwUAA4IBAQCL4G0+KOHKrQxCKeMV4rClXf7KjUwxSRnojmJCL2oP
04YOeBHmbvqmaVHWcCEVH5jyEqW4RuhYZU+FZRfxRCYJRpeY7VzYgc+EiFghukwe
5Bua92nVRdlJa+iW+JaU/8vRcDHfjQy0pGLs50IkwDDY5Y/IHqoN198Cvy58LeyY
PGvWUFPM/BxKaqFYjbbeitjHsZom8jomxfwj7jnMxETh/oGIzHzEvGilOJ0uP9Bk
ixM1GSxGIEGFWMadILNgEc4fllu/HZcAeXrfBeaWXDQPxRDbon/k/FLhyDpVOzoS
6ec+S3qiMxntpon6Hc0TJDxgYvRBHs22O4zm6q1/+aaD
-----END CERTIFICATE-----
Generated at Tue Aug 5 08:19:12 2025 by rpki-client