Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
File: 7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa (raw, json)
Hash identifier: Y5NmG4hAKeus8du6MqcQOHQrWI0q3lvZMWFvJZYBEuI=
Subject key identifier: 0D:1F:B2:BD:0D:40:FA:06:03:27:0F:D3:ED:FC:33:3D:19:EC:0B:CF
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 311AB55BE936F54494ED0E900104A3F4E151A03C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
Signing time: Mon 21 Jul 2025 17:00:39 +0000
ROA not before: Mon 21 Jul 2025 17:00:39 +0000
ROA not after: Mon 25 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 185.143.16.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 Aug 2025 14:37:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
31:1a:b5:5b:e9:36:f5:44:94:ed:0e:90:01:04:a3:f4:e1:51:a0:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 21 17:00:39 2025 GMT
Not After : Aug 25 23:59:59 2025 GMT
Subject: serialNumber=ae4fd4bf8d001a7d643b2553b57c5ced090e3f86f165b82d89169b6a9788a9e2, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:43:86:90:4a:39:af:3c:67:61:ce:3a:52:ea:
9a:31:02:5e:3b:13:c3:a9:96:78:39:1b:61:ca:bd:
16:8c:4b:1d:9e:a9:72:d6:ca:01:7a:78:7c:82:bd:
2c:b4:2b:1f:1b:d4:db:9f:8c:5a:34:e6:cc:56:22:
9c:dc:35:9b:9f:05:ec:9e:02:30:6c:0d:fe:5f:81:
28:9b:e3:2f:fc:b9:4b:ca:18:5b:c2:ee:2c:fa:27:
ff:de:3f:52:29:b4:2a:47:8f:0b:62:45:5b:59:b2:
59:20:88:cc:bb:58:e6:31:cf:9c:eb:c4:84:96:15:
a9:c5:5c:f1:00:5c:14:16:6f:7d:16:9c:e3:6a:6d:
0f:f1:b6:45:34:7d:2b:a9:7e:14:b2:bc:2b:38:d6:
c7:a0:44:c9:99:a6:14:28:fe:f2:15:43:6b:20:5b:
11:24:79:f8:87:22:0c:e3:27:7c:2d:80:73:35:72:
98:b5:a0:c2:35:c9:4c:fd:b2:33:4d:a5:c4:e8:19:
6b:89:3f:ea:13:9e:2b:26:56:e1:f2:dc:9e:84:5b:
a4:05:12:42:e4:3f:f1:60:77:7b:e6:c1:0d:6e:d7:
33:95:43:67:ef:9c:6e:e3:55:0e:81:80:c0:e7:d2:
6e:31:b3:ab:ae:5f:30:ec:70:0a:95:70:25:f2:84:
87:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:1F:B2:BD:0D:40:FA:06:03:27:0F:D3:ED:FC:33:3D:19:EC:0B:CF
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.143.16.0/22
Signature Algorithm: sha256WithRSAEncryption
7d:d9:b7:28:10:24:bf:00:89:0e:fc:1e:cc:bb:52:18:e9:64:
51:e4:98:35:34:89:5c:dd:32:f1:19:63:c6:bf:b2:b0:02:2e:
c4:f6:2a:d8:07:d9:01:6f:31:8a:32:26:1e:29:1e:6f:08:21:
1f:b5:6b:b7:ec:9c:bb:68:20:a4:3b:af:2d:40:4b:3a:1b:70:
1b:09:48:68:8e:67:2f:60:2c:dd:4c:1c:93:47:bb:54:15:34:
8f:8a:b0:5c:51:71:a1:83:70:d3:d6:99:00:3d:b7:44:54:d4:
df:f9:ab:dc:e8:29:84:2a:f7:2f:bf:48:17:c3:cf:23:7e:a9:
8e:c2:d5:53:2d:fe:fe:64:14:2f:01:ff:5f:10:f3:12:c1:0f:
f1:6e:32:8c:fe:f0:81:55:f3:1d:c8:56:c4:9b:17:97:ed:d6:
12:8f:aa:4c:f4:1d:c6:7a:bb:ff:17:f3:ee:13:d0:eb:0f:d1:
71:20:e7:1c:ea:54:0d:a7:23:11:7b:12:10:79:89:16:2b:b1:
d8:ff:59:48:17:14:d4:5b:6d:54:7f:90:17:d2:fa:34:ca:10:
a7:4e:20:59:12:d0:af:18:3a:4c:2a:4e:b1:4d:e2:a0:76:77:
e6:1f:d6:a3:a0:34:ef:99:48:3d:16:b2:8c:28:da:92:10:b8:
8c:cb:2e:b9
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMRq1W+k29USU7Q6QAQSj9OFRoDwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MjExNzAwMzlaFw0yNTA4MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFlNGZkNGJmOGQwMDFhN2Q2NDNiMjU1M2I1N2M1Y2VkMDkwZTNmODZmMTY1
YjgyZDg5MTY5YjZhOTc4OGE5ZTIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKxDhpBKOa88Z2HOOlLqmjECXjsTw6mWeDkbYcq9FoxLHZ6pctbKAXp4fIK9
LLQrHxvU25+MWjTmzFYinNw1m58F7J4CMGwN/l+BKJvjL/y5S8oYW8LuLPon/94/
Uim0KkePC2JFW1myWSCIzLtY5jHPnOvEhJYVqcVc8QBcFBZvfRac42ptD/G2RTR9
K6l+FLK8KzjWx6BEyZmmFCj+8hVDayBbESR5+IciDOMnfC2AczVymLWgwjXJTP2y
M02lxOgZa4k/6hOeKyZW4fLcnoRbpAUSQuQ/8WB3e+bBDW7XM5VDZ++cbuNVDoGA
wOfSbjGzq65fMOxwCpVwJfKEh88CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQNH7K9
DUD6BgMnD9Pt/DM9GewLzzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2E5ZDQ5NzAtOGU5Yy00ZDExLWExYzYtNzcyYTU3MTMzNGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmPEDAN
BgkqhkiG9w0BAQsFAAOCAQEAfdm3KBAkvwCJDvwezLtSGOlkUeSYNTSJXN0y8Rlj
xr+ysAIuxPYq2AfZAW8xijImHikebwghH7Vrt+ycu2ggpDuvLUBLOhtwGwlIaI5n
L2As3Uwck0e7VBU0j4qwXFFxoYNw09aZAD23RFTU3/mr3OgphCr3L79IF8PPI36p
jsLVUy3+/mQULwH/XxDzEsEP8W4yjP7wgVXzHchWxJsXl+3WEo+qTPQdxnq7/xfz
7hPQ6w/RcSDnHOpUDacjEXsSEHmJFiux2P9ZSBcU1FttVH+QF9L6NMoQp04gWRLQ
rxg6TCpOsU3ioHZ35h/Wo6A075lIPRayjCjakhC4jMsuuQ==
-----END CERTIFICATE-----
Generated at Tue Aug 5 22:56:53 2025 by rpki-client