Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
File: 7dc90e26-05aa-40c8-bbd0-967e095d6485.roa (raw, json)
Hash identifier: pFNAt4zGn2FxPVcYn1pl0jExrXHK9vSnyrxHgwCRC0o=
Subject key identifier: BB:FA:F6:5E:D0:3A:E7:0D:D8:B0:1A:17:CC:A2:5C:B5:4C:6C:88:31
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 6C820E197779D809290A92EE33184DC6DB813B63
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
Signing time: Tue 21 Oct 2025 14:50:00 +0000
ROA not before: Tue 21 Oct 2025 14:50:00 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 143.65.0.0/17 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:82:0e:19:77:79:d8:09:29:0a:92:ee:33:18:4d:c6:db:81:3b:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:00 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=ed5f33fee893c565e89c0a135f2d268f63e9d257a208865648b8173810a423a6, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:10:35:5f:65:c3:99:dc:f3:a9:a0:f7:08:1d:
8c:f6:6b:62:be:8b:03:a0:a0:ea:c6:88:a9:ed:58:
a6:f9:fc:e3:7c:28:a5:c1:9f:e4:ba:77:5b:02:66:
1d:4a:02:6d:bc:12:ce:ed:7a:87:88:68:d0:ac:36:
c5:0d:13:0e:8a:b7:2e:49:20:20:e8:aa:ec:37:4d:
77:28:c3:48:e3:67:83:3f:03:18:89:e1:fc:85:43:
17:2a:38:54:1f:6b:50:af:e2:5b:e3:d4:27:32:2b:
26:6d:4d:69:43:a3:97:1b:3d:0b:d5:50:f6:fa:93:
d2:e9:33:b0:33:42:cc:db:ae:29:93:76:f5:63:82:
fe:46:97:14:86:79:6f:b1:48:62:5e:fb:e6:38:af:
d8:10:b4:bb:20:e6:b8:42:fc:5e:8a:c6:f0:2b:a0:
19:b1:14:81:97:ad:5e:a8:81:4b:75:a0:2e:31:a0:
d7:5d:18:5a:49:a1:21:01:82:bc:8d:cc:19:e1:f4:
41:2a:f2:a9:ea:17:9f:78:97:38:04:10:6a:53:ff:
4b:2e:0b:29:49:3d:2f:f3:aa:01:4a:18:ad:f2:f7:
f4:5f:d6:20:e1:ae:6b:34:9d:fb:72:1c:08:de:90:
2b:10:ee:e7:88:e5:92:90:f8:9a:b0:76:60:e8:44:
b8:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:FA:F6:5E:D0:3A:E7:0D:D8:B0:1A:17:CC:A2:5C:B5:4C:6C:88:31
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.65.0.0/17
Signature Algorithm: sha256WithRSAEncryption
65:3b:9b:9b:da:e8:b6:47:bd:3c:2f:2f:4d:09:55:8e:95:1f:
9d:c6:8e:a7:ef:5a:9c:e2:96:49:20:82:ba:c1:04:47:e9:9e:
09:a5:05:bb:0b:ca:29:13:a2:ef:ed:43:a3:d0:1f:07:4b:05:
62:9f:6b:1b:29:7e:c8:6f:82:92:04:90:3d:f0:12:80:17:e3:
af:8c:31:32:66:7f:c4:36:58:df:b9:75:27:9b:37:c5:63:5a:
76:ef:75:54:f0:68:19:72:d5:65:61:75:15:5f:4c:29:5b:90:
b6:79:94:a5:ef:42:b1:68:e7:95:61:3c:b9:48:d0:c5:94:7e:
50:ba:77:e8:00:97:bd:ee:4e:46:0e:0a:ce:ae:6b:a6:6f:a1:
61:86:28:78:82:a6:61:52:1f:91:79:1d:97:af:c3:7d:0e:94:
a5:5a:4c:22:13:7e:24:99:c9:4a:43:c7:6f:af:47:69:94:c2:
24:a1:37:60:db:21:6c:6b:e8:72:a3:72:0b:cb:14:d3:36:28:
d6:aa:39:c6:5d:b6:40:0d:70:c5:5c:f1:59:e9:e5:62:42:5f:
af:c5:fb:e5:99:fd:c0:39:6c:da:e0:82:72:4c:25:91:d8:89:
34:b0:4c:12:22:a1:78:d4:cb:26:77:2b:39:c8:5a:28:42:36:
83:98:ce:97
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUbIIOGXd52AkpCpLuMxhNxtuBO2MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMDBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkNWYzM2ZlZTg5M2M1NjVlODljMGExMzVmMmQyNjhmNjNlOWQyNTdhMjA4
ODY1NjQ4YjgxNzM4MTBhNDIzYTYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOAQNV9lw5nc86mg9wgdjPZrYr6LA6Cg6saIqe1Ypvn843wopcGf5Lp3WwJm
HUoCbbwSzu16h4ho0Kw2xQ0TDoq3LkkgIOiq7DdNdyjDSONngz8DGInh/IVDFyo4
VB9rUK/iW+PUJzIrJm1NaUOjlxs9C9VQ9vqT0ukzsDNCzNuuKZN29WOC/kaXFIZ5
b7FIYl775jiv2BC0uyDmuEL8XorG8CugGbEUgZetXqiBS3WgLjGg110YWkmhIQGC
vI3MGeH0QSryqeoXn3iXOAQQalP/Sy4LKUk9L/OqAUoYrfL39F/WIOGuazSd+3Ic
CN6QKxDu54jlkpD4mrB2YOhEuBUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS7+vZe
0DrnDdiwGhfMoly1TGyIMTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2RjOTBlMjYtMDVhYS00MGM4LWJiZDAtOTY3ZTA5NWQ2NDg1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB49BADAN
BgkqhkiG9w0BAQsFAAOCAQEAZTubm9rotke9PC8vTQlVjpUfncaOp+9anOKWSSCC
usEER+meCaUFuwvKKROi7+1Do9AfB0sFYp9rGyl+yG+CkgSQPfASgBfjr4wxMmZ/
xDZY37l1J5s3xWNadu91VPBoGXLVZWF1FV9MKVuQtnmUpe9CsWjnlWE8uUjQxZR+
ULp36ACXve5ORg4Kzq5rpm+hYYYoeIKmYVIfkXkdl6/DfQ6UpVpMIhN+JJnJSkPH
b69HaZTCJKE3YNshbGvocqNyC8sU0zYo1qo5xl22QA1wxVzxWenlYkJfr8X75Zn9
wDls2uCCckwlkdiJNLBMEiKheNTLJncrOchaKEI2g5jOlw==
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:32:08 2025 by rpki-client