Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7e4eba0d-9f48-42a3-b449-56ce7143e040.roa
File: 7e4eba0d-9f48-42a3-b449-56ce7143e040.roa (raw, json)
Hash identifier: 6q3OeDrdk+k37XWF07QMZM3fNZSWwgaP9yfrih+Z1O4=
Subject key identifier: C5:D9:DD:A9:A6:3E:F9:9C:41:05:68:8A:47:AA:B2:50:FC:56:82:5C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 28063B7E859D0C25BE89B5ABD865BCC878FBD301
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7e4eba0d-9f48-42a3-b449-56ce7143e040.roa
Signing time: Fri 31 Oct 2025 02:00:04 +0000
ROA not before: Fri 31 Oct 2025 02:00:04 +0000
ROA not after: Fri 05 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 185.72.192.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:06:3b:7e:85:9d:0c:25:be:89:b5:ab:d8:65:bc:c8:78:fb:d3:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 31 02:00:04 2025 GMT
Not After : Dec 5 23:59:59 2025 GMT
Subject: serialNumber=2d0b63468935be66a1351e2c9d15f4cb5cedf552f2b98683f8f2bf101a667b03, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:8b:88:b7:20:e3:9e:a5:be:ab:08:1c:2e:b2:
21:37:84:fb:94:06:f4:f0:fc:80:f0:82:88:9a:52:
3c:1e:0e:5d:ba:c4:57:92:4b:42:c4:21:6b:49:7e:
84:17:1d:4f:f0:04:f0:86:a9:77:35:b3:71:69:2a:
0e:13:8c:d2:c1:2b:d6:93:74:9e:c2:d3:cd:31:92:
dc:74:e3:49:8d:e0:dc:7a:52:29:40:e0:84:71:0c:
5d:c6:3f:f3:ea:cb:5e:e0:ba:27:aa:c1:62:17:22:
3e:f2:ce:8e:c9:c7:59:74:ab:df:1a:3a:45:2d:b6:
29:21:85:e8:62:5c:c2:2c:90:f5:9c:81:0c:a2:e2:
3e:47:b9:91:f7:ca:a0:cf:a8:96:3f:0e:2d:15:8d:
9a:c4:13:61:3b:49:b0:d1:67:ba:2b:74:f1:08:03:
1e:3e:55:b6:97:92:0c:86:4d:b4:6e:4a:53:70:b9:
3e:fb:5a:2a:d8:83:50:d4:e4:2e:2e:ba:88:25:a1:
0f:84:23:f0:cc:2c:6a:74:86:3b:28:4e:de:12:04:
60:8d:d7:25:c0:07:40:38:52:ce:a6:37:83:92:01:
c3:56:c4:2d:5d:57:26:37:27:6f:92:13:7a:b1:b4:
71:67:4a:bb:c3:63:29:39:20:00:6b:08:c0:47:3b:
73:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:D9:DD:A9:A6:3E:F9:9C:41:05:68:8A:47:AA:B2:50:FC:56:82:5C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7e4eba0d-9f48-42a3-b449-56ce7143e040.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.72.192.0/22
Signature Algorithm: sha256WithRSAEncryption
00:2d:f5:62:1f:01:f8:e4:27:ab:99:05:e8:ee:36:33:7d:b1:
d6:b9:53:3b:01:cb:44:d6:db:7d:06:8a:fb:3e:a8:88:17:ef:
f1:4a:a0:0d:14:0e:d9:f5:b9:c9:09:49:d6:f4:69:fe:7c:2f:
fb:16:4f:c6:53:c8:32:3f:1a:c2:7d:c6:e5:5f:75:dd:89:72:
96:a2:83:b3:b2:7a:a6:d8:f4:f3:3b:76:fc:6a:66:4b:fa:ef:
6e:21:3b:44:c3:5a:e6:01:09:c3:05:7e:42:b9:04:0a:88:c3:
77:8b:4f:de:0f:66:8d:ba:3f:7d:b3:aa:af:07:e9:21:2b:81:
d6:8c:00:98:86:f1:3c:00:ba:f9:88:97:e1:61:d1:ea:41:6f:
29:ef:3b:0f:8e:21:e5:9e:d5:70:1d:48:6e:18:17:b4:72:17:
60:4a:a5:af:ca:4d:71:3e:68:1a:e3:4c:4f:ac:b8:94:d7:51:
a8:b8:f4:14:f8:06:ad:22:2d:25:c0:28:d1:77:b0:ab:9b:d7:
1c:c2:60:7f:dd:60:2f:ef:ec:db:1a:15:b2:0e:de:ce:a6:7b:
62:5d:03:1d:ce:c8:49:8f:f4:0c:f8:2e:f2:d0:e2:96:bd:2d:
7d:ac:d4:0e:cb:0e:00:bd:fd:0d:80:a3:75:fd:a4:f6:1e:91:
f9:44:5a:a7
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUKAY7foWdDCW+ibWr2GW8yHj70wEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMzEwMjAwMDRaFw0yNTEyMDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJkMGI2MzQ2ODkzNWJlNjZhMTM1MWUyYzlkMTVmNGNiNWNlZGY1NTJmMmI5
ODY4M2Y4ZjJiZjEwMWE2NjdiMDMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMKLiLcg456lvqsIHC6yITeE+5QG9PD8gPCCiJpSPB4OXbrEV5JLQsQha0l+
hBcdT/AE8IapdzWzcWkqDhOM0sEr1pN0nsLTzTGS3HTjSY3g3HpSKUDghHEMXcY/
8+rLXuC6J6rBYhciPvLOjsnHWXSr3xo6RS22KSGF6GJcwiyQ9ZyBDKLiPke5kffK
oM+olj8OLRWNmsQTYTtJsNFnuit08QgDHj5VtpeSDIZNtG5KU3C5PvtaKtiDUNTk
Li66iCWhD4Qj8MwsanSGOyhO3hIEYI3XJcAHQDhSzqY3g5IBw1bELV1XJjcnb5IT
erG0cWdKu8NjKTkgAGsIwEc7c2sCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTF2d2p
pj75nEEFaIpHqrJQ/FaCXDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2U0ZWJhMGQtOWY0OC00MmEzLWI0NDktNTZjZTcxNDNlMDQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArlIwDAN
BgkqhkiG9w0BAQsFAAOCAQEAAC31Yh8B+OQnq5kF6O42M32x1rlTOwHLRNbbfQaK
+z6oiBfv8UqgDRQO2fW5yQlJ1vRp/nwv+xZPxlPIMj8awn3G5V913YlylqKDs7J6
ptj08zt2/GpmS/rvbiE7RMNa5gEJwwV+QrkECojDd4tP3g9mjbo/fbOqrwfpISuB
1owAmIbxPAC6+YiX4WHR6kFvKe87D44h5Z7VcB1IbhgXtHIXYEqlr8pNcT5oGuNM
T6y4lNdRqLj0FPgGrSItJcAo0Xewq5vXHMJgf91gL+/s2xoVsg7ezqZ7Yl0DHc7I
SY/0DPgu8tDilr0tfazUDssOAL39DYCjdf2k9h6R+URapw==
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:57:44 2025 by rpki-client