Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b5ec0568-ce5c-41f8-ae3e-0c14783e4068.roa
File: b5ec0568-ce5c-41f8-ae3e-0c14783e4068.roa (raw, json)
Hash identifier: GLRmzG48kgEP3Wdu0T2Z9w+5+FK/54D+POe24XTydCg=
Subject key identifier: F6:E6:51:D0:00:6C:36:5B:AD:6D:11:6D:7E:1C:2E:81:66:70:AB:6A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 22632997D6BF72F5133175C90B0C971663945BEA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b5ec0568-ce5c-41f8-ae3e-0c14783e4068.roa
Signing time: Tue 21 Oct 2025 14:50:01 +0000
ROA not before: Tue 21 Oct 2025 14:50:01 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 194.198.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:63:29:97:d6:bf:72:f5:13:31:75:c9:0b:0c:97:16:63:94:5b:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:01 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=5a0725deda037d043d25eef710b4f685194caac7f46acc27a61b8e3be0f51643, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:28:7d:64:15:34:eb:92:7a:94:15:94:a6:a7:
fd:0b:be:32:c8:54:64:f0:71:cc:ab:41:38:b1:91:
00:14:7e:fa:4d:9f:b5:d2:89:42:2b:8a:03:38:8c:
29:b6:60:a3:cf:9e:61:0c:30:cb:31:8b:cc:7b:86:
3e:49:e8:b5:b2:08:76:2b:79:95:f7:41:6b:2b:70:
6a:fe:73:b3:c4:94:dd:a0:47:0c:87:d6:04:e5:04:
a7:13:5a:bf:4b:ef:c0:b5:c7:86:bb:cd:d0:76:24:
56:78:a4:ff:cc:c5:79:ee:d8:df:da:f0:ec:25:27:
39:69:dc:b1:6f:46:a9:94:61:9b:a8:4d:8b:07:a9:
1e:29:ae:2f:aa:d1:0f:c5:24:ea:ae:76:02:9f:31:
2f:f4:b9:2f:1e:da:d7:1d:63:4c:7e:0d:43:9c:ac:
22:e3:36:76:ec:95:08:4c:43:35:17:5f:b0:86:39:
78:d1:33:fb:16:39:34:dd:86:e7:58:48:eb:8d:ed:
82:fe:43:49:a6:3e:3c:45:c1:21:3d:5d:a1:cf:03:
c3:f8:c6:cc:d5:c6:e7:2e:c9:c7:56:f2:11:e4:ba:
22:1c:d0:47:78:47:cd:34:29:58:7c:43:27:c9:fe:
d8:53:e6:43:09:59:86:48:83:5f:54:f3:1f:fa:0f:
67:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:E6:51:D0:00:6C:36:5B:AD:6D:11:6D:7E:1C:2E:81:66:70:AB:6A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b5ec0568-ce5c-41f8-ae3e-0c14783e4068.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.198.0.0/16
Signature Algorithm: sha256WithRSAEncryption
20:b3:26:a9:b0:23:bb:54:94:32:52:da:5a:d7:e4:05:f3:c1:
e0:47:92:1d:7d:0e:ce:75:76:38:44:1e:38:02:98:da:1a:36:
df:79:ac:22:21:9b:c6:2e:57:9f:4a:50:01:da:04:0b:86:5b:
07:74:74:04:b1:d4:8f:60:60:22:67:fa:c3:cf:20:4d:e3:16:
93:1f:6a:d7:75:2c:78:19:ae:3a:1c:34:37:af:c5:68:8a:98:
09:b8:be:4b:32:5a:bc:71:6f:89:a5:e4:c8:62:3a:72:c6:59:
4b:13:ec:24:96:1e:0a:b4:d5:19:09:ce:f8:06:a7:5c:85:9a:
a8:de:dc:13:24:99:69:45:8b:93:44:14:b4:a9:31:18:e8:3d:
e5:64:7d:90:36:0e:db:a1:05:48:db:51:cc:17:cc:e0:50:73:
8f:8a:f2:09:14:9f:4a:d2:ae:5e:cd:06:c7:60:b9:c8:0c:52:
d0:eb:42:dd:70:18:67:31:b2:e0:e4:d4:6d:79:08:28:cd:e5:
a7:52:57:78:aa:fa:dc:20:19:9e:f0:98:9d:2d:d1:0f:96:d2:
2b:86:65:b2:9b:b2:45:ee:28:c6:d3:35:90:0b:8b:99:22:bb:
f9:64:5b:45:5f:30:7a:b7:37:d4:32:f3:95:65:e6:e6:5b:3f:
1b:91:b3:06
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUImMpl9a/cvUTMXXJCwyXFmOUW+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMDFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVhMDcyNWRlZGEwMzdkMDQzZDI1ZWVmNzEwYjRmNjg1MTk0Y2FhYzdmNDZh
Y2MyN2E2MWI4ZTNiZTBmNTE2NDMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN0ofWQVNOuSepQVlKan/Qu+MshUZPBxzKtBOLGRABR++k2ftdKJQiuKAziM
KbZgo8+eYQwwyzGLzHuGPknotbIIdit5lfdBaytwav5zs8SU3aBHDIfWBOUEpxNa
v0vvwLXHhrvN0HYkVnik/8zFee7Y39rw7CUnOWncsW9GqZRhm6hNiwepHimuL6rR
D8Uk6q52Ap8xL/S5Lx7a1x1jTH4NQ5ysIuM2duyVCExDNRdfsIY5eNEz+xY5NN2G
51hI643tgv5DSaY+PEXBIT1doc8Dw/jGzNXG5y7Jx1byEeS6IhzQR3hHzTQpWHxD
J8n+2FPmQwlZhkiDX1TzH/oPZ88CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT25lHQ
AGw2W61tEW1+HC6BZnCrajAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjVlYzA1NjgtY2U1Yy00MWY4LWFlM2UtMGMxNDc4M2U0MDY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMLGMA0G
CSqGSIb3DQEBCwUAA4IBAQAgsyapsCO7VJQyUtpa1+QF88HgR5IdfQ7OdXY4RB44
ApjaGjbfeawiIZvGLlefSlAB2gQLhlsHdHQEsdSPYGAiZ/rDzyBN4xaTH2rXdSx4
Ga46HDQ3r8VoipgJuL5LMlq8cW+JpeTIYjpyxllLE+wklh4KtNUZCc74BqdchZqo
3twTJJlpRYuTRBS0qTEY6D3lZH2QNg7boQVI21HMF8zgUHOPivIJFJ9K0q5ezQbH
YLnIDFLQ60LdcBhnMbLg5NRteQgozeWnUld4qvrcIBme8JidLdEPltIrhmWym7JF
7ijG0zWQC4uZIrv5ZFtFXzB6tzfUMvOVZebmWz8bkbMG
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:37:34 2025 by rpki-client