Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bedc2172-50df-4ea7-8c38-eba2cdf2d5db.roa
File: bedc2172-50df-4ea7-8c38-eba2cdf2d5db.roa (raw, json)
Hash identifier: 7V5vxgcXTydbg15AmwWGS63+vTh50nSuHdbtRwBzOEo=
Subject key identifier: 48:E1:DC:4C:9A:98:7F:E4:15:3D:7D:24:8F:46:6F:11:2E:98:0D:FD
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 095504EC191DDAC16022F014636648A622141AD2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bedc2172-50df-4ea7-8c38-eba2cdf2d5db.roa
Signing time: Tue 21 Oct 2025 14:50:38 +0000
ROA not before: Tue 21 Oct 2025 14:50:38 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 152.134.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:55:04:ec:19:1d:da:c1:60:22:f0:14:63:66:48:a6:22:14:1a:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:38 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=3763a0878694f54c01f173b898cd00a40fb6de3b40480c640bc31f8fa1495ee0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:f4:20:c5:b0:21:ac:9d:06:a9:d9:26:b2:2c:
a7:c4:63:8f:53:9f:60:ba:12:50:63:46:39:ee:55:
ef:69:bd:79:cd:a8:b7:8e:63:0f:43:ff:48:2a:58:
17:69:95:05:ba:41:b8:c9:ff:5c:85:36:df:45:5f:
ef:f3:56:e0:67:0d:c4:41:dc:50:b3:e2:e0:6e:67:
0a:a1:db:e5:f8:4c:b0:84:3b:f9:e7:ea:d6:9f:1f:
1f:ab:bb:65:ae:d3:35:71:75:b1:cd:32:84:4a:92:
26:d0:c2:78:5d:ee:92:d7:e2:51:cf:28:6e:31:e2:
2f:fc:d1:26:59:37:96:3e:9a:29:bc:92:a0:6c:db:
b8:30:15:1a:49:fe:e0:ce:66:0b:55:1e:7d:86:57:
34:19:c2:ac:e4:9e:ec:cc:fa:03:a5:cd:61:58:e2:
f2:2d:8a:82:7b:e4:a9:d2:bb:07:6a:f2:60:0e:ae:
21:26:a8:60:fd:71:79:a0:a6:0e:f9:07:e3:07:7d:
26:aa:4a:1a:f3:34:18:56:db:2c:b6:36:6f:8b:d3:
73:34:90:53:ff:9d:c1:2f:f2:30:3d:0b:f5:08:95:
5a:69:7f:04:7a:6b:d9:36:46:ef:a9:62:2e:bd:9f:
75:ef:9d:6a:a0:88:15:4a:8d:38:eb:12:2e:d0:cf:
7e:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:E1:DC:4C:9A:98:7F:E4:15:3D:7D:24:8F:46:6F:11:2E:98:0D:FD
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bedc2172-50df-4ea7-8c38-eba2cdf2d5db.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.134.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3d:f3:d7:a3:10:5f:4c:98:7a:b2:f3:b0:17:c5:41:34:a6:ec:
ff:00:16:e9:0f:08:75:02:5b:c3:43:d1:f7:86:b7:4a:88:2e:
6e:8e:16:5b:70:0a:bb:51:4e:9c:6c:f1:c0:03:00:9e:bd:3c:
a7:34:bb:9e:46:72:e6:8c:33:87:9c:50:7b:09:32:72:4a:f4:
d3:f2:59:3a:5d:3b:f5:ef:31:12:83:32:fa:ff:e7:49:fe:8e:
ca:1c:72:9d:d5:8b:68:d4:7e:c6:ae:45:87:b4:4c:59:9c:00:
a6:88:8e:84:06:81:70:ea:dd:c7:ab:67:fe:e7:db:61:36:c1:
89:86:da:9e:2a:6f:3b:ec:a6:af:51:d0:51:80:c3:b8:d9:fd:
33:c3:5a:f9:d6:88:0c:c5:e7:3e:39:f9:dd:c7:49:44:22:64:
fe:41:9a:ca:47:2c:b7:c2:e9:35:67:87:85:a6:56:db:66:9e:
11:5e:83:5d:16:21:c0:8f:57:32:81:0a:b9:4b:d9:3c:15:0f:
49:b8:0b:54:6a:b7:fd:6c:0e:3b:ae:ca:39:35:9d:36:5e:a9:
2b:97:44:31:45:aa:fe:9d:dd:02:f6:bc:95:72:f4:28:a2:ff:
72:ba:f3:29:48:59:e6:f7:3c:0e:2a:00:32:f7:71:b9:7b:26:
cb:2f:5e:cf
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUCVUE7Bkd2sFgIvAUY2ZIpiIUGtIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMzhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDM3NjNhMDg3ODY5NGY1NGMwMWYxNzNiODk4Y2QwMGE0MGZiNmRlM2I0MDQ4
MGM2NDBiYzMxZjhmYTE0OTVlZTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKf0IMWwIaydBqnZJrIsp8Rjj1OfYLoSUGNGOe5V72m9ec2ot45jD0P/SCpY
F2mVBbpBuMn/XIU230Vf7/NW4GcNxEHcULPi4G5nCqHb5fhMsIQ7+efq1p8fH6u7
Za7TNXF1sc0yhEqSJtDCeF3uktfiUc8objHiL/zRJlk3lj6aKbySoGzbuDAVGkn+
4M5mC1UefYZXNBnCrOSe7Mz6A6XNYVji8i2KgnvkqdK7B2ryYA6uISaoYP1xeaCm
DvkH4wd9JqpKGvM0GFbbLLY2b4vTczSQU/+dwS/yMD0L9QiVWml/BHpr2TZG76li
Lr2fde+daqCIFUqNOOsSLtDPfk8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRI4dxM
mph/5BU9fSSPRm8RLpgN/TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmVkYzIxNzItNTBkZi00ZWE3LThjMzgtZWJhMmNkZjJkNWRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJiGMA0G
CSqGSIb3DQEBCwUAA4IBAQA989ejEF9MmHqy87AXxUE0puz/ABbpDwh1AlvDQ9H3
hrdKiC5ujhZbcAq7UU6cbPHAAwCevTynNLueRnLmjDOHnFB7CTJySvTT8lk6XTv1
7zESgzL6/+dJ/o7KHHKd1Yto1H7GrkWHtExZnACmiI6EBoFw6t3Hq2f+59thNsGJ
htqeKm877KavUdBRgMO42f0zw1r51ogMxec+Ofndx0lEImT+QZrKRyy3wuk1Z4eF
plbbZp4RXoNdFiHAj1cygQq5S9k8FQ9JuAtUarf9bA47rso5NZ02Xqkrl0QxRar+
nd0C9ryVcvQoov9yuvMpSFnm9zwOKgAy93G5eybLL17P
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:36:46 2025 by rpki-client