Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
File: c806309a-9e3e-4b0e-aad2-1356d070a437.roa (raw, json)
Hash identifier: yX0dZpedk6WR/d223MEpuvE/KTVzUNWpb2EvdNdOMlE=
Subject key identifier: A2:5C:E4:60:67:CA:7E:BC:18:0C:10:0D:A9:DA:A8:90:CD:35:CB:6B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2BDCEA8F130C79DEFFDCC497316641B7A108AA82
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
Signing time: Fri 31 Oct 2025 02:00:18 +0000
ROA not before: Fri 31 Oct 2025 02:00:18 +0000
ROA not after: Fri 05 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578:13::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:dc:ea:8f:13:0c:79:de:ff:dc:c4:97:31:66:41:b7:a1:08:aa:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 31 02:00:18 2025 GMT
Not After : Dec 5 23:59:59 2025 GMT
Subject: serialNumber=0348f2bb8edc9933e35315c62b3e805e6ebe659c23ad8a43c899bbd7d55ddabe, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:72:c8:d3:96:4a:8d:ed:7f:32:0e:8b:90:51:
76:8a:47:18:f0:f4:09:74:64:f9:d2:c4:7c:e3:5b:
25:d8:87:a6:e2:88:f2:68:3d:2e:55:64:16:f0:3e:
0f:14:2f:85:e3:89:90:50:c3:2b:e9:12:b1:f8:7b:
54:4b:14:0e:bb:02:eb:ff:76:fd:c4:69:08:25:ad:
ef:23:cb:6a:09:e8:b6:c5:7f:30:82:ba:ae:7e:a0:
07:e2:6f:ac:25:ea:35:87:ff:92:5c:15:45:af:ca:
26:8d:2f:ab:57:8f:42:fa:2d:3a:89:63:b1:3f:50:
1d:c9:c6:f8:a5:e0:bb:57:38:d8:77:a1:67:97:12:
37:7a:14:c3:53:09:e3:01:ad:10:7e:2c:5d:46:78:
2c:ef:d0:ae:1c:68:e9:ca:f6:75:dd:4e:43:7e:d2:
fc:6c:5b:19:3c:9d:cf:b2:9f:e2:3a:b7:42:e5:d3:
38:04:fa:a7:f3:02:d8:97:42:f2:59:2a:a2:1a:dd:
5f:64:bf:c0:fb:0b:f3:1f:f2:86:eb:61:1f:ce:f1:
69:af:d0:3a:66:30:90:a7:2a:95:93:8e:3f:4f:51:
ba:d2:90:d0:0c:89:3e:ce:79:06:d2:a7:d5:d6:7d:
ae:45:ab:0c:ae:f9:73:77:51:e6:c0:6b:6a:bc:2b:
3f:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:5C:E4:60:67:CA:7E:BC:18:0C:10:0D:A9:DA:A8:90:CD:35:CB:6B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578:13::/48
Signature Algorithm: sha256WithRSAEncryption
12:e7:5a:c2:44:e9:94:aa:0e:98:cb:0a:51:92:db:dd:30:12:
4b:d3:02:fe:96:6a:64:11:5a:f7:d1:21:a5:e4:fa:35:db:1d:
5a:dc:21:d9:37:bb:5c:1b:1e:ff:01:78:32:ca:96:ee:fb:ac:
04:e8:db:05:d1:ca:88:8c:c5:75:57:9d:21:e8:ec:6b:1c:02:
b9:5c:ef:8c:e0:93:3a:19:42:36:eb:cd:cc:1c:de:90:cc:92:
06:74:0c:e9:d3:81:ea:09:f7:d3:4b:43:2f:66:59:c3:e7:66:
a9:9f:b7:62:b2:7a:61:f9:fd:dc:5a:bc:1e:1f:c4:7f:a4:65:
34:1a:13:8c:e6:ce:8d:78:c7:0b:a3:c1:50:f6:81:cb:6e:94:
73:74:0d:0f:85:01:b0:50:76:50:8a:0d:04:b1:76:7a:90:ce:
2d:a7:d0:d9:78:72:6c:99:6f:e0:47:0a:28:df:f5:5d:46:8e:
16:84:cf:50:2b:6f:f9:b0:9b:83:7e:43:37:93:fc:b6:10:25:
7c:58:bf:f5:e7:e9:df:f4:0e:93:8d:2a:6f:21:b0:37:ee:c4:
b2:9f:7f:86:3f:6a:d4:cc:19:dd:b2:32:bc:2b:c1:9f:54:c6:
ce:59:4d:21:36:4a:6d:90:2d:62:5e:77:25:ca:ae:6a:bc:5e:
5f:38:04:6b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUK9zqjxMMed7/3MSXMWZBt6EIqoIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMzEwMjAwMThaFw0yNTEyMDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDAzNDhmMmJiOGVkYzk5MzNlMzUzMTVjNjJiM2U4MDVlNmViZTY1OWMyM2Fk
OGE0M2M4OTliYmQ3ZDU1ZGRhYmUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOtyyNOWSo3tfzIOi5BRdopHGPD0CXRk+dLEfONbJdiHpuKI8mg9LlVkFvA+
DxQvheOJkFDDK+kSsfh7VEsUDrsC6/92/cRpCCWt7yPLagnotsV/MIK6rn6gB+Jv
rCXqNYf/klwVRa/KJo0vq1ePQvotOoljsT9QHcnG+KXgu1c42HehZ5cSN3oUw1MJ
4wGtEH4sXUZ4LO/Qrhxo6cr2dd1OQ37S/GxbGTydz7Kf4jq3QuXTOAT6p/MC2JdC
8lkqohrdX2S/wPsL8x/yhuthH87xaa/QOmYwkKcqlZOOP09RutKQ0AyJPs55BtKn
1dZ9rkWrDK75c3dR5sBrarwrP5UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSiXORg
Z8p+vBgMEA2p2qiQzTXLazAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzgwNjMwOWEtOWUzZS00YjBlLWFhZDItMTM1NmQwNzBhNDM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
EzANBgkqhkiG9w0BAQsFAAOCAQEAEudawkTplKoOmMsKUZLb3TASS9MC/pZqZBFa
99EhpeT6NdsdWtwh2Te7XBse/wF4MsqW7vusBOjbBdHKiIzFdVedIejsaxwCuVzv
jOCTOhlCNuvNzBzekMySBnQM6dOB6gn300tDL2ZZw+dmqZ+3YrJ6Yfn93Fq8Hh/E
f6RlNBoTjObOjXjHC6PBUPaBy26Uc3QND4UBsFB2UIoNBLF2epDOLafQ2XhybJlv
4EcKKN/1XUaOFoTPUCtv+bCbg35DN5P8thAlfFi/9efp3/QOk40qbyGwN+7Esp9/
hj9q1MwZ3bIyvCvBn1TGzllNITZKbZAtYl53JcquarxeXzgEaw==
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:37:23 2025 by rpki-client