Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
File: dbc88f4b-781b-45e4-8402-e6b216deacc3.roa (raw, json)
Hash identifier: /xmot2MZ3HW+U3VOccznaRz89ST2jnnLChFsdCSkWOw=
Subject key identifier: 93:07:2C:45:99:D8:72:C2:8D:B4:6D:97:66:90:F7:C5:5E:98:99:DE
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2AFF2273E5B2883ADAA37DA38009A8A1FDD36C34
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
Signing time: Tue 21 Oct 2025 14:50:37 +0000
ROA not before: Tue 21 Oct 2025 14:50:37 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 151.176.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:ff:22:73:e5:b2:88:3a:da:a3:7d:a3:80:09:a8:a1:fd:d3:6c:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:37 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=83d7db5ff70fd8f79b1eeaa163e5db4cc8886dfc092f9e2fb8f33394a8e5198d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:d3:05:91:88:79:bb:0e:db:7b:61:fb:74:ea:
c3:8d:a5:30:39:ab:22:97:fa:5e:8d:29:4c:08:68:
97:3a:09:60:ff:d0:cf:3a:37:5d:04:c4:17:b4:1b:
32:6f:e6:50:46:e0:13:4a:bc:8d:b8:cb:42:1a:d1:
de:07:68:e2:67:3e:2b:4c:46:81:09:92:10:8b:dc:
40:14:b5:20:ed:31:e7:b8:cd:58:96:72:d3:96:51:
de:19:c6:7e:fa:a4:7e:b5:0c:ac:ae:4d:d2:cb:18:
0b:b7:08:dc:b4:c7:15:36:34:0f:bd:b7:16:6d:14:
ec:af:cc:d8:8c:38:77:de:76:2b:81:a5:3e:f6:9f:
54:ad:86:07:65:28:46:0e:49:30:e8:fd:fb:4a:80:
e5:b7:53:8f:08:e1:23:77:cc:ed:f3:e6:ad:46:6b:
f1:0b:00:e2:6d:4a:e6:30:19:e2:09:19:32:af:bc:
6f:8d:33:fe:9a:1c:af:25:b5:76:74:72:81:c6:93:
c2:3b:e9:c8:f3:04:5e:47:ca:fa:0a:c8:3e:52:36:
b0:01:b3:5b:42:d7:86:af:4c:30:f2:30:dd:cd:04:
03:b0:5b:99:c9:f9:97:e9:e9:5d:84:c6:10:11:de:
1e:6b:e8:2e:46:f1:93:c2:cb:4c:ea:ef:84:95:9b:
9e:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:07:2C:45:99:D8:72:C2:8D:B4:6D:97:66:90:F7:C5:5E:98:99:DE
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.176.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9a:2b:7b:07:e6:19:31:1f:f5:b3:8d:38:63:cf:a9:28:f5:20:
fc:aa:67:c7:32:fa:bf:c4:09:85:61:de:10:cc:a0:09:6e:28:
f2:43:9c:59:39:26:cc:74:32:1d:90:5b:0c:57:70:69:15:ac:
24:88:28:50:6a:44:88:d0:6f:d6:fb:df:99:ea:4d:c8:d7:f0:
b3:05:1c:7e:fc:da:fb:76:fb:c3:84:04:ea:af:bd:63:e3:a2:
84:ab:91:91:58:c0:8f:cb:4f:66:53:df:2e:67:96:44:af:e0:
bd:90:70:12:67:f7:33:a5:53:53:c1:57:33:d4:2e:35:26:78:
01:6c:32:12:33:aa:5a:48:a8:5a:7b:91:cb:a5:56:1a:e4:6d:
78:69:ee:51:0e:98:67:ae:af:35:e5:cd:50:9c:ff:c0:62:95:
2a:c2:3a:bd:70:19:44:c4:22:94:f2:2a:e3:a2:d5:42:d8:14:
26:12:d2:a8:45:94:cf:a6:f5:0d:53:bb:a5:e8:00:04:39:6e:
94:34:31:f9:30:ef:ea:75:e9:d8:f4:c7:90:f7:01:82:f9:2e:
aa:28:e1:64:30:39:d8:8c:91:d4:06:cb:49:5b:04:ad:42:17:
81:fb:c9:7d:9c:75:27:bf:9e:13:29:a8:9c:45:a4:d5:b2:0b:
47:4d:f5:22
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKv8ic+WyiDrao32jgAmoof3TbDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMzdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDgzZDdkYjVmZjcwZmQ4Zjc5YjFlZWFhMTYzZTVkYjRjYzg4ODZkZmMwOTJm
OWUyZmI4ZjMzMzk0YThlNTE5OGQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIjTBZGIebsO23th+3Tqw42lMDmrIpf6Xo0pTAholzoJYP/Qzzo3XQTEF7Qb
Mm/mUEbgE0q8jbjLQhrR3gdo4mc+K0xGgQmSEIvcQBS1IO0x57jNWJZy05ZR3hnG
fvqkfrUMrK5N0ssYC7cI3LTHFTY0D723Fm0U7K/M2Iw4d952K4GlPvafVK2GB2Uo
Rg5JMOj9+0qA5bdTjwjhI3fM7fPmrUZr8QsA4m1K5jAZ4gkZMq+8b40z/pocryW1
dnRygcaTwjvpyPMEXkfK+grIPlI2sAGzW0LXhq9MMPIw3c0EA7Bbmcn5l+npXYTG
EBHeHmvoLkbxk8LLTOrvhJWbnmUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSTByxF
mdhywo20bZdmkPfFXpiZ3jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGJjODhmNGItNzgxYi00NWU0LTg0MDItZTZiMjE2ZGVhY2MzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJewMA0G
CSqGSIb3DQEBCwUAA4IBAQCaK3sH5hkxH/WzjThjz6ko9SD8qmfHMvq/xAmFYd4Q
zKAJbijyQ5xZOSbMdDIdkFsMV3BpFawkiChQakSI0G/W+9+Z6k3I1/CzBRx+/Nr7
dvvDhATqr71j46KEq5GRWMCPy09mU98uZ5ZEr+C9kHASZ/czpVNTwVcz1C41JngB
bDISM6paSKhae5HLpVYa5G14ae5RDphnrq815c1QnP/AYpUqwjq9cBlExCKU8irj
otVC2BQmEtKoRZTPpvUNU7ul6AAEOW6UNDH5MO/qdenY9MeQ9wGC+S6qKOFkMDnY
jJHUBstJWwStQheB+8l9nHUnv54TKaicRaTVsgtHTfUi
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:37:07 2025 by rpki-client