Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
File: dc5d2309-ce0f-4816-b8d0-260ce079f694.roa (raw, json)
Hash identifier: iQ7EDmAhJE3k4YPe6KmivGEzBtLuh/eEiaDvlX1rwnQ=
Subject key identifier: F1:B6:DC:74:84:85:14:72:EA:26:A8:0C:02:D2:53:65:54:88:F2:5A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5A884B9B56704EC6C0FE9CA7260FA8BC13958BA7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
Signing time: Tue 21 Oct 2025 14:40:31 +0000
ROA not before: Tue 21 Oct 2025 14:40:31 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 212.255.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:88:4b:9b:56:70:4e:c6:c0:fe:9c:a7:26:0f:a8:bc:13:95:8b:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:31 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=b068dcf3a0780bae29c80b0e4462d6fab75f2deea2d5069583a19eb4068251f1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:3c:5c:cd:f3:ba:3c:bc:e8:f3:b1:be:17:ed:
e3:85:a7:12:fb:f7:44:43:c2:66:f4:1b:c0:d1:ad:
8e:e3:02:6f:4a:fb:e5:6d:d9:33:3c:c7:58:36:9c:
2d:2a:94:7e:05:f0:02:5d:13:91:1d:74:62:05:39:
77:43:22:db:6b:0c:d5:89:4d:69:ff:d2:26:bd:37:
2e:01:1d:c0:5c:97:e0:eb:5e:a2:66:12:ab:7e:31:
7f:a5:c4:2c:9c:fd:a8:66:18:31:47:79:84:b2:97:
5e:24:0e:23:2a:5e:4a:ff:5d:61:b4:05:d7:b5:9b:
2d:27:16:73:fb:a0:4b:62:bd:47:8c:dd:e4:15:0b:
ec:0e:df:7e:6d:dc:74:46:4e:cc:36:ba:2e:56:f9:
e2:53:fe:c6:4e:3c:91:34:76:35:01:69:8d:96:65:
f1:a1:5c:15:a2:e9:ed:96:84:94:be:fa:cd:1b:f5:
b4:bd:07:2b:17:a8:65:c2:6e:00:83:6b:c2:26:93:
35:4d:72:2f:cd:8c:88:29:a8:e8:3a:12:5d:04:0c:
7a:79:c7:8e:7d:56:24:78:89:4c:24:d4:15:9e:9d:
b6:31:12:71:7b:e7:2f:18:23:f9:6d:f6:3f:a1:57:
62:fe:82:2b:3f:d0:cd:29:a0:57:ba:56:d1:4e:39:
3e:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:B6:DC:74:84:85:14:72:EA:26:A8:0C:02:D2:53:65:54:88:F2:5A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.255.0.0/16
Signature Algorithm: sha256WithRSAEncryption
43:0a:f1:6f:57:e8:11:51:d4:aa:13:fc:b1:ad:bc:e5:9c:3a:
b1:04:af:5f:16:2d:95:75:e7:a1:ef:5b:6c:ce:13:d1:fb:ec:
fc:8a:db:07:cf:d4:0d:aa:6c:96:87:c9:6f:19:36:b3:c3:5b:
af:a1:9c:7a:68:9f:9c:f5:91:24:38:df:43:08:26:22:b6:77:
01:53:3b:82:89:65:81:df:25:b7:3b:32:a3:1a:8a:b5:de:b6:
f7:b9:45:b5:97:1a:4f:da:79:2b:27:11:b5:57:af:71:17:bc:
22:64:83:e3:a5:4d:87:51:5c:2a:5e:0f:2f:78:f5:9a:6f:99:
7e:d3:f4:de:e3:7c:41:f4:cf:a5:4c:46:60:e3:10:23:e2:34:
29:35:f7:85:f8:6f:cb:83:32:bb:5a:98:78:e0:30:7a:b3:19:
75:2e:3e:4b:da:a3:82:38:21:22:3d:c4:a7:09:01:7c:aa:12:
97:02:ab:b1:db:6a:b3:6b:0a:45:e0:d6:e8:97:e6:7e:f0:d0:
f7:06:c1:f4:92:1f:2f:bc:48:fb:32:55:8b:7b:0c:9c:e3:1f:
6f:f2:9c:a2:59:44:89:8c:be:9d:6f:7b:69:f0:42:d4:8d:82:
d5:06:f9:80:21:6b:02:9e:17:2f:cc:02:20:1a:c6:b4:a0:57:
f8:f3:0d:c5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWohLm1ZwTsbA/pynJg+ovBOVi6cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMzFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGIwNjhkY2YzYTA3ODBiYWUyOWM4MGIwZTQ0NjJkNmZhYjc1ZjJkZWVhMmQ1
MDY5NTgzYTE5ZWI0MDY4MjUxZjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM88XM3zujy86POxvhft44WnEvv3REPCZvQbwNGtjuMCb0r75W3ZMzzHWDac
LSqUfgXwAl0TkR10YgU5d0Mi22sM1YlNaf/SJr03LgEdwFyX4OteomYSq34xf6XE
LJz9qGYYMUd5hLKXXiQOIypeSv9dYbQF17WbLScWc/ugS2K9R4zd5BUL7A7ffm3c
dEZOzDa6Llb54lP+xk48kTR2NQFpjZZl8aFcFaLp7ZaElL76zRv1tL0HKxeoZcJu
AINrwiaTNU1yL82MiCmo6DoSXQQMennHjn1WJHiJTCTUFZ6dtjEScXvnLxgj+W32
P6FXYv6CKz/QzSmgV7pW0U45PkUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTxttx0
hIUUcuomqAwC0lNlVIjyWjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGM1ZDIzMDktY2UwZi00ODE2LWI4ZDAtMjYwY2UwNzlmNjk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDANT/MA0G
CSqGSIb3DQEBCwUAA4IBAQBDCvFvV+gRUdSqE/yxrbzlnDqxBK9fFi2Vdeeh71ts
zhPR++z8itsHz9QNqmyWh8lvGTazw1uvoZx6aJ+c9ZEkON9DCCYitncBUzuCiWWB
3yW3OzKjGoq13rb3uUW1lxpP2nkrJxG1V69xF7wiZIPjpU2HUVwqXg8vePWab5l+
0/Te43xB9M+lTEZg4xAj4jQpNfeF+G/LgzK7Wph44DB6sxl1Lj5L2qOCOCEiPcSn
CQF8qhKXAqux22qzawpF4Nbol+Z+8ND3BsH0kh8vvEj7MlWLewyc4x9v8pyiWUSJ
jL6db3tp8ELUjYLVBvmAIWsCnhcvzAIgGsa0oFf48w3F
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:32:32 2025 by rpki-client