Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e3a37277-f023-468b-8a43-2519fccedc3e.roa
File: e3a37277-f023-468b-8a43-2519fccedc3e.roa (raw, json)
Hash identifier: kJZltPUSnIWhwGm2iIs5UIHnJ8bGlgl5EU5dNoZIaPc=
Subject key identifier: 32:A8:D1:72:C5:3F:3F:26:E3:2E:A6:44:09:44:28:BE:C2:CC:4F:67
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3CAA361F5B7447D5F6CBB33DE51D97FA2CD3A59E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e3a37277-f023-468b-8a43-2519fccedc3e.roa
Signing time: Fri 31 Oct 2025 02:00:24 +0000
ROA not before: Fri 31 Oct 2025 02:00:24 +0000
ROA not after: Fri 05 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 85.213.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:aa:36:1f:5b:74:47:d5:f6:cb:b3:3d:e5:1d:97:fa:2c:d3:a5:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 31 02:00:24 2025 GMT
Not After : Dec 5 23:59:59 2025 GMT
Subject: serialNumber=5420cab9323fc3d0826d8cfe5360ec51af867f2e6ae9394f2c07cc12c10c8326, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:57:0e:2b:e8:0e:66:ef:ff:10:45:91:91:9c:
60:19:b8:db:d7:31:09:02:08:94:2c:94:50:fe:e5:
8e:33:78:00:0a:be:77:07:7e:81:3e:8e:8a:71:22:
7a:83:7a:3e:82:5e:e5:a7:a5:95:e9:bf:48:9b:23:
06:63:3b:29:70:6f:e7:8c:80:10:f8:af:2e:d3:35:
71:28:62:6b:2a:65:b4:fa:73:29:94:2e:b6:9b:ae:
3b:c5:73:de:0c:c5:11:f3:c2:58:b8:2b:4a:3b:63:
05:4c:7e:bc:b1:b3:1f:c0:8e:bc:f2:55:52:8e:e0:
43:b6:91:8c:a0:1d:88:62:5e:df:b9:36:8a:65:3b:
16:23:bf:76:9b:73:7c:6f:d8:57:e4:80:b2:ba:d5:
56:a3:15:71:42:33:f6:5c:ed:f0:d0:51:fb:1f:28:
2c:2a:df:36:46:bf:3d:d9:81:0d:86:bc:46:45:61:
a1:d9:35:46:df:fe:ef:97:ab:e1:d4:cf:e9:69:5d:
cb:62:35:1b:0e:17:a1:fa:c7:75:52:fa:63:48:81:
5e:ae:48:6b:b5:35:ac:bb:f3:dc:a8:1b:fb:3b:5a:
b4:e5:04:9b:15:9c:93:7d:f3:7c:fa:c3:58:23:97:
57:03:f8:08:7b:15:ad:f2:d4:f5:08:89:bb:15:93:
2d:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:A8:D1:72:C5:3F:3F:26:E3:2E:A6:44:09:44:28:BE:C2:CC:4F:67
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e3a37277-f023-468b-8a43-2519fccedc3e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.213.0.0/16
Signature Algorithm: sha256WithRSAEncryption
03:3a:22:13:2d:6d:ec:8f:ae:38:04:9e:aa:e6:15:a4:ff:5d:
f1:26:dc:b7:aa:59:d7:69:1d:d0:5b:b0:ca:49:ee:48:5f:2c:
63:e0:d5:a5:d1:e6:ca:4c:53:31:ba:58:c5:a9:f0:ca:f1:43:
d7:f5:18:7e:1f:34:bb:67:00:e0:73:63:db:c9:a4:5a:8d:0d:
22:51:30:69:b3:7b:76:60:77:b3:aa:dd:ae:a6:8d:81:d5:f6:
9b:0f:53:fd:fc:34:05:42:27:e2:ff:d3:26:8a:76:62:7e:c9:
47:d6:f0:d2:5f:fb:14:35:e9:72:21:7b:02:ac:d7:1e:74:7a:
a0:a6:cc:ab:dd:70:9e:f3:53:2c:72:2b:d8:e1:99:de:67:90:
1a:d0:64:48:b7:a1:22:7d:c2:2e:a6:df:94:ef:73:27:88:08:
be:07:78:62:40:a7:fe:3c:19:56:4d:e8:5e:7a:1a:6d:af:df:
8b:34:9e:ea:af:c2:91:e0:bb:a4:7e:98:03:ea:b5:1f:44:6b:
cc:f5:8d:54:2c:4d:95:4e:39:16:af:39:04:3b:44:7e:2e:9b:
ee:bd:3c:cf:ba:69:c6:63:c8:b8:49:1c:c4:29:7d:17:fc:42:
d3:03:0a:18:12:75:c0:6e:da:33:07:b1:6b:28:22:3d:0c:d7:
c6:01:0f:74
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUPKo2H1t0R9X2y7M95R2X+izTpZ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMzEwMjAwMjRaFw0yNTEyMDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDU0MjBjYWI5MzIzZmMzZDA4MjZkOGNmZTUzNjBlYzUxYWY4NjdmMmU2YWU5
Mzk0ZjJjMDdjYzEyYzEwYzgzMjYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALJXDivoDmbv/xBFkZGcYBm429cxCQIIlCyUUP7ljjN4AAq+dwd+gT6OinEi
eoN6PoJe5aellem/SJsjBmM7KXBv54yAEPivLtM1cShiaypltPpzKZQutpuuO8Vz
3gzFEfPCWLgrSjtjBUx+vLGzH8COvPJVUo7gQ7aRjKAdiGJe37k2imU7FiO/dptz
fG/YV+SAsrrVVqMVcUIz9lzt8NBR+x8oLCrfNka/PdmBDYa8RkVhodk1Rt/+75er
4dTP6Wldy2I1Gw4XofrHdVL6Y0iBXq5Ia7U1rLvz3Kgb+ztatOUEmxWck33zfPrD
WCOXVwP4CHsVrfLU9QiJuxWTLX8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQyqNFy
xT8/JuMupkQJRCi+wsxPZzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTNhMzcyNzctZjAyMy00NjhiLThhNDMtMjUxOWZjY2VkYzNlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAFXVMA0G
CSqGSIb3DQEBCwUAA4IBAQADOiITLW3sj644BJ6q5hWk/13xJty3qlnXaR3QW7DK
Se5IXyxj4NWl0ebKTFMxuljFqfDK8UPX9Rh+HzS7ZwDgc2PbyaRajQ0iUTBps3t2
YHezqt2upo2B1fabD1P9/DQFQifi/9MminZifslH1vDSX/sUNelyIXsCrNcedHqg
psyr3XCe81MscivY4ZneZ5Aa0GRIt6EifcIupt+U73MniAi+B3hiQKf+PBlWTehe
ehptr9+LNJ7qr8KR4LukfpgD6rUfRGvM9Y1ULE2VTjkWrzkEO0R+LpvuvTzPumnG
Y8i4SRzEKX0X/ELTAwoYEnXAbtozB7FrKCI9DNfGAQ90
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:31:57 2025 by rpki-client