Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f5f17520-2ea0-4b9a-a01c-04329523a547.roa
File: f5f17520-2ea0-4b9a-a01c-04329523a547.roa (raw, json)
Hash identifier: T1G5ZU1gY/o54cA1q1PZvfYFq79e5DxuH/4LYQZjfSc=
Subject key identifier: 88:AE:45:F3:CD:C7:55:B5:60:E7:7F:6C:4E:3A:B1:BB:DB:9B:35:9F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4A2DB540DA3A975138161C347CB87055C7DE2A32
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f5f17520-2ea0-4b9a-a01c-04329523a547.roa
Signing time: Fri 31 Oct 2025 02:00:18 +0000
ROA not before: Fri 31 Oct 2025 02:00:18 +0000
ROA not after: Fri 05 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 195.61.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:2d:b5:40:da:3a:97:51:38:16:1c:34:7c:b8:70:55:c7:de:2a:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 31 02:00:18 2025 GMT
Not After : Dec 5 23:59:59 2025 GMT
Subject: serialNumber=d854ce6d2edbdd98f64f354b751b76427e80f6cb04e2347d1375a0a8688e2540, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:c0:67:a7:f1:d8:ce:e8:f6:ed:c6:8a:1c:8f:
10:35:be:66:6e:41:81:0b:64:50:30:8e:45:f6:56:
6b:03:2b:3c:18:94:e8:8d:05:95:36:72:86:a5:2d:
b5:ee:3a:b8:3c:c2:f6:8e:5e:89:56:df:84:e6:c5:
6b:54:36:d4:02:6d:78:af:c9:e8:c3:5d:42:6d:14:
6e:3b:0f:13:d6:1c:a6:97:f7:fc:6c:48:bc:93:ec:
03:42:ba:99:ba:1e:e7:56:5c:e6:2a:a7:9f:a3:a0:
a0:30:49:d1:62:e3:91:00:3b:b7:6d:ec:71:79:13:
46:b4:72:dd:2f:75:19:ea:01:31:0c:46:df:95:5b:
aa:0a:42:bf:ff:65:d1:35:6c:16:57:01:13:2f:fe:
6d:49:09:2c:d8:43:bb:cd:cf:7e:4a:ae:f0:6b:d5:
f3:05:f9:dd:c5:52:ff:fc:06:0b:cc:4b:8b:9a:45:
d7:30:40:75:aa:05:26:18:4e:c9:f7:49:55:27:95:
e0:7c:e8:a8:89:19:85:d5:76:47:95:cc:4b:2a:1c:
1a:22:57:9a:47:47:c1:60:10:19:29:55:f8:a4:45:
1a:e9:46:e2:fb:a1:2e:bf:5b:49:0e:c1:1e:0c:9d:
a3:98:6a:09:08:fb:d7:8b:4d:c0:b6:1b:36:35:21:
83:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:AE:45:F3:CD:C7:55:B5:60:E7:7F:6C:4E:3A:B1:BB:DB:9B:35:9F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f5f17520-2ea0-4b9a-a01c-04329523a547.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.61.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2d:94:e4:2d:96:0b:27:b2:ef:78:33:6b:6d:6b:8f:7a:54:aa:
0c:71:40:77:9f:da:d0:b9:82:dd:35:a0:21:ab:b7:8c:75:0c:
30:3f:1d:02:65:3c:cc:98:93:6e:a1:49:23:16:38:55:77:29:
d0:0c:05:d1:4f:9c:bf:b7:b1:9b:3c:29:5f:69:07:0a:49:30:
dd:d8:5a:c2:e8:21:a5:29:b3:57:90:42:24:bb:8a:96:17:3f:
4b:cc:e0:cf:b2:07:a0:92:30:4f:0f:2b:88:4e:6f:2b:fd:92:
32:c4:18:ab:56:50:40:c0:19:b1:be:f7:32:eb:54:56:82:63:
19:d3:fc:52:1b:0c:eb:5b:ac:39:64:5f:fd:54:00:c9:99:e3:
05:b3:a4:08:a6:5c:d0:9c:b7:df:8c:13:4d:37:ac:43:98:0c:
42:40:f1:40:55:7c:e8:82:30:32:61:37:1d:a6:02:e4:72:11:
2a:10:09:8d:ca:8d:8a:30:4a:d7:3c:a5:6e:42:01:a3:0e:bf:
e6:bc:c0:fe:f3:f5:63:52:cd:28:4c:88:0d:cf:83:d8:82:5e:
7b:6e:a2:d2:23:d7:20:b9:d5:5f:1a:65:6f:45:8f:d7:f7:d6:
54:1f:ab:93:7d:bb:80:e2:76:6a:8f:87:59:d5:e5:e2:ec:39:
0c:48:f8:5d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSi21QNo6l1E4Fhw0fLhwVcfeKjIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMzEwMjAwMThaFw0yNTEyMDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ4NTRjZTZkMmVkYmRkOThmNjRmMzU0Yjc1MWI3NjQyN2U4MGY2Y2IwNGUy
MzQ3ZDEzNzVhMGE4Njg4ZTI1NDAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzAZ6fx2M7o9u3GihyPEDW+Zm5BgQtkUDCORfZWawMrPBiU6I0FlTZyhqUt
te46uDzC9o5eiVbfhObFa1Q21AJteK/J6MNdQm0UbjsPE9Ycppf3/GxIvJPsA0K6
mboe51Zc5iqnn6OgoDBJ0WLjkQA7t23scXkTRrRy3S91GeoBMQxG35VbqgpCv/9l
0TVsFlcBEy/+bUkJLNhDu83Pfkqu8GvV8wX53cVS//wGC8xLi5pF1zBAdaoFJhhO
yfdJVSeV4HzoqIkZhdV2R5XMSyocGiJXmkdHwWAQGSlV+KRFGulG4vuhLr9bSQ7B
Hgydo5hqCQj714tNwLYbNjUhg+UCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSIrkXz
zcdVtWDnf2xOOrG725s1nzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjVmMTc1MjAtMmVhMC00YjlhLWEwMWMtMDQzMjk1MjNhNTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMM9MA0G
CSqGSIb3DQEBCwUAA4IBAQAtlOQtlgsnsu94M2tta496VKoMcUB3n9rQuYLdNaAh
q7eMdQwwPx0CZTzMmJNuoUkjFjhVdynQDAXRT5y/t7GbPClfaQcKSTDd2FrC6CGl
KbNXkEIku4qWFz9LzODPsgegkjBPDyuITm8r/ZIyxBirVlBAwBmxvvcy61RWgmMZ
0/xSGwzrW6w5ZF/9VADJmeMFs6QIplzQnLffjBNNN6xDmAxCQPFAVXzogjAyYTcd
pgLkchEqEAmNyo2KMErXPKVuQgGjDr/mvMD+8/VjUs0oTIgNz4PYgl57bqLSI9cg
udVfGmVvRY/X99ZUH6uTfbuA4nZqj4dZ1eXi7DkMSPhd
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:00:28 2025 by rpki-client