Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fb2bc1bb-cbbe-4f6c-8ef3-eabfdb4fa7b9.roa
File: fb2bc1bb-cbbe-4f6c-8ef3-eabfdb4fa7b9.roa (raw, json)
Hash identifier: zjfG+1o/lK0HvumuiktYMANxpk7eXa/b1yqpHCUC1B0=
Subject key identifier: 8C:33:FF:93:AA:DF:7C:14:6D:8E:F5:F1:B5:A3:35:C7:16:0A:DF:1A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 384AB01CE8DC5EC8348EDB10408839111235C546
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fb2bc1bb-cbbe-4f6c-8ef3-eabfdb4fa7b9.roa
Signing time: Tue 21 Oct 2025 14:40:05 +0000
ROA not before: Tue 21 Oct 2025 14:40:05 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 212.167.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:4a:b0:1c:e8:dc:5e:c8:34:8e:db:10:40:88:39:11:12:35:c5:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:05 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=1602319a3f71d0025d689a9d857dfbeaf8d32cab3385745c1dc5d0335aff6637, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:b9:02:0f:1e:12:68:51:cc:94:51:05:72:23:
aa:e9:82:fc:f5:16:6b:c1:ae:7d:25:a6:41:41:f8:
a5:fc:76:77:3a:f3:09:f6:80:12:52:9c:e8:a3:88:
b3:3f:9a:0f:a8:39:76:49:06:4b:54:f7:cc:0f:49:
60:f0:a8:65:9d:20:2e:4b:78:e7:a3:03:6f:1f:8a:
40:20:55:5f:00:08:63:7c:3c:3d:7a:89:21:4f:f6:
b2:11:59:cf:0a:3f:4b:40:59:49:57:47:dc:cb:9b:
39:3b:97:4e:b8:6f:93:08:c6:ce:13:f7:9b:d4:24:
bd:1a:e0:42:8c:f9:c7:10:d5:20:8a:5f:6d:c8:3f:
3d:a5:c3:2e:99:b7:b5:aa:8a:fc:d0:f3:e9:f9:0a:
70:7b:0c:58:7a:7f:f2:a8:2d:70:7d:a6:bf:4b:3c:
ee:4a:c6:f4:33:b2:89:2b:73:0a:14:77:c5:ab:42:
a7:5d:c5:6f:cb:9d:27:f5:59:07:ed:5d:62:38:f6:
ff:99:63:a2:5a:80:80:c5:98:06:a3:41:6e:53:98:
dd:3e:64:7d:b3:f5:3c:49:a7:87:72:fa:5e:90:8d:
68:89:18:98:75:60:2e:b3:1c:4a:90:4d:10:9b:0f:
85:d7:a4:d9:b9:74:f1:3b:9b:67:d6:2f:20:3d:f1:
f6:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:33:FF:93:AA:DF:7C:14:6D:8E:F5:F1:B5:A3:35:C7:16:0A:DF:1A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fb2bc1bb-cbbe-4f6c-8ef3-eabfdb4fa7b9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.167.0.0/16
Signature Algorithm: sha256WithRSAEncryption
49:75:af:2a:db:11:bf:b1:e8:39:a7:4c:af:aa:2a:72:76:4c:
67:b0:18:17:b4:f0:de:91:a2:73:5a:29:56:5b:d6:f7:b3:20:
d1:06:5f:27:86:95:0a:d2:0d:fb:93:5c:6c:a1:88:b0:ee:38:
68:98:6b:b4:fd:8a:29:78:5c:5a:2b:c6:77:f2:43:bb:7e:98:
e6:40:1b:d5:eb:77:da:02:99:c6:f0:2f:95:1c:19:30:5d:91:
47:fd:2b:db:f5:9c:f7:29:bb:d0:16:a0:77:4a:49:a1:9d:2c:
e4:8a:d1:9f:6e:77:49:d1:2f:c8:91:cb:a5:f2:6b:0b:4c:2d:
20:9c:fc:aa:fb:13:1a:18:a7:59:10:6e:af:71:6d:70:d9:bf:
52:8b:7c:a6:21:b4:46:f3:05:80:bd:05:79:6b:6d:64:99:ce:
bc:ad:ff:e1:56:24:f3:50:be:29:40:65:0b:f0:b4:89:c2:56:
b8:38:7f:37:1c:ff:74:69:52:43:7b:74:53:4d:cd:a7:d9:cd:
52:77:f0:44:c3:8d:fe:a4:12:58:07:f0:4d:ca:ed:ee:c3:21:
47:ab:4c:1c:20:e2:6e:f6:bc:42:3d:50:bb:94:a4:09:98:9d:
0a:56:1d:f1:14:80:9b:55:14:d4:2f:a4:f1:32:70:3a:fa:5f:
8f:7e:10:90
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUOEqwHOjcXsg0jtsQQIg5ERI1xUYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE2MDIzMTlhM2Y3MWQwMDI1ZDY4OWE5ZDg1N2RmYmVhZjhkMzJjYWIzMzg1
NzQ1YzFkYzVkMDMzNWFmZjY2MzcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALa5Ag8eEmhRzJRRBXIjqumC/PUWa8GufSWmQUH4pfx2dzrzCfaAElKc6KOI
sz+aD6g5dkkGS1T3zA9JYPCoZZ0gLkt456MDbx+KQCBVXwAIY3w8PXqJIU/2shFZ
zwo/S0BZSVdH3MubOTuXTrhvkwjGzhP3m9QkvRrgQoz5xxDVIIpfbcg/PaXDLpm3
taqK/NDz6fkKcHsMWHp/8qgtcH2mv0s87krG9DOyiStzChR3xatCp13Fb8udJ/VZ
B+1dYjj2/5ljolqAgMWYBqNBblOY3T5kfbP1PEmnh3L6XpCNaIkYmHVgLrMcSpBN
EJsPhdek2bl08TubZ9YvID3x9p8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSMM/+T
qt98FG2O9fG1ozXHFgrfGjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmIyYmMxYmItY2JiZS00ZjZjLThlZjMtZWFiZmRiNGZhN2I5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDANSnMA0G
CSqGSIb3DQEBCwUAA4IBAQBJda8q2xG/seg5p0yvqipydkxnsBgXtPDekaJzWilW
W9b3syDRBl8nhpUK0g37k1xsoYiw7jhomGu0/YopeFxaK8Z38kO7fpjmQBvV63fa
ApnG8C+VHBkwXZFH/Svb9Zz3KbvQFqB3SkmhnSzkitGfbndJ0S/Ikcul8msLTC0g
nPyq+xMaGKdZEG6vcW1w2b9Si3ymIbRG8wWAvQV5a21kmc68rf/hViTzUL4pQGUL
8LSJwla4OH83HP90aVJDe3RTTc2n2c1Sd/BEw43+pBJYB/BNyu3uwyFHq0wcIOJu
9rxCPVC7lKQJmJ0KVh3xFICbVRTUL6TxMnA6+l+PfhCQ
-----END CERTIFICATE-----
Generated at Wed Nov 5 09:36:39 2025 by rpki-client