Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
File: fc353215-935f-47d2-9298-767ccc0eae1a.roa (raw, json)
Hash identifier: HJc5Bl2UN4CRQi1BfVx1qZVPMmPNKb11itfvs3e8KgU=
Subject key identifier: 3F:3F:89:A1:96:EB:8F:7A:ED:EA:DF:E2:28:1D:9D:C0:8F:39:99:15
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5E002FDC7C53CE85B382421BE24F0DCF85911D77
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
Signing time: Tue 21 Oct 2025 15:00:37 +0000
ROA not before: Tue 21 Oct 2025 15:00:37 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 85.151.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:00:2f:dc:7c:53:ce:85:b3:82:42:1b:e2:4f:0d:cf:85:91:1d:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 15:00:37 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=59a1fc08d6290e43c3168c928d98ab0624959f7485dbac899c8eeea98cdbc572, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:1c:75:73:1e:06:1c:e3:63:79:3d:d0:c7:b6:
f5:5e:56:81:cf:b6:cf:94:7b:29:3a:5d:05:09:0c:
98:27:35:12:a0:a0:5d:ff:ea:8b:3a:73:0a:76:1a:
16:db:3b:24:b0:41:e5:7a:ce:0b:c6:00:4d:d8:65:
58:a4:b0:58:31:ff:53:52:ea:51:15:e1:73:11:8e:
5c:3d:02:07:89:0d:39:72:0b:c6:79:fc:17:6b:86:
27:99:a1:80:22:e5:63:e5:b9:5e:67:61:c4:87:80:
06:ac:50:82:9b:65:2f:2b:16:46:d9:45:77:90:47:
72:75:ba:c4:e9:fc:ca:43:de:05:18:99:0d:ce:a7:
1b:96:f6:85:45:d8:3d:e3:7f:28:ec:c6:8d:9d:19:
2e:c4:96:cf:24:6a:f9:e0:4e:65:81:cd:1e:31:56:
08:1e:2f:94:b9:ec:88:94:d2:9b:97:ee:a4:25:64:
e6:e2:53:6d:cf:ab:70:d1:60:f8:08:eb:ec:0b:45:
12:f5:b4:0c:b1:c2:72:26:08:ec:6a:7d:1a:39:fd:
4a:99:c1:b7:ba:03:14:da:b5:87:4c:5d:c4:76:92:
ff:d0:a1:8c:56:20:77:99:4b:3a:e4:29:23:1f:38:
fd:f4:c6:82:80:64:55:7d:46:6c:80:46:5d:39:74:
f2:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:3F:89:A1:96:EB:8F:7A:ED:EA:DF:E2:28:1D:9D:C0:8F:39:99:15
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.151.0.0/16
Signature Algorithm: sha256WithRSAEncryption
33:5e:ea:6a:ed:1c:d2:bb:0d:0d:0d:7f:2e:0d:7c:e6:06:48:
07:df:7d:c7:cd:f2:28:33:0b:c4:d2:ae:26:1c:82:5f:6a:11:
df:d9:6a:03:ff:2a:77:b1:7c:c8:d1:f1:5f:d1:ae:32:4e:89:
88:83:db:03:1b:a4:39:94:5f:01:16:5b:6c:22:db:3c:d2:6e:
b8:81:14:89:e6:05:16:d0:c7:1d:a2:89:1a:90:80:17:db:8c:
dc:a6:ff:f3:70:88:96:36:f1:2b:d2:3e:ad:9c:e6:e9:a4:71:
25:52:7e:28:2d:1b:84:89:0c:b7:53:54:ac:e8:61:be:53:3a:
07:23:a6:a0:e7:66:e5:02:77:89:b6:83:f2:d5:18:a4:e4:17:
1a:01:c8:6e:a3:e2:de:fc:52:40:d4:f6:ae:0e:6a:c2:64:61:
7c:19:3f:23:08:1c:e0:23:2f:92:eb:34:8e:f2:52:36:1a:54:
a1:20:69:f1:c2:d4:50:72:f8:12:9f:ff:18:a7:4a:4d:20:7f:
de:06:ed:16:57:40:e5:8b:d7:de:cf:80:25:bf:b1:31:df:f3:
3a:fe:81:56:28:01:61:e1:1a:2a:53:4a:e6:9b:0f:b4:56:75:
22:4b:81:e1:13:2e:78:97:e5:51:b2:ed:f5:7d:c5:0b:38:a3:
6c:9b:d7:76
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXgAv3HxTzoWzgkIb4k8Nz4WRHXcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNTAwMzdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDU5YTFmYzA4ZDYyOTBlNDNjMzE2OGM5MjhkOThhYjA2MjQ5NTlmNzQ4NWRi
YWM4OTljOGVlZWE5OGNkYmM1NzIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMIcdXMeBhzjY3k90Me29V5Wgc+2z5R7KTpdBQkMmCc1EqCgXf/qizpzCnYa
Fts7JLBB5XrOC8YATdhlWKSwWDH/U1LqURXhcxGOXD0CB4kNOXILxnn8F2uGJ5mh
gCLlY+W5XmdhxIeABqxQgptlLysWRtlFd5BHcnW6xOn8ykPeBRiZDc6nG5b2hUXY
PeN/KOzGjZ0ZLsSWzyRq+eBOZYHNHjFWCB4vlLnsiJTSm5fupCVk5uJTbc+rcNFg
+Ajr7AtFEvW0DLHCciYI7Gp9Gjn9SpnBt7oDFNq1h0xdxHaS/9ChjFYgd5lLOuQp
Ix84/fTGgoBkVX1GbIBGXTl08mMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ/P4mh
luuPeu3q3+IoHZ3AjzmZFTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmMzNTMyMTUtOTM1Zi00N2QyLTkyOTgtNzY3Y2NjMGVhZTFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAFWXMA0G
CSqGSIb3DQEBCwUAA4IBAQAzXupq7RzSuw0NDX8uDXzmBkgH333HzfIoMwvE0q4m
HIJfahHf2WoD/yp3sXzI0fFf0a4yTomIg9sDG6Q5lF8BFltsIts80m64gRSJ5gUW
0McdookakIAX24zcpv/zcIiWNvEr0j6tnObppHElUn4oLRuEiQy3U1Ss6GG+UzoH
I6ag52blAneJtoPy1Rik5BcaAchuo+Le/FJA1PauDmrCZGF8GT8jCBzgIy+S6zSO
8lI2GlShIGnxwtRQcvgSn/8Yp0pNIH/eBu0WV0Dli9fez4Alv7Ex3/M6/oFWKAFh
4RoqU0rmmw+0VnUiS4HhEy54l+VRsu31fcULOKNsm9d2
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:59:04 2025 by rpki-client