Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/24601d85-ac6e-46b6-a0d2-d35342ccc951.roa
File: 24601d85-ac6e-46b6-a0d2-d35342ccc951.roa (raw, json)
Hash identifier: e6zmux4Xy5qr1dQUhvxKDw28VKbfXgBVThyVf/ESE70=
Subject key identifier: 29:1D:38:5F:CE:0D:00:B1:9A:27:27:46:03:51:88:17:E5:61:D0:B9
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 72CE9655812D4004B7D324FA6EBB575302AB7D5D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/24601d85-ac6e-46b6-a0d2-d35342ccc951.roa
Signing time: Mon 29 Sep 2025 15:40:25 +0000
ROA not before: Mon 29 Sep 2025 15:40:25 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.93.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:ce:96:55:81:2d:40:04:b7:d3:24:fa:6e:bb:57:53:02:ab:7d:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 29 15:40:25 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=55954f43d1fc8e123d21e4199dd3f2c069b6b31db9135564d449a9de0c7ecbe4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:4d:c5:94:9a:ae:a1:52:6c:fa:f3:ea:5f:5e:
c5:8e:d8:e4:64:f4:9b:3e:99:a2:46:99:4a:e9:af:
af:96:9e:e0:87:9b:bd:5e:19:3d:9f:46:00:02:70:
dd:3a:3f:66:f1:3e:51:fe:89:52:3f:0d:15:60:70:
fc:14:87:86:66:f7:2a:0e:3a:f7:6b:f6:71:dc:16:
75:77:e1:d9:d0:23:21:62:1c:05:00:ca:8b:90:ce:
f7:af:39:10:ed:ce:de:4e:54:96:20:82:82:59:ba:
eb:29:8d:11:be:65:db:ec:52:2b:6d:95:81:f3:ca:
3d:22:09:c7:85:84:9f:5a:51:21:f7:7d:0b:09:b0:
c9:67:ae:64:80:e1:ad:24:ef:44:cb:20:02:f4:79:
19:8b:47:0c:ff:5f:1f:48:36:01:f7:0e:d1:82:ca:
5a:3a:55:93:f0:54:ab:32:90:86:88:63:41:e9:af:
89:35:8f:cb:f2:52:c2:18:37:90:21:7e:37:a6:c9:
29:7e:8d:a6:9c:49:23:74:dc:a2:b7:ce:0d:fa:af:
a3:b9:cd:9e:a1:87:e9:4c:65:c3:35:4a:da:dd:78:
d4:4f:bb:82:74:52:80:f7:b3:22:ff:07:60:04:e2:
49:a8:13:c3:7d:82:99:40:fc:64:8a:1f:7f:b4:df:
ff:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:1D:38:5F:CE:0D:00:B1:9A:27:27:46:03:51:88:17:E5:61:D0:B9
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/24601d85-ac6e-46b6-a0d2-d35342ccc951.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.93.0.0/16
Signature Algorithm: sha256WithRSAEncryption
d4:57:2c:f1:6c:bb:26:ce:85:6a:60:52:9e:1e:87:49:5f:8a:
f1:de:15:c8:cb:8d:ad:d2:94:ec:64:81:a7:31:70:d3:79:3c:
ad:e7:9f:e4:65:16:18:db:92:21:dc:df:ea:43:88:c1:96:ee:
6e:9c:cb:da:7d:78:ac:21:29:ba:38:c4:ef:59:9c:7b:f8:37:
25:c0:7f:ff:44:9d:1b:5d:be:28:71:9e:47:0d:a2:fb:1b:3b:
34:dc:5a:fc:69:7c:1c:03:ec:fb:28:be:f8:e5:ff:b2:a2:f1:
2e:ce:1d:92:0d:21:2d:d0:89:11:da:35:8b:bb:c6:7d:55:3f:
0a:16:3b:70:80:81:ff:fa:a0:a4:1d:fb:5c:c1:c7:21:76:94:
3b:94:52:ce:70:b5:55:9a:05:ee:af:86:d1:36:5d:8a:71:56:
22:77:2e:71:fd:51:1b:99:f2:64:4b:93:4f:cc:84:1c:50:83:
83:51:ef:f4:a5:1d:6c:11:cf:c6:d0:38:72:fd:69:f2:ba:9f:
dc:29:06:88:55:39:49:7d:0e:52:25:8d:02:65:15:06:aa:fd:
cc:46:90:eb:34:15:b4:12:ce:4d:df:76:b1:4b:7b:1e:a0:33:
25:fa:46:11:38:83:9f:91:b7:f1:15:4e:31:02:5f:7c:3d:83:
ee:21:69:7a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUcs6WVYEtQAS30yT6brtXUwKrfV0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjkxNTQwMjVaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDU1OTU0ZjQzZDFmYzhlMTIzZDIxZTQxOTlkZDNmMmMwNjliNmIzMWRiOTEz
NTU2NGQ0NDlhOWRlMGM3ZWNiZTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAINNxZSarqFSbPrz6l9exY7Y5GT0mz6ZokaZSumvr5ae4IebvV4ZPZ9GAAJw
3To/ZvE+Uf6JUj8NFWBw/BSHhmb3Kg4692v2cdwWdXfh2dAjIWIcBQDKi5DO9685
EO3O3k5UliCCglm66ymNEb5l2+xSK22VgfPKPSIJx4WEn1pRIfd9CwmwyWeuZIDh
rSTvRMsgAvR5GYtHDP9fH0g2AfcO0YLKWjpVk/BUqzKQhohjQemviTWPy/JSwhg3
kCF+N6bJKX6NppxJI3TcorfODfqvo7nNnqGH6UxlwzVK2t141E+7gnRSgPezIv8H
YATiSagTw32CmUD8ZIoff7Tf/6ECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQpHThf
zg0AsZonJ0YDUYgX5WHQuTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjQ2MDFkODUtYWM2ZS00NmI2LWEwZDItZDM1MzQyY2NjOTUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNdMA0G
CSqGSIb3DQEBCwUAA4IBAQDUVyzxbLsmzoVqYFKeHodJX4rx3hXIy42t0pTsZIGn
MXDTeTyt55/kZRYY25Ih3N/qQ4jBlu5unMvafXisISm6OMTvWZx7+DclwH//RJ0b
Xb4ocZ5HDaL7Gzs03Fr8aXwcA+z7KL745f+yovEuzh2SDSEt0IkR2jWLu8Z9VT8K
FjtwgIH/+qCkHftcwcchdpQ7lFLOcLVVmgXur4bRNl2KcVYidy5x/VEbmfJkS5NP
zIQcUIODUe/0pR1sEc/G0Dhy/Wnyup/cKQaIVTlJfQ5SJY0CZRUGqv3MRpDrNBW0
Es5N33axS3seoDMl+kYROIOfkbfxFU4xAl98PYPuIWl6
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:38:38 2025 by rpki-client