Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
File: 286f881c-8fa0-4200-ada2-20a0cc49038e.roa (raw, json)
Hash identifier: hoIqOCscLB2m5Yxk2KVx3Vo95IzpKH3Pv7YXboklwy0=
Subject key identifier: 5A:EA:BA:F1:0D:BB:CE:E2:C0:7C:D1:15:BF:C3:F4:FD:10:50:39:06
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2FEF99B214F58B0A3008EC7035A6B3FD69EFDCF4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
Signing time: Fri 26 Sep 2025 20:20:19 +0000
ROA not before: Fri 26 Sep 2025 20:20:19 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.166.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:ef:99:b2:14:f5:8b:0a:30:08:ec:70:35:a6:b3:fd:69:ef:dc:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:20:19 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=a3303ac00796f7062604a476ec9a7f8f4cfb477b476be08c6e1a99e672d307e7, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:5e:8c:84:a4:05:81:be:1f:4b:e2:d1:f6:3d:
ec:26:6d:15:cc:0c:53:d8:27:78:e2:6a:87:16:b6:
70:88:db:7e:d3:f7:5c:ba:fb:3c:60:9c:03:6c:bd:
32:3e:17:c9:a2:2f:3f:45:ed:ea:69:37:f2:9b:ff:
e3:82:4f:9b:be:ec:9d:05:48:1d:e5:2d:32:46:8f:
df:b8:7b:3b:76:9e:39:e1:40:a1:bc:6a:84:be:53:
15:47:bb:97:75:e9:cc:60:43:db:ba:b7:8c:6e:5c:
67:8b:14:d4:7a:02:fc:04:7b:fb:c5:bc:86:6a:03:
ae:8d:e5:37:4a:50:6e:f8:40:a6:2c:8e:a1:da:61:
57:d2:dd:29:af:57:eb:e2:b4:93:15:8b:e3:42:a6:
82:ce:8c:5c:7a:e0:65:03:b7:5f:f7:af:31:97:56:
e0:1c:48:6b:67:cd:75:b3:ed:0e:a9:f8:d4:af:cc:
d3:c4:55:f9:20:ff:ba:ac:df:9c:8f:80:26:8c:ee:
0c:03:a5:de:9c:f4:8e:fc:5d:71:d3:21:52:3e:ee:
9b:1d:9c:8d:d1:80:42:a4:42:15:f1:98:aa:72:2e:
93:02:c6:f5:37:bb:34:97:6c:df:91:8c:de:c7:58:
12:cd:bd:f4:cd:cc:44:0e:fa:5f:9d:06:c9:93:1e:
50:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:EA:BA:F1:0D:BB:CE:E2:C0:7C:D1:15:BF:C3:F4:FD:10:50:39:06
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.166.0.0/15
Signature Algorithm: sha256WithRSAEncryption
cc:b7:2d:7f:05:d7:cf:fd:12:94:e2:9b:45:99:49:a9:77:4d:
8a:ce:d7:42:95:ae:fb:82:fb:72:57:ec:35:2d:02:72:45:2c:
0f:48:21:e6:92:85:5e:fc:79:68:ab:61:48:12:94:14:5a:4c:
57:0c:3d:4b:10:01:03:4d:e9:49:e0:9d:03:03:a2:29:97:01:
7d:b7:5a:47:3e:a0:da:15:b0:99:29:6d:1a:aa:6c:0c:96:5d:
a4:34:17:44:70:8e:72:d4:29:dc:23:15:0a:66:63:20:7d:27:
7b:72:a4:73:86:9e:f6:44:b3:02:0c:92:25:7c:ce:4e:53:67:
66:9d:6b:4e:b8:ee:d2:ee:39:e9:5d:96:35:8e:bb:78:0b:49:
9f:d6:14:b8:f9:e9:69:36:5a:d8:cb:3d:fb:9d:ff:99:9c:b0:
a4:2d:ee:e6:96:25:d8:34:58:9b:fd:b2:3a:96:fb:fc:b3:d9:
6e:0b:1a:d1:d4:f5:03:5f:81:8a:7d:2f:fd:56:65:31:ed:5b:
1b:03:bd:6b:da:11:70:06:aa:bb:f3:93:c4:7a:c3:c2:c5:4c:
5e:6f:e1:16:a4:1f:34:d4:70:a9:33:98:8e:fd:4c:ef:0e:6e:
16:f4:c9:ec:ad:38:d3:b0:60:65:dc:db:b5:58:2c:d9:db:be:
a9:84:8a:9e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUL++ZshT1iwowCOxwNaaz/Wnv3PQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwMTlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGEzMzAzYWMwMDc5NmY3MDYyNjA0YTQ3NmVjOWE3ZjhmNGNmYjQ3N2I0NzZi
ZTA4YzZlMWE5OWU2NzJkMzA3ZTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5ejISkBYG+H0vi0fY97CZtFcwMU9gneOJqhxa2cIjbftP3XLr7PGCcA2y9
Mj4XyaIvP0Xt6mk38pv/44JPm77snQVIHeUtMkaP37h7O3aeOeFAobxqhL5TFUe7
l3XpzGBD27q3jG5cZ4sU1HoC/AR7+8W8hmoDro3lN0pQbvhApiyOodphV9LdKa9X
6+K0kxWL40Kmgs6MXHrgZQO3X/evMZdW4BxIa2fNdbPtDqn41K/M08RV+SD/uqzf
nI+AJozuDAOl3pz0jvxdcdMhUj7umx2cjdGAQqRCFfGYqnIukwLG9Te7NJds35GM
3sdYEs299M3MRA76X50GyZMeULsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRa6rrx
DbvO4sB80RW/w/T9EFA5BjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mjg2Zjg4MWMtOGZhMC00MjAwLWFkYTItMjBhMGNjNDkwMzhlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOmMA0G
CSqGSIb3DQEBCwUAA4IBAQDMty1/BdfP/RKU4ptFmUmpd02KztdCla77gvtyV+w1
LQJyRSwPSCHmkoVe/Hloq2FIEpQUWkxXDD1LEAEDTelJ4J0DA6IplwF9t1pHPqDa
FbCZKW0aqmwMll2kNBdEcI5y1CncIxUKZmMgfSd7cqRzhp72RLMCDJIlfM5OU2dm
nWtOuO7S7jnpXZY1jrt4C0mf1hS4+elpNlrYyz37nf+ZnLCkLe7mliXYNFib/bI6
lvv8s9luCxrR1PUDX4GKfS/9VmUx7VsbA71r2hFwBqq785PEesPCxUxeb+EWpB80
1HCpM5iO/UzvDm4W9MnsrTjTsGBl3Nu1WCzZ276phIqe
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:00:26 2025 by rpki-client