Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa
File: 42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa (raw, json)
Hash identifier: Y1qY4VFeKxlxRjx8rnvmhFcFoH8mzMOnjKdVnh8oIPk=
Subject key identifier: 0E:D3:04:40:43:19:B3:45:3A:72:73:79:5B:E8:CA:8A:72:89:76:94
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 553A1C59CD1185CA0C5F12AFBF47B043F5C3C878
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa
Signing time: Fri 26 Sep 2025 20:20:17 +0000
ROA not before: Fri 26 Sep 2025 20:20:17 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.164.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:3a:1c:59:cd:11:85:ca:0c:5f:12:af:bf:47:b0:43:f5:c3:c8:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:20:17 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=8b49d1a7e2ec4ce16adddfc72771e7d8fbc68ae10b5e7a7ae952ea174e0f89ad, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:9f:25:c0:89:1c:bd:af:77:32:be:3a:46:d8:
6d:08:4d:07:64:74:d8:4b:1e:11:5d:3e:ea:48:1c:
3e:56:20:50:98:7d:35:a4:63:6d:4e:9e:ed:fb:f1:
22:a0:90:d3:61:39:3e:d9:ae:11:be:a0:c3:07:8c:
2f:fd:63:98:1b:96:e6:2a:ad:f9:3e:a4:9f:85:8a:
7c:1e:1d:9d:af:85:46:37:d8:09:a3:97:e3:13:46:
5a:6f:f9:c8:bd:aa:84:d4:80:df:a0:19:98:f5:ce:
8d:14:25:f2:2f:ae:e2:d8:73:cc:e2:1b:f8:0d:88:
5e:80:48:f0:c4:d4:47:fc:2b:57:13:f3:b1:07:f3:
36:53:1b:d0:c5:89:bb:60:2f:04:b5:b7:33:f7:39:
69:f9:3e:5f:2e:82:7f:c3:1d:da:3a:26:fb:01:20:
6c:70:b8:81:00:26:4a:27:19:8c:1e:df:6b:d3:9f:
e0:35:1d:ef:cc:32:3d:bb:a1:9e:29:65:97:e8:07:
fb:78:97:23:be:ec:73:03:f6:74:d1:23:3f:b2:16:
0a:c7:f4:c3:91:8e:6a:12:9a:ad:11:28:9b:d7:b2:
8a:c4:4d:3c:95:07:01:53:e5:7a:a7:b1:07:94:3b:
10:bd:ef:11:81:b8:d3:5a:36:a1:26:d9:7f:ba:2e:
f2:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:D3:04:40:43:19:B3:45:3A:72:73:79:5B:E8:CA:8A:72:89:76:94
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.164.0.0/15
Signature Algorithm: sha256WithRSAEncryption
66:5d:05:97:78:91:70:d1:ca:55:9f:97:27:c1:f2:d6:61:d0:
00:da:ab:a9:ec:79:fc:82:f0:fa:de:0b:b8:cc:30:77:11:6d:
01:25:84:d5:d3:e7:5c:2b:e5:e9:3c:ae:47:ce:f8:17:d0:15:
94:7e:db:39:4b:1c:20:47:f5:3a:b4:de:2f:68:11:45:ee:1b:
d7:e9:e8:d6:f6:ab:b1:f3:f9:41:6d:23:52:8f:2f:51:10:5d:
60:64:be:6d:18:d8:4b:ad:c1:74:d9:b9:f0:b1:26:a3:89:0d:
40:1c:7b:6e:da:00:3b:72:47:75:1e:8a:82:8c:d2:c4:ce:9f:
eb:c3:53:0c:cb:1f:bf:2e:38:82:7b:2a:20:ba:b2:fa:ec:41:
0c:be:f7:f8:26:53:e0:34:29:18:c6:60:cf:b8:6d:e7:57:a2:
84:1c:8c:66:58:3e:ab:99:4a:44:ce:5f:a0:7e:9d:0b:97:c4:
38:5b:0b:9b:bf:65:c1:cd:0f:3c:27:79:04:ca:11:7e:05:f9:
90:08:54:b5:ec:2f:03:e0:7e:79:31:48:81:44:51:bf:98:c7:
92:fb:8d:32:37:0c:f4:16:79:37:dc:aa:1c:8d:40:5a:92:b0:
f1:f1:cd:23:3b:49:2f:d6:05:b7:90:9a:b9:6f:d4:7b:f0:39:
c4:62:e7:a2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVTocWc0RhcoMXxKvv0ewQ/XDyHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwMTdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhiNDlkMWE3ZTJlYzRjZTE2YWRkZGZjNzI3NzFlN2Q4ZmJjNjhhZTEwYjVl
N2E3YWU5NTJlYTE3NGUwZjg5YWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM6fJcCJHL2vdzK+OkbYbQhNB2R02EseEV0+6kgcPlYgUJh9NaRjbU6e7fvx
IqCQ02E5PtmuEb6gwweML/1jmBuW5iqt+T6kn4WKfB4dna+FRjfYCaOX4xNGWm/5
yL2qhNSA36AZmPXOjRQl8i+u4thzzOIb+A2IXoBI8MTUR/wrVxPzsQfzNlMb0MWJ
u2AvBLW3M/c5afk+Xy6Cf8Md2jom+wEgbHC4gQAmSicZjB7fa9Of4DUd78wyPbuh
nilll+gH+3iXI77scwP2dNEjP7IWCsf0w5GOahKarREom9eyisRNPJUHAVPleqex
B5Q7EL3vEYG401o2oSbZf7ou8pcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQO0wRA
QxmzRTpyc3lb6MqKcol2lDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDJlZmExYTgtZjgwNC00N2M1LThhM2QtNmYzZWEwNWUxYTViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOkMA0G
CSqGSIb3DQEBCwUAA4IBAQBmXQWXeJFw0cpVn5cnwfLWYdAA2qup7Hn8gvD63gu4
zDB3EW0BJYTV0+dcK+XpPK5HzvgX0BWUfts5SxwgR/U6tN4vaBFF7hvX6ejW9qux
8/lBbSNSjy9REF1gZL5tGNhLrcF02bnwsSajiQ1AHHtu2gA7ckd1HoqCjNLEzp/r
w1MMyx+/LjiCeyogurL67EEMvvf4JlPgNCkYxmDPuG3nV6KEHIxmWD6rmUpEzl+g
fp0Ll8Q4Wwubv2XBzQ88J3kEyhF+BfmQCFS17C8D4H55MUiBRFG/mMeS+40yNwz0
Fnk33KocjUBakrDx8c0jO0kv1gW3kJq5b9R78DnEYuei
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:51:45 2025 by rpki-client