Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
File: 42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa (raw, json)
Hash identifier: 4l2tXXS72H63rUyEKwNvsHU29yuPqhtmEcl/R1NNAUM=
Subject key identifier: 23:85:59:9B:44:7D:E9:4F:AB:DE:FA:C2:F9:26:73:1E:08:F0:8D:E6
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 78109EC8321E2B3F753F3AADD02EBE86090E9F1F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
Signing time: Mon 29 Sep 2025 15:40:09 +0000
ROA not before: Mon 29 Sep 2025 15:40:09 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.24.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
78:10:9e:c8:32:1e:2b:3f:75:3f:3a:ad:d0:2e:be:86:09:0e:9f:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 29 15:40:09 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=01934fac31a18e444c195284a6243abad6d9a6ceaced606c2c49cea2c0a20077, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:c6:dd:5f:e1:7c:e7:ee:f8:01:ce:0f:f0:db:
08:a9:a0:10:82:78:a1:18:57:a0:50:d8:72:72:0a:
24:8e:b3:13:11:a6:8d:be:e4:36:e5:95:33:82:44:
17:cb:ce:40:86:7b:7f:87:d5:8d:59:51:d0:f5:27:
ce:83:0d:dd:cd:51:d2:55:74:38:eb:38:a8:fe:df:
da:20:c3:50:4c:93:c0:51:8a:52:a5:bd:1b:2e:78:
e5:cc:69:f5:01:c6:35:16:78:41:c1:a4:02:90:7c:
f8:1f:a3:ad:90:c2:42:4f:c1:13:a0:00:74:0a:37:
7f:b0:41:b1:3b:b6:5d:f1:c9:64:d7:00:40:10:8f:
12:fc:62:7a:2a:7b:2c:1d:d1:6a:af:29:96:28:f1:
c0:98:2b:b8:99:5d:12:ff:8a:e9:84:09:54:00:62:
7e:3f:67:a0:3a:3b:ff:4c:a4:c2:d0:52:3b:79:0c:
e7:9c:45:26:c2:a4:c2:87:01:8f:8a:50:85:b5:cf:
2d:e1:65:ea:37:b1:31:e4:7a:5b:23:9f:7b:4b:a4:
e6:70:6c:72:73:7d:88:4e:c4:c3:65:d9:46:27:89:
cb:a7:69:7e:29:26:75:c4:25:3b:e8:bd:69:74:c1:
f3:c2:bb:f6:f3:aa:05:95:21:79:45:2f:ac:6e:d1:
25:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:85:59:9B:44:7D:E9:4F:AB:DE:FA:C2:F9:26:73:1E:08:F0:8D:E6
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.24.0.0/16
Signature Algorithm: sha256WithRSAEncryption
46:de:ec:e1:f3:1a:c8:a8:d5:c8:99:ee:f2:db:cc:4b:80:73:
e4:6e:e5:d3:06:0d:8c:2e:e9:9b:78:9c:51:9b:90:66:27:67:
c7:cb:32:0c:35:4c:54:f5:e9:0f:0c:7a:a0:c6:c1:40:01:3a:
9d:58:3b:39:48:40:b9:e3:e3:b4:2e:1c:4e:f7:85:5d:07:94:
0b:8e:dd:e3:a8:cf:f7:21:5c:39:64:4d:2f:f6:9f:3e:ef:6e:
8a:39:0f:89:9f:27:8f:20:21:f4:18:a2:35:03:f6:6d:be:c4:
ee:b5:b3:74:e4:5e:8e:6d:ad:e0:e6:75:d5:a4:fe:f4:c9:2b:
16:70:5d:e9:a7:d4:9e:56:73:da:a2:82:6c:99:8f:7f:1c:8c:
01:5a:3a:a1:e2:d7:45:42:af:30:24:30:b2:3b:5b:ba:1b:d4:
61:59:a1:53:84:4c:6a:48:2c:b3:2e:fa:14:7a:d5:28:2b:87:
4e:5d:97:d7:c2:15:c3:8b:a7:1d:e9:11:5f:90:71:92:ea:49:
be:1a:38:d4:21:5d:0b:36:50:f6:e0:bb:30:df:66:4d:1e:2d:
7a:9a:05:ff:2a:1b:c5:17:df:40:4b:c1:8a:48:b5:03:7e:f0:
a2:4f:ab:86:96:c2:e3:ec:b5:df:dc:2c:d9:ac:47:26:d6:58:
0c:3f:63:6c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUeBCeyDIeKz91Pzqt0C6+hgkOnx8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjkxNTQwMDlaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDAxOTM0ZmFjMzFhMThlNDQ0YzE5NTI4NGE2MjQzYWJhZDZkOWE2Y2VhY2Vk
NjA2YzJjNDljZWEyYzBhMjAwNzcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAInG3V/hfOfu+AHOD/DbCKmgEIJ4oRhXoFDYcnIKJI6zExGmjb7kNuWVM4JE
F8vOQIZ7f4fVjVlR0PUnzoMN3c1R0lV0OOs4qP7f2iDDUEyTwFGKUqW9Gy545cxp
9QHGNRZ4QcGkApB8+B+jrZDCQk/BE6AAdAo3f7BBsTu2XfHJZNcAQBCPEvxieip7
LB3Raq8plijxwJgruJldEv+K6YQJVABifj9noDo7/0ykwtBSO3kM55xFJsKkwocB
j4pQhbXPLeFl6jexMeR6WyOfe0uk5nBscnN9iE7Ew2XZRieJy6dpfikmdcQlO+i9
aXTB88K79vOqBZUheUUvrG7RJR8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQjhVmb
RH3pT6ve+sL5JnMeCPCN5jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDJmNDdjODUtZTlmZS00MGY5LWFlMWMtNTdlYTFiODA1NDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMYMA0G
CSqGSIb3DQEBCwUAA4IBAQBG3uzh8xrIqNXIme7y28xLgHPkbuXTBg2MLumbeJxR
m5BmJ2fHyzIMNUxU9ekPDHqgxsFAATqdWDs5SEC54+O0LhxO94VdB5QLjt3jqM/3
IVw5ZE0v9p8+726KOQ+JnyePICH0GKI1A/ZtvsTutbN05F6Oba3g5nXVpP70ySsW
cF3pp9SeVnPaooJsmY9/HIwBWjqh4tdFQq8wJDCyO1u6G9RhWaFThExqSCyzLvoU
etUoK4dOXZfXwhXDi6cd6RFfkHGS6km+GjjUIV0LNlD24Lsw32ZNHi16mgX/KhvF
F99AS8GKSLUDfvCiT6uGlsLj7LXf3CzZrEcm1lgMP2Ns
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:51:58 2025 by rpki-client