Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa
File: 49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa (raw, json)
Hash identifier: iyjxBBFcjFrlqFLUDvYppPt7pQ79XRiObZaKdwBQVD8=
Subject key identifier: 24:F2:9F:EE:BD:EF:D4:2C:B8:88:22:4C:E7:60:73:B1:79:D7:FC:2B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3C76C8979FC9EFF95F771D7A366D2083DC206F20
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa
Signing time: Fri 26 Sep 2025 20:20:35 +0000
ROA not before: Fri 26 Sep 2025 20:20:35 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.192.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:76:c8:97:9f:c9:ef:f9:5f:77:1d:7a:36:6d:20:83:dc:20:6f:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:20:35 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=14e7fee5b73a6e3180236116b49ec64ef5c868f5bcd4f434258f40f4e6c9378e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:1a:95:6e:6a:3e:91:a6:13:1e:ce:fb:b5:58:
13:3a:c3:06:96:a5:40:b2:7d:b1:9b:89:26:0b:0b:
19:4d:12:20:41:c8:9f:34:4c:e5:42:e5:58:42:cc:
d8:ab:8d:45:ba:0e:9c:91:53:65:75:87:d1:70:de:
1a:26:0b:da:3c:1b:66:34:3a:90:b0:91:0b:8f:1e:
e5:b8:87:68:5c:4f:bd:1b:11:75:0e:9c:78:d5:d3:
e8:05:a5:ce:67:6c:c3:0b:f2:57:ec:54:56:07:d2:
50:be:b9:7f:50:65:17:d1:8e:c2:d3:f1:0a:9b:c7:
91:27:c4:eb:1f:4d:9d:1b:f6:c8:4d:c3:29:3e:a0:
bc:bc:7c:00:e8:75:3b:f8:7b:a7:aa:9c:75:8f:b6:
e9:64:3f:25:32:f7:49:ac:67:a4:94:64:15:32:af:
6d:ea:c8:f9:e8:bf:40:95:1c:2d:91:61:07:2c:a6:
84:36:35:73:63:55:28:de:cc:f6:68:c5:ba:08:8f:
33:51:15:69:03:d1:cb:62:3e:fd:38:f0:4f:bb:69:
11:4d:db:b1:34:6e:b7:b5:2f:8b:55:60:b4:aa:25:
d7:00:83:a9:35:d1:62:a2:fb:5e:bc:01:96:b3:67:
fe:28:56:39:b7:ee:6c:d5:a9:07:a5:d9:9c:84:c0:
9b:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:F2:9F:EE:BD:EF:D4:2C:B8:88:22:4C:E7:60:73:B1:79:D7:FC:2B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.192.0.0/15
Signature Algorithm: sha256WithRSAEncryption
2f:66:d2:9c:29:d6:f6:f6:dd:39:c9:87:02:07:81:4d:36:9c:
6b:ab:a6:68:ad:37:60:a8:4e:7d:a9:ae:a2:18:29:59:14:2e:
e0:39:34:ed:3a:c7:55:5b:47:f2:a9:3f:a1:7d:5c:17:09:07:
d9:bb:6c:d1:ec:2a:60:8b:49:98:d6:13:6a:26:3c:fd:62:bb:
8d:ca:72:ea:51:e4:83:04:61:db:d1:98:c6:8e:c4:06:27:61:
94:db:51:bf:d9:12:7b:63:7c:19:0e:5b:d3:09:ea:16:ec:66:
d0:ce:89:67:d4:c3:52:3f:b2:5c:3b:d4:4c:17:2f:40:49:7b:
2c:30:02:71:03:ac:40:61:e3:5b:37:bb:97:50:aa:7c:81:53:
f9:70:97:48:00:5b:6b:a8:da:e4:a3:d6:92:a6:57:c8:78:62:
59:fb:e8:f4:1a:a5:20:cd:71:13:75:ac:23:cb:05:c7:60:40:
a2:a5:87:ba:0d:4e:72:94:74:24:2e:0b:0e:34:2a:0a:6c:76:
10:e9:9d:a5:fa:ea:fd:89:23:74:03:1a:25:e5:7b:4a:4f:e6:
ee:07:a5:f6:ed:8d:28:34:3d:2f:67:24:44:b7:31:21:16:da:
69:5d:42:bf:cc:31:7a:ba:45:89:98:36:28:5c:ca:3a:14:61:
a6:66:07:da
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUPHbIl5/J7/lfdx16Nm0gg9wgbyAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwMzVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDE0ZTdmZWU1YjczYTZlMzE4MDIzNjExNmI0OWVjNjRlZjVjODY4ZjViY2Q0
ZjQzNDI1OGY0MGY0ZTZjOTM3OGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANkalW5qPpGmEx7O+7VYEzrDBpalQLJ9sZuJJgsLGU0SIEHInzRM5ULlWELM
2KuNRboOnJFTZXWH0XDeGiYL2jwbZjQ6kLCRC48e5biHaFxPvRsRdQ6ceNXT6AWl
zmdswwvyV+xUVgfSUL65f1BlF9GOwtPxCpvHkSfE6x9NnRv2yE3DKT6gvLx8AOh1
O/h7p6qcdY+26WQ/JTL3SaxnpJRkFTKvberI+ei/QJUcLZFhByymhDY1c2NVKN7M
9mjFugiPM1EVaQPRy2I+/TjwT7tpEU3bsTRut7Uvi1VgtKol1wCDqTXRYqL7XrwB
lrNn/ihWObfubNWpB6XZnITAmyECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQk8p/u
ve/ULLiIIkznYHOxedf8KzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDliMmI1ZDUtNDZhNy00MmEzLTk5MDAtYmNiN2UzZWRmZmRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPAMA0G
CSqGSIb3DQEBCwUAA4IBAQAvZtKcKdb29t05yYcCB4FNNpxrq6ZorTdgqE59qa6i
GClZFC7gOTTtOsdVW0fyqT+hfVwXCQfZu2zR7Cpgi0mY1hNqJjz9YruNynLqUeSD
BGHb0ZjGjsQGJ2GU21G/2RJ7Y3wZDlvTCeoW7GbQzoln1MNSP7JcO9RMFy9ASXss
MAJxA6xAYeNbN7uXUKp8gVP5cJdIAFtrqNrko9aSplfIeGJZ++j0GqUgzXETdawj
ywXHYECipYe6DU5ylHQkLgsONCoKbHYQ6Z2l+ur9iSN0Axol5XtKT+buB6X27Y0o
ND0vZyREtzEhFtppXUK/zDF6ukWJmDYoXMo6FGGmZgfa
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:34:46 2025 by rpki-client