Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa
File: 4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa (raw, json)
Hash identifier: seWbNhh/jJApmoc+3vx7LN8cBv0i8bJ0FxRkzRHUDLE=
Subject key identifier: AA:38:F5:FB:D7:02:7F:FE:3C:19:D6:B1:20:AD:04:5C:D8:29:EC:36
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 6E8D54C982854D798C3B6BA876AEE283F5BD7B95
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa
Signing time: Sat 27 Sep 2025 00:52:31 +0000
ROA not before: Sat 27 Sep 2025 00:52:31 +0000
ROA not after: Sat 01 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.88.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:8d:54:c9:82:85:4d:79:8c:3b:6b:a8:76:ae:e2:83:f5:bd:7b:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 27 00:52:31 2025 GMT
Not After : Nov 1 23:59:59 2025 GMT
Subject: serialNumber=55d37e61d60ead7e1a151f22e0624767334b507d8124979a5283513709180b37, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:a1:df:fa:95:84:8b:00:7a:80:6f:e4:8d:f2:
30:0e:10:4e:a9:81:b6:2b:e4:9d:e1:fa:c0:74:e1:
ba:57:99:2c:3a:63:b7:ec:25:62:2f:44:17:ec:06:
91:24:36:ec:1d:a0:a2:89:3c:a0:30:a5:d6:9a:f1:
fc:85:89:2d:f3:16:18:0f:08:a7:cc:e6:c9:ef:e8:
61:6d:a8:9e:8a:d8:6b:bb:fc:80:6f:da:e0:c5:b3:
51:f6:db:9e:d0:ec:c1:2b:c6:4f:e8:d1:49:58:db:
16:0b:2a:ed:d9:98:f4:02:05:11:d1:cf:89:a2:6f:
a6:b6:3c:1e:ac:29:27:69:e0:da:82:23:3b:9b:b4:
07:f2:a7:91:18:22:d6:ce:fb:42:90:e9:6b:e0:2e:
58:57:ae:10:0e:22:b1:62:10:0a:38:6c:4c:ad:e1:
a9:de:55:13:4b:70:58:83:c7:85:4f:b1:2a:44:c5:
ba:32:c8:a1:8b:01:49:f1:c9:85:43:53:c9:b4:fa:
c7:5a:6c:36:21:95:75:6f:48:f5:e0:a9:4b:bf:87:
9e:85:4a:16:0d:24:48:f5:4c:cf:60:7e:90:20:6b:
3f:8d:1b:14:83:c2:2d:bd:ba:75:48:7a:29:e1:83:
f4:1d:b5:a4:80:e6:ca:4c:1d:8c:df:4e:76:6b:f7:
c5:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:38:F5:FB:D7:02:7F:FE:3C:19:D6:B1:20:AD:04:5C:D8:29:EC:36
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.88.0/21
Signature Algorithm: sha256WithRSAEncryption
75:27:75:1a:e1:18:4d:b0:cb:46:52:37:a1:2a:74:4a:97:9d:
cc:8a:da:b8:6e:3e:73:03:76:86:9a:34:73:e3:d2:01:10:1a:
6e:25:33:ca:32:a9:1f:dc:21:c4:a8:46:92:e3:f6:09:2f:02:
08:1b:3f:c6:2c:96:76:e8:9f:d5:78:68:69:d4:9b:8b:8d:86:
cb:10:4b:70:ee:cd:14:03:79:db:a5:da:70:9a:5c:c1:7c:d1:
58:c5:61:f0:2a:56:93:9f:ff:4f:fc:7e:3e:d7:10:da:e7:60:
58:a8:ce:5f:93:5c:a9:a5:42:d8:b0:7f:c3:b5:9d:29:ec:10:
88:b3:c6:66:b4:9e:1c:36:35:bc:63:0f:94:28:e9:d4:84:c3:
75:f6:f0:85:99:a1:28:03:3c:e3:ab:fe:d6:f5:46:00:46:c3:
9f:27:2c:77:f7:39:1c:7c:99:fb:c4:a7:fb:ff:c1:80:f2:c8:
b8:5a:93:04:7d:fc:e8:6a:d3:d1:ab:30:ef:71:bd:6b:19:2c:
28:59:72:bf:a2:bb:6a:e4:94:ac:6f:52:39:d1:27:b8:6f:cb:
90:80:3e:b5:23:b8:a7:32:80:bb:c3:aa:12:16:fc:7b:41:ad:
0c:8b:9e:25:a8:9f:79:6c:46:c5:dc:7b:22:4c:fa:7b:4b:44:
5e:96:d8:44
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUbo1UyYKFTXmMO2uodq7ig/W9e5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjcwMDUyMzFaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDU1ZDM3ZTYxZDYwZWFkN2UxYTE1MWYyMmUwNjI0NzY3MzM0YjUwN2Q4MTI0
OTc5YTUyODM1MTM3MDkxODBiMzcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKih3/qVhIsAeoBv5I3yMA4QTqmBtivkneH6wHThuleZLDpjt+wlYi9EF+wG
kSQ27B2gook8oDCl1prx/IWJLfMWGA8Ip8zmye/oYW2onorYa7v8gG/a4MWzUfbb
ntDswSvGT+jRSVjbFgsq7dmY9AIFEdHPiaJvprY8HqwpJ2ng2oIjO5u0B/KnkRgi
1s77QpDpa+AuWFeuEA4isWIQCjhsTK3hqd5VE0twWIPHhU+xKkTFujLIoYsBSfHJ
hUNTybT6x1psNiGVdW9I9eCpS7+HnoVKFg0kSPVMz2B+kCBrP40bFIPCLb26dUh6
KeGD9B21pIDmykwdjN9Odmv3xbUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSqOPX7
1wJ//jwZ1rEgrQRc2CnsNjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGY5ZDNjMzktYWU3Ni00ZjIyLTlkZjktYzY1MDFhY2JjYzg0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAWDAN
BgkqhkiG9w0BAQsFAAOCAQEAdSd1GuEYTbDLRlI3oSp0SpedzIrauG4+cwN2hpo0
c+PSARAabiUzyjKpH9whxKhGkuP2CS8CCBs/xiyWduif1XhoadSbi42GyxBLcO7N
FAN526XacJpcwXzRWMVh8CpWk5//T/x+PtcQ2udgWKjOX5NcqaVC2LB/w7WdKewQ
iLPGZrSeHDY1vGMPlCjp1ITDdfbwhZmhKAM846v+1vVGAEbDnycsd/c5HHyZ+8Sn
+//BgPLIuFqTBH386GrT0asw73G9axksKFlyv6K7auSUrG9SOdEnuG/LkIA+tSO4
pzKAu8OqEhb8e0GtDIueJaifeWxGxdx7Ikz6e0tEXpbYRA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:51:44 2025 by rpki-client