Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
File: 67568c6a-cd1a-4586-a397-580b374dbdb0.roa (raw, json)
Hash identifier: y7bS74xb2gdBLGizrfc+JfOEICVU4xXiv7+cauwtxWc=
Subject key identifier: DA:4F:75:88:DC:83:C8:4C:37:C0:F9:78:78:D4:67:3E:8B:89:11:F3
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 6AB4D69B019EC70F2F1F88DBB64F438983FB5BB3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
Signing time: Fri 26 Sep 2025 20:39:52 +0000
ROA not before: Fri 26 Sep 2025 20:39:52 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.60.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6a:b4:d6:9b:01:9e:c7:0f:2f:1f:88:db:b6:4f:43:89:83:fb:5b:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:39:52 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=39139e7abfe6151f633786df46d10728ba23f215dd74029198e762d6e09fb05c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:6f:e5:db:a0:e7:b7:77:ad:d8:11:8c:98:cf:
6f:77:ef:f4:45:8c:89:8e:0e:89:39:ed:db:e0:49:
fa:72:cb:88:9e:2c:1b:89:e5:86:cd:6e:05:1f:4c:
d4:f3:cf:fc:28:5f:d3:85:32:6d:6f:f3:69:6b:40:
d4:6c:e5:2d:4c:ab:f8:f5:3e:cf:3e:f7:f2:40:7c:
56:11:68:b8:26:f9:3f:ba:69:b4:27:a4:71:bf:a8:
bf:ff:b4:2e:8e:0f:ec:16:45:81:8d:df:0f:cf:d2:
8c:93:3b:6a:3b:e9:37:e6:fd:47:5d:c7:d6:26:98:
30:9d:6e:f8:e7:1d:1c:99:5b:88:f3:68:e5:e8:66:
9a:af:f3:e7:ed:ea:97:5a:df:d6:84:6e:ba:11:1e:
ae:57:36:86:7f:4c:f8:95:4b:9b:fa:6a:59:fa:be:
d2:9d:8f:16:d4:97:49:c1:14:4d:c9:1d:26:c0:a6:
df:b8:ad:ff:0a:55:ec:2a:09:c5:bd:10:94:e7:a1:
b7:9c:96:a7:07:2c:78:4c:6d:41:11:9d:47:05:5c:
d8:04:ee:c6:4e:16:d7:2b:49:a8:10:b6:4c:a3:1c:
5e:7c:76:0e:e7:60:53:14:be:ad:50:27:21:31:af:
73:a3:fd:7f:c5:54:1b:62:74:06:f4:1a:e5:3f:2e:
df:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:4F:75:88:DC:83:C8:4C:37:C0:F9:78:78:D4:67:3E:8B:89:11:F3
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.60.0.0/16
Signature Algorithm: sha256WithRSAEncryption
31:da:b0:0e:ed:21:60:ed:4e:31:3f:0f:e2:39:61:bb:f6:1b:
be:4e:dc:20:c0:2a:ca:be:75:7a:f5:e2:e3:ea:cf:97:eb:01:
e8:5c:5d:50:f9:67:f3:62:cc:e5:83:2e:a6:32:0c:9e:7e:c7:
7f:50:77:a8:7e:d9:f6:78:d6:7f:b8:7a:a3:a9:14:13:57:aa:
70:16:30:5a:a7:c1:9e:ca:2d:33:01:09:3b:6b:62:e6:6d:87:
7f:f6:57:be:e1:aa:63:45:ea:75:9d:44:a5:1d:58:87:99:89:
7a:6a:f5:37:71:51:af:a0:5d:10:88:a4:e8:50:23:09:e0:32:
f8:56:a2:4e:ed:1b:2f:d4:04:10:da:6e:79:d0:3f:c9:2e:e2:
92:14:25:f8:27:8d:71:e6:c4:a3:72:52:bd:b5:04:4f:90:8d:
a5:95:69:0f:68:99:1b:d3:07:d3:a9:08:31:12:18:2a:07:e0:
7c:46:4c:d9:81:c1:93:2b:28:65:8a:5d:6d:ee:57:86:64:f0:
d4:d2:3c:1e:ab:01:f3:a5:1b:b7:2a:ee:41:08:8c:e1:a5:9d:
9a:db:91:a7:3b:cf:a7:d0:0f:24:6c:4e:9a:76:0d:62:0d:88:
c5:bc:f4:e7:ee:f1:cd:08:a5:ea:c4:ec:d5:b5:54:c1:42:b0:
3f:5d:0f:04
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUarTWmwGexw8vH4jbtk9DiYP7W7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDM5NTJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDM5MTM5ZTdhYmZlNjE1MWY2MzM3ODZkZjQ2ZDEwNzI4YmEyM2YyMTVkZDc0
MDI5MTk4ZTc2MmQ2ZTA5ZmIwNWMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALhv5dug57d3rdgRjJjPb3fv9EWMiY4OiTnt2+BJ+nLLiJ4sG4nlhs1uBR9M
1PPP/Chf04UybW/zaWtA1GzlLUyr+PU+zz738kB8VhFouCb5P7pptCekcb+ov/+0
Lo4P7BZFgY3fD8/SjJM7ajvpN+b9R13H1iaYMJ1u+OcdHJlbiPNo5ehmmq/z5+3q
l1rf1oRuuhEerlc2hn9M+JVLm/pqWfq+0p2PFtSXScEUTckdJsCm37it/wpV7CoJ
xb0QlOeht5yWpwcseExtQRGdRwVc2ATuxk4W1ytJqBC2TKMcXnx2DudgUxS+rVAn
ITGvc6P9f8VUG2J0BvQa5T8u3ykCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTaT3WI
3IPITDfA+Xh41Gc+i4kR8zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc1NjhjNmEtY2QxYS00NTg2LWEzOTctNTgwYjM3NGRiZGIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQAx2rAO7SFg7U4xPw/iOWG79hu+TtwgwCrKvnV69eLj
6s+X6wHoXF1Q+WfzYszlgy6mMgyefsd/UHeoftn2eNZ/uHqjqRQTV6pwFjBap8Ge
yi0zAQk7a2LmbYd/9le+4apjRep1nUSlHViHmYl6avU3cVGvoF0QiKToUCMJ4DL4
VqJO7Rsv1AQQ2m550D/JLuKSFCX4J41x5sSjclK9tQRPkI2llWkPaJkb0wfTqQgx
EhgqB+B8RkzZgcGTKyhlil1t7leGZPDU0jweqwHzpRu3Ku5BCIzhpZ2a25GnO8+n
0A8kbE6adg1iDYjFvPTn7vHNCKXqxOzVtVTBQrA/XQ8E
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:40:57 2025 by rpki-client