Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
File: 94c2a36e-245b-439a-bf61-04132c5df5a4.roa (raw, json)
Hash identifier: 7wKdH9EdBkcu66b11kBU2Goj7dZ5pSSoGw8rIbCF4gQ=
Subject key identifier: 9C:FA:7B:65:C4:67:D3:04:6D:6C:92:88:91:8D:30:8F:6E:CE:BE:4C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 098BE871A370FE39A1180E2B64E2E61F40B0FD
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
Signing time: Fri 26 Sep 2025 20:39:44 +0000
ROA not before: Fri 26 Sep 2025 20:39:44 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.35.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:8b:e8:71:a3:70:fe:39:a1:18:0e:2b:64:e2:e6:1f:40:b0:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:39:44 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=bb5f40ae4e306f05a1cdf313a2a448f8365218e9a913dd5122c252563aac4913, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:a8:a1:e8:ae:4d:43:08:db:8c:12:3f:2c:f0:
39:59:cb:43:61:75:b3:15:8c:8f:f4:53:2f:0d:9a:
1e:45:fa:84:71:b6:3e:ca:f3:3f:03:04:01:e9:ca:
bc:e3:e2:dd:d4:27:7f:e9:dd:a1:d2:ff:b8:70:49:
85:eb:59:1b:94:b4:af:02:f1:0e:2a:f6:46:96:3e:
cf:bb:52:53:86:fb:da:89:c9:51:e6:1f:6b:71:7d:
22:d2:71:8c:bd:8f:be:2d:e5:36:f8:15:f1:01:d4:
51:f1:47:88:fc:05:d4:74:dd:2b:4f:e3:57:a9:85:
bb:1a:a3:46:11:11:f8:b5:36:f4:33:2d:2e:05:b6:
32:c3:4b:c1:c2:d8:e9:63:71:da:75:0b:41:87:75:
91:d6:54:65:b1:e8:b4:ed:db:ea:6a:17:3d:2e:5f:
e5:a5:0f:d0:e9:3f:f7:15:c8:52:c8:4c:53:85:78:
0e:ad:f3:72:2d:78:58:ed:b6:81:38:f4:cf:8b:43:
6e:ae:1c:13:6f:30:9c:06:f9:4f:4b:91:95:5c:0a:
78:4a:96:ab:57:e6:16:b3:45:cf:9d:f0:1b:d0:7d:
ba:e8:11:07:14:58:df:2c:77:5f:a0:4d:26:d5:0f:
59:10:86:ed:68:a2:ee:42:3a:68:6e:90:8a:58:cd:
9b:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:FA:7B:65:C4:67:D3:04:6D:6C:92:88:91:8D:30:8F:6E:CE:BE:4C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.35.0.0/16
Signature Algorithm: sha256WithRSAEncryption
68:67:45:9b:b3:17:45:d5:71:05:b7:ea:6a:1c:c2:2f:de:f1:
e8:d2:65:71:0e:ce:ff:69:f0:b6:98:65:5d:cb:29:b9:50:12:
50:5a:91:95:fc:c3:7d:8e:0f:d0:97:16:16:e0:4a:64:88:9e:
d8:79:cd:37:43:91:6d:56:04:57:04:e6:16:92:1a:73:e2:e7:
6d:a4:5b:ca:9e:07:09:cd:7f:50:3e:0f:a3:39:b7:a6:23:51:
f3:77:7b:4a:62:f4:e8:0d:58:f2:61:5f:4b:7e:cc:b7:7f:d6:
69:7a:e8:0e:31:9e:d8:c5:3c:95:01:78:a4:59:3a:7f:bb:71:
ad:8b:5e:30:e8:37:ba:0a:45:61:03:1c:bf:2b:6a:19:2e:67:
89:ff:6d:de:ee:e7:1f:3f:fb:36:b5:79:45:e9:06:32:f8:89:
da:5f:75:5e:7d:c3:25:d7:97:2e:b9:fa:4d:3f:85:d8:dc:6c:
b2:6c:cf:3e:cf:c4:00:d0:b9:be:3d:ad:dc:79:45:77:0a:f2:
6e:47:b7:3f:7a:de:52:b8:32:ce:2f:9a:16:df:86:f7:6f:af:
b6:c4:a5:2a:91:bd:ca:e7:38:4f:d6:66:db:5e:ac:4b:0b:6e:
c0:e3:64:ba:41:68:90:ae:55:20:f7:0d:5b:f5:a2:3b:ad:78:
a0:43:23:b5
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgITCYvocaNw/jmhGA4rZOLmH0Cw/TANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg0NTNmNDc0NjM1NGUyYWQxNWNlN2ViZDhkYzIxZjk2YzBl
NWM4N2NmMB4XDTI1MDkyNjIwMzk0NFoXDTI1MTAzMTIzNTk1OVowejFJMEcGA1UE
BRNAYmI1ZjQwYWU0ZTMwNmYwNWExY2RmMzEzYTJhNDQ4ZjgzNjUyMThlOWE5MTNk
ZDUxMjJjMjUyNTYzYWFjNDkxMzEtMCsGA1UEAxMkYzMzNjQxMWEtNjY1MS00ZjEz
LThlZjktZGU2ODFjN2M5NDQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6Kih6K5NQwjbjBI/LPA5WctDYXWzFYyP9FMvDZoeRfqEcbY+yvM/AwQB6cq8
4+Ld1Cd/6d2h0v+4cEmF61kblLSvAvEOKvZGlj7Pu1JThvvaiclR5h9rcX0i0nGM
vY++LeU2+BXxAdRR8UeI/AXUdN0rT+NXqYW7GqNGERH4tTb0My0uBbYyw0vBwtjp
Y3HadQtBh3WR1lRlsei07dvqahc9Ll/lpQ/Q6T/3FchSyExThXgOrfNyLXhY7baB
OPTPi0NurhwTbzCcBvlPS5GVXAp4SparV+YWs0XPnfAb0H266BEHFFjfLHdfoE0m
1Q9ZEIbtaKLuQjpobpCKWM2bEQIDAQABo4ICIDCCAhwwHQYDVR0OBBYEFJz6e2XE
Z9MEbWySiJGNMI9uzr5MMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfP
MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9L
dEZjNS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsG
AQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5j
b20vdm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy85
NGMyYTM2ZS0yNDViLTQzOWEtYmY2MS0wNDEzMmM1ZGY1YTQucm9hMIGIBgNVHR8E
gYAwfjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25h
d3MuY29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4
OGMvX2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAMyMwDQYJ
KoZIhvcNAQELBQADggEBAGhnRZuzF0XVcQW36mocwi/e8ejSZXEOzv9p8LaYZV3L
KblQElBakZX8w32OD9CXFhbgSmSInth5zTdDkW1WBFcE5haSGnPi522kW8qeBwnN
f1A+D6M5t6YjUfN3e0pi9OgNWPJhX0t+zLd/1ml66A4xntjFPJUBeKRZOn+7ca2L
XjDoN7oKRWEDHL8rahkuZ4n/bd7u5x8/+za1eUXpBjL4idpfdV59wyXXly65+k0/
hdjcbLJszz7PxADQub49rdx5RXcK8m5Htz963lK4Ms4vmhbfhvdvr7bEpSqRvcrn
OE/WZtterEsLbsDjZLpBaJCuVSD3DVv1ojuteKBDI7U=
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:38:18 2025 by rpki-client