Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
File: aa15a3a6-022f-41a6-9a60-2175164bb741.roa (raw, json)
Hash identifier: ympqcVDwohYBZiQsX80GvlMI+s7sk2k8vnRoPo+YPR8=
Subject key identifier: 74:E4:B9:08:D0:0D:72:79:A8:FB:19:98:77:A6:62:56:D6:60:37:8B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1C84881510C0346186E9F8233F3DBF12EDD9CC19
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
Signing time: Sat 27 Sep 2025 00:52:43 +0000
ROA not before: Sat 27 Sep 2025 00:52:43 +0000
ROA not after: Sat 01 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.204.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:84:88:15:10:c0:34:61:86:e9:f8:23:3f:3d:bf:12:ed:d9:cc:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 27 00:52:43 2025 GMT
Not After : Nov 1 23:59:59 2025 GMT
Subject: serialNumber=ad56e56d4c0bf01db2cc2eb5f4e94cf236489f11df7fc289f9f0436cd65d2551, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:f1:ee:3f:e7:3f:37:75:24:7f:44:ab:1d:a4:
5c:40:be:41:ba:79:0b:a8:85:00:f0:67:cf:ba:f4:
5a:0b:af:0c:f3:b5:aa:a0:a7:9c:60:68:15:3e:6e:
ee:f0:5d:85:72:7a:78:02:c6:f8:57:38:5d:a3:94:
46:db:fa:4c:d7:75:e9:f7:42:cd:84:bd:56:3c:df:
5e:1b:2d:d4:67:3e:6a:e6:e8:1e:2d:6e:c4:26:d6:
84:00:be:04:d3:a7:e4:a1:48:19:53:b8:76:c8:90:
65:4d:ca:37:6a:8b:95:86:38:04:e9:2b:b4:27:23:
49:24:56:79:28:50:9d:7a:c3:da:cd:21:20:d8:8e:
e4:04:ce:73:ba:56:ff:72:24:7d:86:b0:48:b0:ff:
a9:4b:e4:1f:e8:54:be:e9:aa:de:6d:31:8b:e0:e8:
ad:83:e1:b5:4b:74:1c:95:8e:07:29:6f:fa:ca:17:
6d:47:eb:d0:1e:32:f3:48:aa:d1:d5:b2:91:6a:a9:
fc:19:43:3b:c1:36:34:34:dd:06:7d:f2:5e:e9:5a:
cd:9f:64:ce:da:8a:c2:27:bd:4a:c4:e6:07:bb:43:
5e:f0:bb:eb:c7:c9:6c:66:9d:eb:7a:14:45:57:9b:
1e:3d:62:37:3c:11:c7:18:f9:83:07:ea:9d:bf:89:
d7:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:E4:B9:08:D0:0D:72:79:A8:FB:19:98:77:A6:62:56:D6:60:37:8B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.204.0/24
Signature Algorithm: sha256WithRSAEncryption
15:9d:15:bf:30:38:63:ea:c5:37:8e:5a:67:da:d4:57:74:b8:
34:bc:83:3d:df:29:3f:47:dc:ea:91:55:c0:4e:00:1e:87:66:
17:0b:ad:3f:35:a5:9b:4b:84:1b:6e:89:6a:89:ee:21:b6:c8:
8a:df:2f:f9:69:79:85:e8:02:79:c5:86:fa:bc:f7:03:f9:f7:
3a:b2:2e:58:62:d0:5c:ce:78:ec:63:8a:a9:2a:b8:4f:d5:72:
df:50:91:ab:88:a2:b4:93:20:be:1d:f5:53:ed:df:7d:9c:2d:
54:56:a3:f0:1d:da:85:53:ae:c7:e8:d1:67:4c:9a:1c:12:5e:
73:2a:fa:69:5a:ad:37:3a:90:00:f5:d6:70:93:40:93:fd:9b:
66:8d:d1:4f:60:5b:a5:f7:cf:0f:c1:e6:83:16:f7:9e:b6:f6:
94:0f:14:61:a9:bb:d8:a1:02:77:e0:34:5d:22:73:9f:57:e4:
20:3c:da:e2:72:4d:55:c9:73:16:69:89:2f:41:11:4c:95:02:
d3:60:4a:10:a8:cd:ed:7f:43:d7:d4:3c:72:15:28:18:e9:6c:
48:e3:7c:ae:89:33:08:6a:7c:27:b2:7f:7c:97:73:61:d6:88:
43:d0:ef:69:19:25:10:a8:8f:a3:1f:24:de:c9:4c:e4:7b:dd:
b5:44:22:3f
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUHISIFRDANGGG6fgjPz2/Eu3ZzBkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjcwMDUyNDNaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFkNTZlNTZkNGMwYmYwMWRiMmNjMmViNWY0ZTk0Y2YyMzY0ODlmMTFkZjdm
YzI4OWY5ZjA0MzZjZDY1ZDI1NTExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKHx7j/nPzd1JH9Eqx2kXEC+Qbp5C6iFAPBnz7r0WguvDPO1qqCnnGBoFT5u
7vBdhXJ6eALG+Fc4XaOURtv6TNd16fdCzYS9VjzfXhst1Gc+auboHi1uxCbWhAC+
BNOn5KFIGVO4dsiQZU3KN2qLlYY4BOkrtCcjSSRWeShQnXrD2s0hINiO5ATOc7pW
/3IkfYawSLD/qUvkH+hUvumq3m0xi+DorYPhtUt0HJWOBylv+soXbUfr0B4y80iq
0dWykWqp/BlDO8E2NDTdBn3yXulazZ9kztqKwie9SsTmB7tDXvC768fJbGad63oU
RVebHj1iNzwRxxj5gwfqnb+J18UCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBR05LkI
0A1yeaj7GZh3pmJW1mA3izAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWExNWEzYTYtMDIyZi00MWE2LTlhNjAtMjE3NTE2NGJiNzQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMQzDAN
BgkqhkiG9w0BAQsFAAOCAQEAFZ0VvzA4Y+rFN45aZ9rUV3S4NLyDPd8pP0fc6pFV
wE4AHodmFwutPzWlm0uEG26JaonuIbbIit8v+Wl5hegCecWG+rz3A/n3OrIuWGLQ
XM547GOKqSq4T9Vy31CRq4iitJMgvh31U+3ffZwtVFaj8B3ahVOux+jRZ0yaHBJe
cyr6aVqtNzqQAPXWcJNAk/2bZo3RT2BbpffPD8Hmgxb3nrb2lA8UYam72KECd+A0
XSJzn1fkIDza4nJNVclzFmmJL0ERTJUC02BKEKjN7X9D19Q8chUoGOlsSON8rokz
CGp8J7J/fJdzYdaIQ9DvaRklEKiPox8k3slM5HvdtUQiPw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:38:43 2025 by rpki-client