Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b40039c9-98c7-4c92-bda9-d60bb59234aa.roa
File: b40039c9-98c7-4c92-bda9-d60bb59234aa.roa (raw, json)
Hash identifier: PU9YtYp0nBcGGitpRNezh8UTMS2UGOGKoQkZvvK6oKk=
Subject key identifier: F0:0E:82:41:1A:3F:D8:04:4C:59:4E:34:51:3F:85:27:86:F7:D8:B1
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 38170B8446EA294B171E5236894EAE6CC3892D1C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b40039c9-98c7-4c92-bda9-d60bb59234aa.roa
Signing time: Wed 15 Oct 2025 19:41:09 +0000
ROA not before: Wed 15 Oct 2025 19:41:09 +0000
ROA not after: Wed 19 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.74.0.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:17:0b:84:46:ea:29:4b:17:1e:52:36:89:4e:ae:6c:c3:89:2d:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 15 19:41:09 2025 GMT
Not After : Nov 19 23:59:59 2025 GMT
Subject: serialNumber=c92b6d3b5a00f38bd0e5bf97675d9f4ecd2fcd0f4e4fda0d72fd02f698a27edd, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:29:a1:f6:9b:1c:50:5a:b9:e1:b1:ac:e6:86:
79:e8:af:bc:13:0d:4d:3a:5e:24:48:70:8e:c6:9e:
97:cc:b8:3e:1a:b6:59:ff:7b:67:fa:35:8f:ff:52:
68:0b:80:19:1b:4a:85:83:35:fc:12:56:27:8d:f7:
45:a9:13:57:ad:0c:80:09:27:d1:fb:fd:f5:6c:13:
fc:72:34:d7:bc:7c:11:01:2a:60:ff:af:8a:c3:66:
0a:94:51:35:38:93:04:a0:7b:43:b6:77:7f:d1:6f:
08:f2:18:6f:5d:d6:f7:54:12:f9:e1:c7:dd:61:b7:
4f:a2:61:54:fa:94:6c:3f:7d:da:6c:88:77:3e:56:
68:d3:cc:e0:ea:0b:75:85:e5:95:ec:67:a3:f4:54:
9a:34:8c:fe:35:f4:08:29:3f:2b:94:ea:9e:dd:06:
48:b3:7f:1f:16:60:e7:b2:97:40:d1:42:66:7f:b3:
bc:be:3d:97:6d:5a:73:f2:45:24:df:5a:29:26:cf:
0e:8b:4c:c2:ba:e7:44:82:78:6a:d0:66:c4:f8:32:
ae:d1:8f:de:28:56:55:fc:76:47:09:e8:89:1d:9b:
70:8b:79:30:67:49:dd:b3:e7:3d:14:c3:9f:bc:02:
7f:2d:f1:ef:9c:19:e2:c9:9d:b2:c4:b9:b3:2a:38:
93:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:0E:82:41:1A:3F:D8:04:4C:59:4E:34:51:3F:85:27:86:F7:D8:B1
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b40039c9-98c7-4c92-bda9-d60bb59234aa.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.74.0.0/20
Signature Algorithm: sha256WithRSAEncryption
5f:59:6f:a1:9d:46:8f:5f:85:9a:1d:ad:09:4c:73:30:c1:f4:
e5:98:52:79:2c:76:66:a6:54:de:87:27:82:fb:d8:fb:f8:05:
31:df:13:3b:23:a4:f4:68:6f:da:ed:36:64:91:c6:61:9d:5d:
03:c3:06:c2:f4:91:38:4a:ee:3f:2e:87:a0:2d:44:86:3f:04:
57:5a:4c:af:51:75:41:90:64:e9:99:54:8e:4b:f7:af:43:2f:
43:3f:ac:16:1d:98:a3:38:7a:29:5f:97:bc:ca:9c:a4:09:13:
8a:88:8f:f7:7e:41:22:b6:c3:8c:42:57:ca:03:42:0f:ed:62:
32:a9:d8:22:01:8d:d1:ac:c0:43:4e:49:0c:20:32:fe:55:93:
ca:20:17:bd:dc:0a:39:a2:2d:fd:0b:28:b2:3d:5f:f1:47:b3:
03:23:92:57:8c:f0:14:47:97:ba:19:ef:a0:f6:71:87:cf:6f:
05:f5:82:28:b1:66:38:9f:a0:7a:2a:ce:ee:09:d2:c3:e9:f3:
7f:da:bd:aa:97:13:e9:7d:71:2c:8a:f1:f4:ea:f9:f7:e7:45:
7b:32:eb:57:89:ee:ae:cf:40:1f:73:d2:3a:e6:9f:45:43:73:
a8:05:24:7c:03:79:1c:4c:c8:f8:3a:4f:fc:b0:11:50:11:5e:
bd:40:b0:60
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUOBcLhEbqKUsXHlI2iU6ubMOJLRwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMTUxOTQxMDlaFw0yNTExMTkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM5MmI2ZDNiNWEwMGYzOGJkMGU1YmY5NzY3NWQ5ZjRlY2QyZmNkMGY0ZTRm
ZGEwZDcyZmQwMmY2OThhMjdlZGQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANMpofabHFBaueGxrOaGeeivvBMNTTpeJEhwjsael8y4Phq2Wf97Z/o1j/9S
aAuAGRtKhYM1/BJWJ433RakTV60MgAkn0fv99WwT/HI017x8EQEqYP+visNmCpRR
NTiTBKB7Q7Z3f9FvCPIYb13W91QS+eHH3WG3T6JhVPqUbD992myIdz5WaNPM4OoL
dYXllexno/RUmjSM/jX0CCk/K5Tqnt0GSLN/HxZg57KXQNFCZn+zvL49l21ac/JF
JN9aKSbPDotMwrrnRIJ4atBmxPgyrtGP3ihWVfx2RwnoiR2bcIt5MGdJ3bPnPRTD
n7wCfy3x75wZ4smdssS5syo4kyUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTwDoJB
Gj/YBExZTjRRP4UnhvfYsTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjQwMDM5YzktOThjNy00YzkyLWJkYTktZDYwYmI1OTIzNGFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBDNKADAN
BgkqhkiG9w0BAQsFAAOCAQEAX1lvoZ1Gj1+Fmh2tCUxzMMH05ZhSeSx2ZqZU3ocn
gvvY+/gFMd8TOyOk9Ghv2u02ZJHGYZ1dA8MGwvSROEruPy6HoC1Ehj8EV1pMr1F1
QZBk6ZlUjkv3r0MvQz+sFh2Yozh6KV+XvMqcpAkTioiP935BIrbDjEJXygNCD+1i
MqnYIgGN0azAQ05JDCAy/lWTyiAXvdwKOaIt/Qsosj1f8UezAyOSV4zwFEeXuhnv
oPZxh89vBfWCKLFmOJ+geirO7gnSw+nzf9q9qpcT6X1xLIrx9Or59+dFezLrV4nu
rs9AH3PSOuafRUNzqAUkfAN5HEzI+DpP/LARUBFevUCwYA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:26:26 2025 by rpki-client