Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bad59de4-adad-41c5-bcd9-10599419c7b5.roa
File: bad59de4-adad-41c5-bcd9-10599419c7b5.roa (raw, json)
Hash identifier: XYgKWjYmjfkf29riShgBdvdXUdzvl9b9+zlszarMhH4=
Subject key identifier: 9B:7D:D0:8D:01:77:CE:F9:5F:6E:44:68:4A:DD:9A:B9:FF:20:70:29
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 649D0F5CE8AE5AF82C2409E08F00F646273E127A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bad59de4-adad-41c5-bcd9-10599419c7b5.roa
Signing time: Sat 27 Sep 2025 00:52:32 +0000
ROA not before: Sat 27 Sep 2025 00:52:32 +0000
ROA not after: Sat 01 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.64.0/18 maxlen: 18
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:9d:0f:5c:e8:ae:5a:f8:2c:24:09:e0:8f:00:f6:46:27:3e:12:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 27 00:52:32 2025 GMT
Not After : Nov 1 23:59:59 2025 GMT
Subject: serialNumber=8bf480a7e76223ba87b6bce8398b9e5783cf2ada2e205abeef144f1d6425bc7f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:46:a0:55:80:4b:1a:8f:d2:ff:41:ad:16:b6:
ce:ca:16:01:13:ab:37:44:26:85:ce:e2:2c:23:19:
67:dd:99:61:b0:7b:8e:54:b8:b2:06:aa:7d:42:1b:
78:74:53:f9:99:30:0b:b5:7b:89:db:05:f1:9c:bd:
43:f5:a2:45:2e:d7:f2:f9:fc:14:fc:1a:98:5f:d6:
d2:b2:b1:3f:13:b9:f1:40:ab:d9:4e:2b:32:4d:56:
70:78:21:47:67:81:d5:db:d7:f0:c3:50:cf:37:d3:
6d:e2:f3:f2:9d:dd:6a:73:97:e8:11:83:18:e1:64:
e4:fa:f3:84:6b:8a:28:db:42:70:f8:39:bc:4b:7d:
94:51:df:15:77:7e:b8:24:a6:b1:7c:84:2e:b7:65:
3f:b0:97:ee:45:09:c7:5d:d7:63:f0:2f:83:3b:58:
b7:4a:ea:c2:52:91:8a:9b:0a:e1:cb:9e:73:18:ff:
48:7e:b6:e4:a1:91:c4:f0:de:43:36:bb:13:ec:24:
6c:da:16:af:26:a5:9c:05:5d:ed:88:40:a6:15:32:
22:03:11:31:e0:76:0f:33:7b:ad:f7:55:f0:0d:03:
a3:12:16:9a:5d:58:63:c1:ca:19:b8:78:1a:d8:aa:
b7:40:01:ef:40:20:e8:9a:0e:16:89:04:73:64:6b:
51:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:7D:D0:8D:01:77:CE:F9:5F:6E:44:68:4A:DD:9A:B9:FF:20:70:29
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bad59de4-adad-41c5-bcd9-10599419c7b5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2f:22:93:25:b2:0c:72:ed:14:52:96:07:9e:8a:13:ba:70:52:
8c:ab:bb:06:e5:c3:fe:fd:d4:ab:f9:d9:6d:4c:42:7d:65:b3:
ac:0d:09:09:95:fa:ac:39:b7:0e:f4:b2:d9:4c:2a:81:6c:8c:
9b:65:b5:cc:b5:9a:ac:48:c9:d4:3c:52:fa:8e:49:f6:2d:d9:
c3:6e:7c:78:a4:9d:5c:cb:f7:2b:68:c8:a4:eb:a6:cc:c7:0e:
b5:81:48:7b:3c:6b:bf:59:73:e1:24:09:b7:30:9a:e2:39:de:
fc:eb:41:b0:a6:c4:be:48:d6:6c:fd:6d:88:6a:46:79:f8:24:
de:5b:5e:60:3e:bc:de:50:25:91:e5:88:b4:e9:30:0d:74:d1:
0c:c0:02:9e:e1:ee:58:d3:96:11:eb:4c:d2:82:24:da:d7:2c:
5f:33:af:7c:43:7e:97:d1:2e:0e:9b:8a:9f:e2:57:f7:81:6a:
40:b0:1e:19:13:3f:ee:ac:04:db:dd:83:b5:cc:a2:bd:f5:98:
f7:d9:fa:67:fe:61:f1:60:67:a3:52:07:32:6c:90:09:1f:7e:
e2:ff:fa:fb:5e:e5:d5:c7:b3:07:d7:70:79:68:0d:82:a7:73:
d6:2c:dd:ae:3c:5e:98:5b:46:3d:e5:56:d2:71:ab:32:38:8d:
7c:2b:1f:cb
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUZJ0PXOiuWvgsJAngjwD2Ric+EnowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjcwMDUyMzJaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhiZjQ4MGE3ZTc2MjIzYmE4N2I2YmNlODM5OGI5ZTU3ODNjZjJhZGEyZTIw
NWFiZWVmMTQ0ZjFkNjQyNWJjN2YxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL1GoFWASxqP0v9BrRa2zsoWAROrN0Qmhc7iLCMZZ92ZYbB7jlS4sgaqfUIb
eHRT+ZkwC7V7idsF8Zy9Q/WiRS7X8vn8FPwamF/W0rKxPxO58UCr2U4rMk1WcHgh
R2eB1dvX8MNQzzfTbeLz8p3danOX6BGDGOFk5PrzhGuKKNtCcPg5vEt9lFHfFXd+
uCSmsXyELrdlP7CX7kUJx13XY/AvgztYt0rqwlKRipsK4cuecxj/SH625KGRxPDe
Qza7E+wkbNoWryalnAVd7YhAphUyIgMRMeB2DzN7rfdV8A0DoxIWml1YY8HKGbh4
Gtiqt0AB70Ag6JoOFokEc2RrUYMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSbfdCN
AXfO+V9uRGhK3Zq5/yBwKTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmFkNTlkZTQtYWRhZC00MWM1LWJjZDktMTA1OTk0MTljN2I1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBjMAQDAN
BgkqhkiG9w0BAQsFAAOCAQEALyKTJbIMcu0UUpYHnooTunBSjKu7BuXD/v3Uq/nZ
bUxCfWWzrA0JCZX6rDm3DvSy2UwqgWyMm2W1zLWarEjJ1DxS+o5J9i3Zw258eKSd
XMv3K2jIpOumzMcOtYFIezxrv1lz4SQJtzCa4jne/OtBsKbEvkjWbP1tiGpGefgk
3lteYD683lAlkeWItOkwDXTRDMACnuHuWNOWEetM0oIk2tcsXzOvfEN+l9EuDpuK
n+JX94FqQLAeGRM/7qwE292DtcyivfWY99n6Z/5h8WBno1IHMmyQCR9+4v/6+17l
1cezB9dweWgNgqdz1izdrjxemFtGPeVW0nGrMjiNfCsfyw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:39:05 2025 by rpki-client