Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa
File: d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa (raw, json)
Hash identifier: owaetp4Sj6cFIRyX9H1AsQkELpP6RAI27Yffo/9D8KM=
Subject key identifier: 0F:B4:A2:8F:EA:6D:9B:E2:55:87:C4:8F:F8:94:B4:60:9D:B9:C6:F5
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 35C82066592C09939DA34BFDC52DA1BD84CCA804
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa
Signing time: Fri 26 Sep 2025 20:20:06 +0000
ROA not before: Fri 26 Sep 2025 20:20:06 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.129.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:c8:20:66:59:2c:09:93:9d:a3:4b:fd:c5:2d:a1:bd:84:cc:a8:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:20:06 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=15d3738197395c2096055be1609c01764aca712efc883963f41d0f237c5be8f1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:88:41:0b:5f:90:1c:e5:59:5a:8a:0a:63:e4:
cd:70:93:b6:61:e5:05:6d:83:42:80:b4:c9:3d:64:
5b:28:d5:2c:aa:41:21:b0:39:08:f2:c8:7e:c8:bd:
d8:52:50:5b:61:49:71:87:fa:51:4f:a6:65:72:20:
6f:65:15:2d:ba:f7:18:af:16:d7:90:c9:54:65:38:
c6:4a:05:d3:d0:ef:5a:71:e3:8b:aa:fc:61:9a:17:
27:85:d8:eb:2e:dd:30:6f:bb:a7:56:b0:a5:a6:e5:
c0:07:3e:b2:5d:44:9b:d4:eb:23:8c:d3:e4:19:ea:
6d:c1:86:7b:3b:71:76:71:a4:9f:9a:c2:d2:9b:6a:
57:6a:78:9f:c1:22:6e:3c:0c:96:ac:cb:0d:93:55:
c3:c2:63:a1:a7:50:7a:2f:f3:9d:5b:3d:b9:88:4e:
c0:88:ca:6d:07:5b:5a:fe:04:44:f3:5b:38:07:07:
6d:80:b2:69:b1:e8:71:46:4a:fe:ee:37:bc:03:78:
28:5c:5b:50:d0:df:23:dc:32:c6:4d:06:67:6b:d9:
8d:65:91:17:3d:a7:17:40:44:6f:db:08:aa:1f:f1:
7c:1b:49:ca:47:37:82:2a:80:23:e8:14:34:fc:c7:
50:7c:e1:86:df:c9:f6:95:60:92:ce:eb:18:c7:3e:
05:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:B4:A2:8F:EA:6D:9B:E2:55:87:C4:8F:F8:94:B4:60:9D:B9:C6:F5
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.129.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9c:71:f9:53:68:09:20:51:f9:c7:a2:66:c1:d8:9a:06:47:45:
2c:8f:a3:16:12:cf:01:28:56:c2:56:d4:29:74:c6:ed:8e:86:
7d:53:c1:3b:b7:78:26:a5:61:8b:09:8c:ff:43:73:4e:b3:b9:
6e:ff:a3:a6:9f:b3:f6:f7:01:80:d6:bd:1c:aa:38:6e:02:1f:
b9:8d:cc:aa:3d:a7:f7:b3:28:b4:63:2d:57:f0:6d:95:0c:06:
e8:8c:a7:a4:34:aa:c9:5b:a4:dd:b2:31:a7:f7:16:46:c1:ce:
27:79:ca:8b:5d:d6:13:09:34:01:da:77:66:07:48:89:13:2c:
04:9e:18:a5:06:af:f6:49:8c:53:4a:2e:96:eb:45:6b:4a:38:
0c:61:af:bc:bb:dc:ab:d3:12:bf:b8:2a:26:5f:7b:4a:4f:e9:
f5:07:98:15:9c:79:c0:f1:7b:2b:3b:47:0d:9f:f4:c0:79:9d:
7e:52:3e:37:97:46:7a:b8:e5:da:61:63:05:da:d5:c4:04:99:
32:87:86:a8:6f:cd:f5:3d:b6:42:16:b9:4e:8f:8c:bc:66:66:
8c:e9:20:1e:1c:1e:26:c6:1e:1b:87:8b:a4:b5:0b:6e:05:c0:
54:79:62:9a:06:f1:19:2c:be:60:33:5d:fe:45:a3:79:0c:7a:
6e:e9:77:f5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUNcggZlksCZOdo0v9xS2hvYTMqAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwMDZaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDE1ZDM3MzgxOTczOTVjMjA5NjA1NWJlMTYwOWMwMTc2NGFjYTcxMmVmYzg4
Mzk2M2Y0MWQwZjIzN2M1YmU4ZjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKqIQQtfkBzlWVqKCmPkzXCTtmHlBW2DQoC0yT1kWyjVLKpBIbA5CPLIfsi9
2FJQW2FJcYf6UU+mZXIgb2UVLbr3GK8W15DJVGU4xkoF09DvWnHji6r8YZoXJ4XY
6y7dMG+7p1awpablwAc+sl1Em9TrI4zT5BnqbcGGeztxdnGkn5rC0ptqV2p4n8Ei
bjwMlqzLDZNVw8JjoadQei/znVs9uYhOwIjKbQdbWv4ERPNbOAcHbYCyabHocUZK
/u43vAN4KFxbUNDfI9wyxk0GZ2vZjWWRFz2nF0BEb9sIqh/xfBtJykc3giqAI+gU
NPzHUHzhht/J9pVgks7rGMc+BYMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQPtKKP
6m2b4lWHxI/4lLRgnbnG9TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDEzZDI2YWUtMzZiMS00ODE1LWE3ZjAtNGRjMDkwZDE1Yjc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOBMA0G
CSqGSIb3DQEBCwUAA4IBAQCccflTaAkgUfnHombB2JoGR0Usj6MWEs8BKFbCVtQp
dMbtjoZ9U8E7t3gmpWGLCYz/Q3NOs7lu/6Omn7P29wGA1r0cqjhuAh+5jcyqPaf3
syi0Yy1X8G2VDAbojKekNKrJW6TdsjGn9xZGwc4necqLXdYTCTQB2ndmB0iJEywE
nhilBq/2SYxTSi6W60VrSjgMYa+8u9yr0xK/uComX3tKT+n1B5gVnHnA8XsrO0cN
n/TAeZ1+Uj43l0Z6uOXaYWMF2tXEBJkyh4aob831PbZCFrlOj4y8ZmaM6SAeHB4m
xh4bh4uktQtuBcBUeWKaBvEZLL5gM13+RaN5DHpu6Xf1
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:01:09 2025 by rpki-client