Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/24601d85-ac6e-46b6-a0d2-d35342ccc951.roa
File: 24601d85-ac6e-46b6-a0d2-d35342ccc951.roa (raw, json)
Hash identifier: tQN4l1mCq3LTAngnT3k3Li9BBVItJ7Ke/xAydrY0ELI=
Subject key identifier: B5:94:D8:56:F3:06:D6:FC:50:8B:C0:00:79:F3:75:62:47:7C:60:F2
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 55D07015516924DC9E50AF18AF67469F07DEB48A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/24601d85-ac6e-46b6-a0d2-d35342ccc951.roa
Signing time: Fri 24 Oct 2025 00:40:27 +0000
ROA not before: Fri 24 Oct 2025 00:40:27 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.93.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:d0:70:15:51:69:24:dc:9e:50:af:18:af:67:46:9f:07:de:b4:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 24 00:40:27 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=67529b969f2fd11dcfc14aabc119e5a22193dae929656a03c9e1fe95c63bddad, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:97:66:1d:e0:a0:ff:c7:52:35:a2:65:29:02:
c7:16:3a:db:00:fb:17:9e:73:08:2c:52:64:53:49:
cd:e8:38:4e:40:4a:77:1f:73:73:c3:36:a6:81:5d:
39:9f:f7:65:0b:e0:22:e8:48:9b:ce:90:de:ad:46:
46:e4:9d:df:52:06:d7:ff:35:56:04:45:1a:d7:fa:
2a:de:c4:0d:63:b2:e3:49:f4:07:f0:60:0e:dc:23:
4a:6b:82:e7:9a:37:98:90:f1:74:5c:05:eb:58:67:
83:d6:e7:22:79:b1:eb:3e:85:0f:1b:5a:2a:59:5a:
db:30:cd:00:20:65:b6:dd:af:3a:b1:18:38:3c:e4:
4f:f9:90:fc:60:5e:3e:6c:e2:bf:52:76:fa:fb:23:
2c:27:2f:89:9e:00:4d:57:0a:12:35:6c:6c:1a:15:
13:69:15:58:9c:ff:2b:0c:ae:ee:3a:dc:b5:6c:a7:
8e:77:fa:9d:15:0d:2d:a6:c8:fc:eb:7c:ac:7d:5f:
7d:49:64:01:0e:de:76:db:43:67:97:8a:94:0d:2c:
66:23:cb:4b:02:8b:c0:98:86:e9:e6:51:38:90:66:
9f:99:9c:91:02:ab:c4:e0:97:40:1b:9c:f7:3e:74:
42:50:84:ac:f3:a0:3c:fb:c7:4f:73:bc:ff:5a:7f:
70:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:94:D8:56:F3:06:D6:FC:50:8B:C0:00:79:F3:75:62:47:7C:60:F2
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/24601d85-ac6e-46b6-a0d2-d35342ccc951.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.93.0.0/16
Signature Algorithm: sha256WithRSAEncryption
05:20:2c:07:a1:c8:10:9e:64:5f:51:27:b8:8c:fc:75:7d:6a:
23:30:b3:05:6d:9e:5b:e0:41:0e:64:c3:2e:a2:ce:dd:1f:14:
2a:c3:ca:d9:4b:23:42:c0:c2:77:92:69:50:b1:b3:c0:9e:d8:
ac:3c:50:ae:d3:73:a4:71:7a:04:4a:f5:a8:b5:cc:e0:09:a6:
3d:be:f6:7d:11:dd:65:01:b4:74:70:d8:1b:98:fc:1f:28:a3:
3b:2d:f3:7f:6d:eb:47:00:be:4b:05:a8:26:af:3d:96:90:5a:
c8:42:b1:c4:f8:d6:e1:c9:2f:e3:39:f0:39:f8:cc:ce:5a:70:
ea:5f:33:45:19:6b:e2:b3:f5:62:5e:15:88:c6:c4:e5:4f:1d:
8a:0b:30:6c:ad:9e:e6:ab:94:37:43:7c:14:d2:c5:89:1a:e4:
9d:14:10:8d:cf:0d:fe:59:b6:7e:6d:52:5f:be:40:1e:86:8d:
52:fd:30:f0:dc:1d:70:5b:17:59:9b:3c:20:c1:b0:3e:70:a1:
13:46:e7:3c:e3:3e:8b:c7:ce:a4:15:f7:6e:17:ca:40:dd:15:
ef:77:d2:41:e5:de:34:e3:47:e6:2c:55:78:59:42:8c:2f:74:
b2:95:53:8e:b7:c3:12:d1:7f:e0:51:f5:c3:f1:be:10:b3:6f:
f9:a9:c5:9d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVdBwFVFpJNyeUK8Yr2dGnwfetIowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjQwMDQwMjdaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDY3NTI5Yjk2OWYyZmQxMWRjZmMxNGFhYmMxMTllNWEyMjE5M2RhZTkyOTY1
NmEwM2M5ZTFmZTk1YzYzYmRkYWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ6XZh3goP/HUjWiZSkCxxY62wD7F55zCCxSZFNJzeg4TkBKdx9zc8M2poFd
OZ/3ZQvgIuhIm86Q3q1GRuSd31IG1/81VgRFGtf6Kt7EDWOy40n0B/BgDtwjSmuC
55o3mJDxdFwF61hng9bnInmx6z6FDxtaKlla2zDNACBltt2vOrEYODzkT/mQ/GBe
Pmziv1J2+vsjLCcviZ4ATVcKEjVsbBoVE2kVWJz/Kwyu7jrctWynjnf6nRUNLabI
/Ot8rH1ffUlkAQ7edttDZ5eKlA0sZiPLSwKLwJiG6eZROJBmn5mckQKrxOCXQBuc
9z50QlCErPOgPPvHT3O8/1p/cFECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS1lNhW
8wbW/FCLwAB583ViR3xg8jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjQ2MDFkODUtYWM2ZS00NmI2LWEwZDItZDM1MzQyY2NjOTUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNdMA0G
CSqGSIb3DQEBCwUAA4IBAQAFICwHocgQnmRfUSe4jPx1fWojMLMFbZ5b4EEOZMMu
os7dHxQqw8rZSyNCwMJ3kmlQsbPAntisPFCu03OkcXoESvWotczgCaY9vvZ9Ed1l
AbR0cNgbmPwfKKM7LfN/betHAL5LBagmrz2WkFrIQrHE+NbhyS/jOfA5+MzOWnDq
XzNFGWvis/ViXhWIxsTlTx2KCzBsrZ7mq5Q3Q3wU0sWJGuSdFBCNzw3+WbZ+bVJf
vkAeho1S/TDw3B1wWxdZmzwgwbA+cKETRuc84z6Lx86kFfduF8pA3RXvd9JB5d40
40fmLFV4WUKML3SylVOOt8MS0X/gUfXD8b4Qs2/5qcWd
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:37:41 2025 by rpki-client