Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
File: 286f881c-8fa0-4200-ada2-20a0cc49038e.roa (raw, json)
Hash identifier: Afe6cp8gr1brve6w5gTh+QoWw2c/SvNzACfIPRea7iI=
Subject key identifier: 2C:CF:86:53:72:17:37:B4:74:5C:75:88:FA:51:45:B9:83:58:8B:B9
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1B4D7104317926561BA7887217CBD1A50A110FA5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
Signing time: Tue 21 Oct 2025 14:50:23 +0000
ROA not before: Tue 21 Oct 2025 14:50:23 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.166.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:4d:71:04:31:79:26:56:1b:a7:88:72:17:cb:d1:a5:0a:11:0f:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:23 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=e2d3fc13eaf1f05ac6e1575063ec0d3b3b5c8a6ea1eaedde95f64614a8f7966e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:1e:f9:d5:45:b4:dd:e8:b6:f0:47:62:dd:a9:
b1:4d:8f:0e:6b:10:c8:0b:86:57:61:83:35:e5:52:
01:d6:3a:7f:6d:30:b7:8b:1f:fa:c0:46:a1:b6:b9:
5e:11:93:57:5d:6e:d6:b8:26:37:c6:76:3d:3c:d0:
4c:6a:02:e1:88:6e:ee:72:bf:6b:b9:33:9a:da:b9:
6e:5e:08:d6:24:97:d7:2b:38:ef:b8:02:74:b0:b4:
2a:75:98:71:b5:5c:d5:73:cc:1b:cf:11:7f:96:b2:
1f:d9:82:8a:50:e7:c6:dd:e3:33:21:56:0d:b5:94:
79:b5:b5:0a:8b:38:64:b6:b3:31:39:43:b7:6e:aa:
3e:f7:d4:fb:ec:c9:b6:60:ed:66:79:7e:8d:3a:35:
40:04:e6:bf:79:94:8a:9b:a7:57:03:e4:0d:0b:39:
61:43:5e:dc:33:4e:d2:01:be:00:5c:ce:08:8f:97:
d6:c2:c6:1a:49:98:28:f9:4c:cf:88:16:b2:f5:ca:
d9:c3:66:4b:ed:df:ad:0c:b3:fd:8b:77:06:39:00:
8e:4d:dc:e7:6c:95:2b:a1:72:a5:21:e5:31:83:51:
d2:0e:42:c4:f9:85:5e:ea:49:db:cc:97:b5:a2:4b:
44:c7:d0:20:d3:8f:d6:c4:bd:c2:41:cf:93:9c:3e:
40:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:CF:86:53:72:17:37:B4:74:5C:75:88:FA:51:45:B9:83:58:8B:B9
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.166.0.0/15
Signature Algorithm: sha256WithRSAEncryption
a4:a6:c1:1f:8b:2f:b9:f4:28:78:26:c8:be:25:39:d4:dd:e1:
b5:60:3b:f5:a9:75:bb:50:5f:57:e4:ee:d8:eb:3d:35:b0:25:
6f:71:f1:8a:62:7d:73:2f:a5:db:fc:ff:63:ad:fa:83:9b:c7:
50:42:d0:8b:bd:59:4d:50:f2:1c:d0:67:63:c5:ba:64:85:69:
1c:24:9b:8d:57:21:b0:d4:ef:d8:26:f8:24:f3:41:f4:1b:98:
63:50:44:bd:70:2b:60:e0:11:83:ba:a3:e1:29:ec:de:5b:bd:
e3:52:1f:4c:7a:00:e4:0e:10:ce:13:4a:36:c9:30:72:f7:16:
54:2d:40:33:6d:9c:9b:17:0b:cc:86:58:03:68:06:8e:28:47:
82:b2:27:b8:80:f5:de:88:45:0c:4b:f4:ea:85:e9:90:0b:4b:
56:59:f3:61:59:11:46:fa:f2:b7:68:a5:d3:94:9a:95:5a:eb:
86:4d:13:d4:8b:73:d4:b6:3c:4b:27:c5:c6:5f:3a:dd:31:2e:
c1:88:bb:1b:9e:4e:73:4d:88:40:5c:a3:65:05:58:ee:46:01:
22:73:db:bc:fa:84:d3:e1:5f:f4:49:fe:84:89:5b:3f:6f:60:
4b:83:fc:8b:84:90:f2:83:82:e2:c5:4c:d4:9e:25:e0:1a:6f:
11:48:50:12
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUG01xBDF5JlYbp4hyF8vRpQoRD6UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyZDNmYzEzZWFmMWYwNWFjNmUxNTc1MDYzZWMwZDNiM2I1YzhhNmVhMWVh
ZWRkZTk1ZjY0NjE0YThmNzk2NmUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALke+dVFtN3otvBHYt2psU2PDmsQyAuGV2GDNeVSAdY6f20wt4sf+sBGoba5
XhGTV11u1rgmN8Z2PTzQTGoC4Yhu7nK/a7kzmtq5bl4I1iSX1ys477gCdLC0KnWY
cbVc1XPMG88Rf5ayH9mCilDnxt3jMyFWDbWUebW1Cos4ZLazMTlDt26qPvfU++zJ
tmDtZnl+jTo1QATmv3mUipunVwPkDQs5YUNe3DNO0gG+AFzOCI+X1sLGGkmYKPlM
z4gWsvXK2cNmS+3frQyz/Yt3BjkAjk3c52yVK6FypSHlMYNR0g5CxPmFXupJ28yX
taJLRMfQINOP1sS9wkHPk5w+QCMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQsz4ZT
chc3tHRcdYj6UUW5g1iLuTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mjg2Zjg4MWMtOGZhMC00MjAwLWFkYTItMjBhMGNjNDkwMzhlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOmMA0G
CSqGSIb3DQEBCwUAA4IBAQCkpsEfiy+59Ch4Jsi+JTnU3eG1YDv1qXW7UF9X5O7Y
6z01sCVvcfGKYn1zL6Xb/P9jrfqDm8dQQtCLvVlNUPIc0GdjxbpkhWkcJJuNVyGw
1O/YJvgk80H0G5hjUES9cCtg4BGDuqPhKezeW73jUh9MegDkDhDOE0o2yTBy9xZU
LUAzbZybFwvMhlgDaAaOKEeCsie4gPXeiEUMS/TqhemQC0tWWfNhWRFG+vK3aKXT
lJqVWuuGTRPUi3PUtjxLJ8XGXzrdMS7BiLsbnk5zTYhAXKNlBVjuRgEic9u8+oTT
4V/0Sf6EiVs/b2BLg/yLhJDyg4LixUzUniXgGm8RSFAS
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:00:28 2025 by rpki-client