Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2ce9a789-9599-4c9d-a093-ead3033f60d1.roa
File: 2ce9a789-9599-4c9d-a093-ead3033f60d1.roa (raw, json)
Hash identifier: nmKhoTBws4QAM23KSrhwUSz8ECKCzwOdHmnO1oeL95o=
Subject key identifier: CA:DE:6F:D7:F2:FD:43:1E:03:9D:9B:A4:C5:40:7F:A9:73:25:3B:EC
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 380F0288AA551952AF5D1ED2551ADDE6CFD03321
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2ce9a789-9599-4c9d-a093-ead3033f60d1.roa
Signing time: Tue 21 Oct 2025 14:50:24 +0000
ROA not before: Tue 21 Oct 2025 14:50:24 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.34.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:0f:02:88:aa:55:19:52:af:5d:1e:d2:55:1a:dd:e6:cf:d0:33:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:24 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=9f8e8355a033f16a2a1dc3ea8ac94830d1d8c12243463f66ff2156a3a5e0b6c0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:4d:d1:a5:4d:1e:62:af:1a:0a:40:bb:d3:9d:
a8:5a:f5:1a:60:09:61:2a:2d:7e:87:c5:c1:45:1f:
dc:76:21:cc:64:d3:c4:02:4b:a3:c2:4a:c5:50:77:
88:3e:81:91:11:a9:68:25:a4:9c:01:c6:eb:5a:64:
53:e9:aa:71:43:24:d3:06:d7:18:e3:4e:0f:37:bf:
5b:bd:4a:ca:e3:e5:9d:49:7c:3a:05:4a:6b:f0:11:
b1:01:b8:2a:07:f9:0c:b2:4d:55:cb:91:82:d0:75:
cd:81:c5:a1:d2:74:56:68:fd:d5:36:51:01:15:2a:
e2:5d:19:dc:cc:25:e4:02:21:c5:14:29:ff:cc:60:
74:95:33:48:b8:1f:d5:23:4c:05:4a:28:b2:44:36:
34:db:e0:3a:17:ea:e8:91:bb:7e:a6:30:e8:5f:7d:
e3:d6:08:1a:b2:21:8f:8a:84:6c:b5:84:67:7f:ec:
7b:02:05:60:51:77:30:82:e5:80:3b:70:41:2c:ca:
a2:60:ff:97:ce:38:3c:75:ac:56:06:f8:07:9a:29:
1d:00:ca:ed:81:26:92:20:3e:16:8e:7b:cb:52:de:
6a:74:c2:89:71:6b:fa:b3:68:63:f4:27:fa:fc:83:
ef:37:09:21:19:d9:d1:0a:cb:91:77:60:7a:97:79:
73:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:DE:6F:D7:F2:FD:43:1E:03:9D:9B:A4:C5:40:7F:A9:73:25:3B:EC
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2ce9a789-9599-4c9d-a093-ead3033f60d1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.34.0.0/16
Signature Algorithm: sha256WithRSAEncryption
64:8c:60:7f:4f:aa:9a:01:08:22:d3:6c:e5:d5:79:2e:4e:96:
ea:35:ee:d1:74:2b:b6:d5:3e:b4:8d:96:1b:10:a0:af:b4:47:
a0:7c:1b:b8:72:9f:81:53:ca:cb:0b:47:98:eb:27:11:b8:02:
00:d4:e0:ae:71:5b:63:43:c9:9a:fe:df:15:f8:7f:af:ad:c0:
f5:a0:fe:9f:9c:e6:3e:88:4f:da:69:18:ca:cd:85:3f:7b:3b:
51:cf:23:eb:25:23:69:1c:88:81:95:31:53:15:39:69:7a:a0:
4f:40:dc:36:ab:80:80:af:95:36:3f:bd:0c:93:d5:a4:72:44:
9f:85:e5:8a:a1:75:33:03:6d:93:7d:9c:da:4d:d4:e9:72:c3:
57:83:c7:c2:5f:4c:5e:87:19:1d:b8:d0:43:8c:7b:23:c3:6d:
b6:b3:65:82:ad:a6:60:27:e1:8f:63:cd:b0:b4:3f:8d:14:6a:
2f:d8:76:d1:1e:45:77:ab:f4:a8:3c:65:f8:c0:ea:5e:7f:80:
df:62:24:9f:1c:a9:4c:92:dc:0f:ca:66:85:b9:d3:cd:e6:42:
f2:fe:4a:ef:61:09:86:f1:76:54:25:59:5d:de:db:14:b1:e6:
fa:7b:53:20:e6:bf:f6:b1:07:22:f7:90:25:c5:b7:c7:a4:6e:
29:0c:bc:88
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUOA8CiKpVGVKvXR7SVRrd5s/QMyEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDlmOGU4MzU1YTAzM2YxNmEyYTFkYzNlYThhYzk0ODMwZDFkOGMxMjI0MzQ2
M2Y2NmZmMjE1NmEzYTVlMGI2YzAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMNN0aVNHmKvGgpAu9OdqFr1GmAJYSotfofFwUUf3HYhzGTTxAJLo8JKxVB3
iD6BkRGpaCWknAHG61pkU+mqcUMk0wbXGONODze/W71KyuPlnUl8OgVKa/ARsQG4
Kgf5DLJNVcuRgtB1zYHFodJ0Vmj91TZRARUq4l0Z3Mwl5AIhxRQp/8xgdJUzSLgf
1SNMBUooskQ2NNvgOhfq6JG7fqYw6F9949YIGrIhj4qEbLWEZ3/sewIFYFF3MILl
gDtwQSzKomD/l844PHWsVgb4B5opHQDK7YEmkiA+Fo57y1LeanTCiXFr+rNoY/Qn
+vyD7zcJIRnZ0QrLkXdgepd5cykCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTK3m/X
8v1DHgOdm6TFQH+pcyU77DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmNlOWE3ODktOTU5OS00YzlkLWEwOTMtZWFkMzAzM2Y2MGQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMiMA0G
CSqGSIb3DQEBCwUAA4IBAQBkjGB/T6qaAQgi02zl1XkuTpbqNe7RdCu21T60jZYb
EKCvtEegfBu4cp+BU8rLC0eY6ycRuAIA1OCucVtjQ8ma/t8V+H+vrcD1oP6fnOY+
iE/aaRjKzYU/eztRzyPrJSNpHIiBlTFTFTlpeqBPQNw2q4CAr5U2P70Mk9WkckSf
heWKoXUzA22TfZzaTdTpcsNXg8fCX0xehxkduNBDjHsjw222s2WCraZgJ+GPY82w
tD+NFGov2HbRHkV3q/SoPGX4wOpef4DfYiSfHKlMktwPymaFudPN5kLy/krvYQmG
8XZUJVld3tsUseb6e1Mg5r/2sQci95AlxbfHpG4pDLyI
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:36:52 2025 by rpki-client