Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
File: 397b5a86-52b0-4a8c-87de-e6da77812b46.roa (raw, json)
Hash identifier: KhoNfGlk6kAdi58RVeOWTG0n8KYrIoAztjsjjcdMP0M=
Subject key identifier: 63:A2:E0:A4:77:94:47:F0:C7:DD:1A:3E:3C:6A:5F:29:39:2D:33:F8
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 45E4094585A53C344DFBE21D4D08F85426DBD429
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
Signing time: Tue 21 Oct 2025 14:50:42 +0000
ROA not before: Tue 21 Oct 2025 14:50:42 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.248.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:e4:09:45:85:a5:3c:34:4d:fb:e2:1d:4d:08:f8:54:26:db:d4:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:42 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=1bf3dbe5849a2fc0c483cd7c9aa71b3856b13631cc7344e3a15b6c2816453f40, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:86:8f:9f:92:e1:cb:cf:c2:d8:9d:d9:04:bf:
ba:cf:08:d9:81:cd:3c:05:4d:7a:28:a0:9e:d0:6c:
45:be:fc:9a:3c:dc:3c:68:9a:ae:32:01:57:12:8b:
cf:29:a6:ad:4c:50:8d:9e:63:15:c2:f4:51:49:a3:
e6:6f:48:b3:b3:43:aa:fe:81:43:7f:d3:9d:f6:a3:
6e:1d:83:db:1f:f7:5b:47:67:ff:b4:bd:a4:7d:d3:
61:62:32:ae:9d:ee:85:32:eb:cf:8d:81:f3:18:a6:
d0:79:3e:8c:ae:09:c6:23:54:a6:82:59:f1:2a:3d:
b8:90:b8:fc:15:1e:21:c1:b5:4b:5a:69:b3:ce:04:
6a:20:bf:8e:1e:74:be:98:15:26:53:ea:04:74:bb:
c8:69:d5:67:34:56:1a:d3:6c:0a:3a:3a:01:e3:3f:
93:08:7c:a4:b2:5c:a4:14:56:e5:ce:f8:b0:7e:6b:
44:24:34:30:64:ca:d2:2e:3f:f3:2c:48:02:89:a7:
d2:3a:ad:f9:12:31:46:f5:25:bd:9e:b9:ab:70:45:
5e:d3:c8:66:98:6a:51:c7:97:0f:01:b8:21:87:3f:
99:e6:6a:f4:8b:70:cb:8b:63:15:df:d8:56:e3:72:
31:f1:0a:48:09:b6:5a:ba:c1:c6:f0:0b:0a:48:85:
3d:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:A2:E0:A4:77:94:47:F0:C7:DD:1A:3E:3C:6A:5F:29:39:2D:33:F8
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.248.0.0/15
Signature Algorithm: sha256WithRSAEncryption
99:7e:48:cd:2e:6b:4f:6c:c0:1d:5b:a0:cd:a6:59:14:a4:35:
40:3b:bc:b8:15:7c:9e:c7:df:d2:ac:e4:44:51:4b:2e:09:79:
5d:ba:65:ce:ae:d7:64:96:e6:72:7e:aa:14:0e:a9:3c:eb:55:
07:83:a5:00:5a:2f:00:85:4d:6e:df:33:6b:cf:d0:f0:63:d8:
bf:e3:a7:a6:fc:ab:f9:de:ee:4a:22:20:dd:d3:5a:e2:73:a3:
99:98:1f:d1:82:a5:dd:06:ec:de:4a:72:4f:58:a4:ee:16:e7:
30:ee:97:7f:be:26:9b:f5:a1:85:05:fd:9c:57:8c:b1:17:ad:
95:6f:81:31:17:16:ac:9f:a5:e7:1d:12:44:2d:92:0d:d1:ee:
74:91:15:c0:b8:f6:be:df:7b:b9:6b:b4:c1:77:c5:96:07:7d:
ad:0a:ec:5b:98:8e:74:cd:b5:bd:b6:7f:b6:66:e3:62:83:b5:
b7:5c:51:97:1b:0b:05:00:00:c6:24:1d:f4:3e:ec:f4:6b:bc:
4b:d0:17:46:4c:18:7c:1e:22:88:e9:61:8d:a6:6e:d1:5a:40:
43:a5:32:6d:6d:5d:92:88:31:c0:64:c7:73:84:b7:f9:c8:ef:
fa:e5:80:65:ba:d8:fa:06:4c:d6:bc:51:10:92:7a:5f:ea:bc:
f9:8b:d3:c2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUReQJRYWlPDRN++IdTQj4VCbb1CkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwNDJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiZjNkYmU1ODQ5YTJmYzBjNDgzY2Q3YzlhYTcxYjM4NTZiMTM2MzFjYzcz
NDRlM2ExNWI2YzI4MTY0NTNmNDAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANGGj5+S4cvPwtid2QS/us8I2YHNPAVNeiigntBsRb78mjzcPGiarjIBVxKL
zymmrUxQjZ5jFcL0UUmj5m9Is7NDqv6BQ3/Tnfajbh2D2x/3W0dn/7S9pH3TYWIy
rp3uhTLrz42B8xim0Hk+jK4JxiNUpoJZ8So9uJC4/BUeIcG1S1pps84EaiC/jh50
vpgVJlPqBHS7yGnVZzRWGtNsCjo6AeM/kwh8pLJcpBRW5c74sH5rRCQ0MGTK0i4/
8yxIAomn0jqt+RIxRvUlvZ65q3BFXtPIZphqUceXDwG4IYc/meZq9Itwy4tjFd/Y
VuNyMfEKSAm2WrrBxvALCkiFPZMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRjouCk
d5RH8MfdGj48al8pOS0z+DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mzk3YjVhODYtNTJiMC00YThjLTg3ZGUtZTZkYTc3ODEyYjQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP4MA0G
CSqGSIb3DQEBCwUAA4IBAQCZfkjNLmtPbMAdW6DNplkUpDVAO7y4FXyex9/SrORE
UUsuCXldumXOrtdkluZyfqoUDqk861UHg6UAWi8AhU1u3zNrz9DwY9i/46em/Kv5
3u5KIiDd01ric6OZmB/RgqXdBuzeSnJPWKTuFucw7pd/viab9aGFBf2cV4yxF62V
b4ExFxasn6XnHRJELZIN0e50kRXAuPa+33u5a7TBd8WWB32tCuxbmI50zbW9tn+2
ZuNig7W3XFGXGwsFAADGJB30Puz0a7xL0BdGTBh8HiKI6WGNpm7RWkBDpTJtbV2S
iDHAZMdzhLf5yO/65YBlutj6BkzWvFEQknpf6rz5i9PC
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:26:37 2025 by rpki-client