Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3b67bb62-9bcf-4daa-99b5-5374c3285177.roa
File: 3b67bb62-9bcf-4daa-99b5-5374c3285177.roa (raw, json)
Hash identifier: eGScVBlkU6Nmw+v4FHniAr1f7NueaoRNwekxOx8baes=
Subject key identifier: DA:00:20:83:69:AC:A1:71:76:89:E2:8E:20:E4:60:F3:A2:DE:39:FA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7DB3A2B4B7DAB3D03A211DE8D9346F93A9879524
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3b67bb62-9bcf-4daa-99b5-5374c3285177.roa
Signing time: Tue 21 Oct 2025 15:00:35 +0000
ROA not before: Tue 21 Oct 2025 15:00:35 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.48.0.0/15 maxlen: 15
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7d:b3:a2:b4:b7:da:b3:d0:3a:21:1d:e8:d9:34:6f:93:a9:87:95:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 15:00:35 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=0ac8fb925691429a157258a42dbbf1038299582331064c1725264ef91b939822, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:db:ed:2f:4d:c9:d1:6f:a1:14:15:b9:ff:a7:
27:ff:4b:42:fe:1f:f1:0c:9e:3a:d8:75:7d:03:c9:
2e:02:8b:5c:1f:e2:82:56:27:b8:5d:08:d7:78:22:
76:7c:42:6f:08:14:16:2a:6c:be:c4:e9:73:01:c8:
e5:e8:ff:6f:1f:34:c6:31:5b:97:d1:51:e9:5f:a6:
3d:c8:a6:fa:29:ff:28:00:96:1a:33:bf:d1:fb:a6:
d2:57:e1:51:ac:55:e7:7d:4c:bc:c8:02:ee:cd:5c:
4c:b1:e0:3d:bc:a2:8f:04:a8:ab:fc:f7:19:46:f2:
77:f6:70:81:3a:f1:18:d6:cb:89:29:31:2b:9f:c5:
20:ea:ea:ce:59:6f:40:37:04:70:8c:8d:bc:3f:4a:
68:b4:90:dd:f2:cf:bb:13:ad:92:34:bf:53:b3:fa:
0d:d4:29:b2:3d:9c:cc:31:6c:1d:bc:d7:f1:60:de:
cb:1c:2e:f6:c4:33:0a:12:b0:4c:02:d4:cc:08:e5:
7d:9f:f3:85:a2:48:09:5b:c7:9f:00:80:ae:b4:ff:
8a:61:b1:56:a6:7a:ee:9b:90:e5:f8:6b:f1:1e:8f:
f7:e1:e5:0d:13:3a:0c:86:e1:7d:bc:02:5e:25:23:
e4:eb:75:23:fd:3b:24:6f:66:26:61:af:ea:ae:fb:
7a:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:00:20:83:69:AC:A1:71:76:89:E2:8E:20:E4:60:F3:A2:DE:39:FA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3b67bb62-9bcf-4daa-99b5-5374c3285177.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.48.0.0/15
Signature Algorithm: sha256WithRSAEncryption
c8:03:28:ec:fa:97:55:86:68:a8:70:c4:0a:13:1e:4e:96:d8:
61:40:cd:29:f1:25:a9:92:e7:28:6a:73:a1:2d:45:15:b4:c5:
86:ad:a8:4e:b4:c9:b5:fc:ff:24:3a:04:58:ea:81:eb:2d:db:
92:cb:78:f2:87:3b:0d:38:ac:ed:fa:92:72:74:5c:16:f7:75:
0e:42:28:44:01:19:31:04:49:0c:36:0c:70:f2:56:66:d6:99:
43:29:d9:5c:69:0f:8e:48:4c:a7:a8:2b:36:23:a4:c6:cb:c2:
80:4d:78:ce:b7:b3:fc:76:c9:66:43:ef:63:53:f9:ce:6a:4e:
2f:97:6b:c1:d2:15:36:d0:67:ce:eb:f0:2a:58:8d:24:7c:a2:
9e:1e:78:26:93:bc:f8:9b:42:9e:b8:e0:69:1c:46:6b:5a:7d:
6b:85:3c:c1:79:8d:ef:40:2b:d9:cd:bf:ea:3e:d6:07:57:38:
5c:58:36:68:af:f6:85:ba:90:92:c2:da:1a:a5:ba:09:31:27:
67:15:f8:9a:06:98:22:95:09:bf:5b:9d:6c:9a:ee:b1:cf:a2:
b3:33:f7:46:69:39:6d:f7:0e:6c:c4:35:cc:01:98:31:5d:30:
b1:5a:d3:73:75:42:88:f7:71:dc:b3:3e:0d:81:88:82:f0:b4:
af:9a:87:88
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUfbOitLfas9A6IR3o2TRvk6mHlSQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNTAwMzVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDBhYzhmYjkyNTY5MTQyOWExNTcyNThhNDJkYmJmMTAzODI5OTU4MjMzMTA2
NGMxNzI1MjY0ZWY5MWI5Mzk4MjIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJzb7S9NydFvoRQVuf+nJ/9LQv4f8QyeOth1fQPJLgKLXB/iglYnuF0I13gi
dnxCbwgUFipsvsTpcwHI5ej/bx80xjFbl9FR6V+mPcim+in/KACWGjO/0fum0lfh
UaxV531MvMgC7s1cTLHgPbyijwSoq/z3GUbyd/ZwgTrxGNbLiSkxK5/FIOrqzllv
QDcEcIyNvD9KaLSQ3fLPuxOtkjS/U7P6DdQpsj2czDFsHbzX8WDeyxwu9sQzChKw
TALUzAjlfZ/zhaJICVvHnwCArrT/imGxVqZ67puQ5fhr8R6P9+HlDRM6DIbhfbwC
XiUj5Ot1I/07JG9mJmGv6q77emkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTaACCD
aayhcXaJ4o4g5GDzot45+jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
M2I2N2JiNjItOWJjZi00ZGFhLTk5YjUtNTM3NGMzMjg1MTc3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMwMA0G
CSqGSIb3DQEBCwUAA4IBAQDIAyjs+pdVhmiocMQKEx5OlthhQM0p8SWpkucoanOh
LUUVtMWGrahOtMm1/P8kOgRY6oHrLduSy3jyhzsNOKzt+pJydFwW93UOQihEARkx
BEkMNgxw8lZm1plDKdlcaQ+OSEynqCs2I6TGy8KATXjOt7P8dslmQ+9jU/nOak4v
l2vB0hU20GfO6/AqWI0kfKKeHngmk7z4m0KeuOBpHEZrWn1rhTzBeY3vQCvZzb/q
PtYHVzhcWDZor/aFupCSwtoapboJMSdnFfiaBpgilQm/W51smu6xz6KzM/dGaTlt
9w5sxDXMAZgxXTCxWtNzdUKI93Hcsz4NgYiC8LSvmoeI
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:30:26 2025 by rpki-client