Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa
File: 42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa (raw, json)
Hash identifier: dQ/KxT4rpZksFJiDfd/M1R3135ChAreGKPcFU2QqigM=
Subject key identifier: 7F:B9:94:84:A5:54:8A:AA:DA:42:AA:2D:8F:D1:02:60:03:17:31:FE
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 39D52DA8559BB96599BCC67A475F6EBDF6E3F3E4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa
Signing time: Tue 21 Oct 2025 15:00:05 +0000
ROA not before: Tue 21 Oct 2025 15:00:05 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.164.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:d5:2d:a8:55:9b:b9:65:99:bc:c6:7a:47:5f:6e:bd:f6:e3:f3:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 15:00:05 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=98e383d5de5ae2552045a8596017f0db53306faf09a3549c0c19109185f07428, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:42:43:22:00:51:cb:9a:8e:35:1f:38:1e:0a:
05:1f:66:93:c4:9c:3d:0a:11:8c:4b:ee:2b:18:6f:
f6:28:0a:da:f6:70:40:27:8d:ef:32:ae:ca:40:d4:
bb:e7:d9:8d:cd:3d:b2:14:22:ca:03:da:82:51:e6:
26:17:5d:22:81:7a:85:66:2f:86:3a:32:ec:9f:3f:
10:25:4d:63:ce:cd:9f:5a:13:51:a6:e5:94:57:47:
e0:f8:42:45:66:93:39:68:81:3d:62:b8:c7:68:4b:
e6:e2:bc:bd:b4:50:0b:29:ce:52:97:c1:45:f3:55:
68:de:d6:66:bb:fb:75:d7:fa:0e:54:7b:17:33:ab:
2d:38:a9:a3:cd:51:b8:db:ed:63:fe:f1:4a:de:9c:
68:f8:b4:71:01:8e:73:5c:33:8e:fe:ef:4e:c1:a3:
e8:65:99:b0:0d:77:f2:32:96:21:8d:f2:fe:1e:7d:
85:c4:65:ce:12:40:80:7a:ac:db:4b:46:85:b0:fe:
82:75:2f:c7:76:c1:8a:b3:6b:d6:e8:81:d7:2d:d6:
ce:4f:e4:33:90:96:30:15:f2:2f:89:25:ec:c2:67:
b8:ce:51:04:22:a3:a1:a0:12:59:48:46:d8:47:33:
44:13:fc:fe:42:88:2b:aa:19:ad:5a:97:ce:21:b9:
7e:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:B9:94:84:A5:54:8A:AA:DA:42:AA:2D:8F:D1:02:60:03:17:31:FE
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.164.0.0/15
Signature Algorithm: sha256WithRSAEncryption
a8:f8:74:99:d0:07:96:17:2b:1f:4d:fe:9c:9e:06:de:ca:4f:
84:71:01:89:fd:85:39:11:29:bd:1e:91:bf:61:a6:9d:ae:30:
2d:99:5a:ef:39:56:cb:16:cb:79:bb:d4:48:3b:ef:c1:27:38:
da:a2:c2:1e:91:e7:7a:2f:ec:9d:21:44:8f:a5:74:72:1a:02:
48:1a:a4:8e:6d:c5:88:e6:38:52:7f:73:5b:73:d9:48:9c:c6:
28:ad:18:28:29:5e:85:b4:2c:e5:03:b0:3a:7d:60:89:4c:c0:
27:6b:cc:01:7f:81:77:d9:3b:72:65:d8:83:ee:0c:60:3d:c9:
33:fb:09:74:47:6e:7d:01:08:98:76:c8:4c:7d:b4:3a:7c:3d:
c0:00:47:4b:97:97:cb:86:74:0d:c0:c7:b9:6d:46:32:b9:01:
fc:2a:dd:fe:9a:f3:a0:e9:2d:57:0f:c7:60:94:35:8a:24:77:
a0:e8:04:a4:de:66:b3:d8:46:cd:00:49:d1:73:d3:12:c4:92:
b3:e7:68:f7:39:a7:cc:ee:ba:8f:83:91:b3:df:8b:2a:6d:9a:
85:3e:1b:e2:6f:cf:de:2f:58:c1:50:b3:58:e8:c7:39:62:86:
ff:e9:80:6f:26:99:7d:0a:99:2f:79:6f:83:06:83:6f:94:7c:
85:6d:4c:a3
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUOdUtqFWbuWWZvMZ6R19uvfbj8+QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNTAwMDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk4ZTM4M2Q1ZGU1YWUyNTUyMDQ1YTg1OTYwMTdmMGRiNTMzMDZmYWYwOWEz
NTQ5YzBjMTkxMDkxODVmMDc0MjgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPNCQyIAUcuajjUfOB4KBR9mk8ScPQoRjEvuKxhv9igK2vZwQCeN7zKuykDU
u+fZjc09shQiygPaglHmJhddIoF6hWYvhjoy7J8/ECVNY87Nn1oTUabllFdH4PhC
RWaTOWiBPWK4x2hL5uK8vbRQCynOUpfBRfNVaN7WZrv7ddf6DlR7FzOrLTipo81R
uNvtY/7xSt6caPi0cQGOc1wzjv7vTsGj6GWZsA138jKWIY3y/h59hcRlzhJAgHqs
20tGhbD+gnUvx3bBirNr1uiB1y3Wzk/kM5CWMBXyL4kl7MJnuM5RBCKjoaASWUhG
2EczRBP8/kKIK6oZrVqXziG5fnUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR/uZSE
pVSKqtpCqi2P0QJgAxcx/jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDJlZmExYTgtZjgwNC00N2M1LThhM2QtNmYzZWEwNWUxYTViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOkMA0G
CSqGSIb3DQEBCwUAA4IBAQCo+HSZ0AeWFysfTf6cngbeyk+EcQGJ/YU5ESm9HpG/
YaadrjAtmVrvOVbLFst5u9RIO+/BJzjaosIeked6L+ydIUSPpXRyGgJIGqSObcWI
5jhSf3Nbc9lInMYorRgoKV6FtCzlA7A6fWCJTMAna8wBf4F32TtyZdiD7gxgPckz
+wl0R259AQiYdshMfbQ6fD3AAEdLl5fLhnQNwMe5bUYyuQH8Kt3+mvOg6S1XD8dg
lDWKJHeg6ASk3maz2EbNAEnRc9MSxJKz52j3OafM7rqPg5Gz34sqbZqFPhvib8/e
L1jBULNY6Mc5Yob/6YBvJpl9CpkveW+DBoNvlHyFbUyj
-----END CERTIFICATE-----
Generated at Wed Nov 5 06:50:32 2025 by rpki-client