Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
File: 42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa (raw, json)
Hash identifier: 1FxAbjXsAN09Dabwwb8M/XABfY8wlIVYBgJsff570ns=
Subject key identifier: 48:54:59:E3:7F:0D:82:8C:E0:6B:6C:9E:D4:B8:84:EE:FE:5C:E4:65
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7638FC334F896854BA8666BD343BB7F035165C58
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
Signing time: Fri 24 Oct 2025 00:40:24 +0000
ROA not before: Fri 24 Oct 2025 00:40:24 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.24.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:38:fc:33:4f:89:68:54:ba:86:66:bd:34:3b:b7:f0:35:16:5c:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 24 00:40:24 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=846b04a23b849d97c20ae4954dacab57348de9f1c297c432a127b2cf8185ff57, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:a7:c6:57:6a:8d:c4:65:a9:5a:97:9a:5a:8a:
84:45:13:b3:71:66:6d:4f:3a:be:e3:77:04:c6:98:
30:26:c9:65:d8:9e:87:09:46:2a:73:91:02:21:fb:
a4:60:d7:2d:1e:cd:c5:72:bc:b9:fb:b9:a8:57:e7:
49:f5:af:71:8d:d3:62:cb:70:84:6a:aa:93:6c:fe:
fe:31:2d:bb:8f:ba:c7:a2:29:74:cd:e3:e5:97:74:
5e:fc:04:ca:82:2b:59:29:f0:cc:a4:bb:15:86:d7:
85:d0:4a:ac:27:44:89:90:7b:32:10:69:2e:98:53:
19:23:b7:99:5b:08:22:f2:24:d4:79:ac:b8:ad:ca:
23:1e:e9:7f:fb:ac:c8:aa:89:4d:1e:1c:8d:45:99:
71:c2:83:42:21:21:b8:9c:99:e3:fa:63:83:69:da:
36:db:84:3c:9b:2c:f3:08:6d:60:82:74:d6:a6:71:
1e:6d:c4:8a:c9:24:f7:74:f6:a3:d5:f9:01:f0:b9:
7d:1e:bf:a5:11:d0:3f:7e:70:a9:a0:b5:7f:06:82:
f0:b3:17:77:06:6e:b3:b9:fd:0f:92:41:1f:6c:e9:
8a:f4:00:13:45:62:38:5f:f6:ee:d6:f6:3f:14:4b:
51:26:9d:94:a6:40:9b:fb:d0:b6:1d:10:57:41:f7:
f7:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:54:59:E3:7F:0D:82:8C:E0:6B:6C:9E:D4:B8:84:EE:FE:5C:E4:65
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.24.0.0/16
Signature Algorithm: sha256WithRSAEncryption
d3:cb:39:21:ba:9f:69:47:d2:ad:3e:a1:94:bd:c6:55:6f:1f:
5f:cc:29:f9:db:e5:67:ba:a2:14:5c:be:3c:4a:a0:cf:5e:54:
86:a7:b3:f7:5e:94:07:62:57:18:f0:d1:33:1f:03:89:7a:8a:
a9:19:a0:e8:20:11:c9:44:c6:84:9d:f1:34:8a:9f:17:75:11:
14:dc:82:aa:93:a6:1a:36:4e:ac:12:f5:f0:64:ee:6b:69:5a:
71:9a:37:06:e4:70:0f:89:43:42:12:29:00:0d:e7:82:ea:ef:
a4:1f:3f:61:66:67:a5:0a:ec:95:2e:46:ed:38:3b:c3:ce:4c:
f1:54:66:0e:c4:80:af:9d:e0:e6:0d:b2:2a:09:76:2f:bd:bd:
00:c4:d4:0c:3e:74:d3:64:d6:8f:97:bb:0a:a9:08:92:f9:d4:
e3:b9:7d:ed:6d:3a:29:8f:f1:43:21:9c:b8:97:1b:ec:ed:e9:
27:4c:db:96:0c:92:b1:49:18:15:d4:28:97:9d:4e:6c:f9:48:
da:b6:91:fe:13:a3:1f:51:ed:51:89:38:56:b5:b1:a2:6a:08:
18:46:1b:e5:ed:99:7c:69:e2:cb:8f:a4:93:c5:d5:60:e5:98:
08:7e:b6:ca:8d:94:c8:2c:86:e3:14:71:fe:8c:c9:67:e6:d7:
bf:b3:58:ee
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdjj8M0+JaFS6hma9NDu38DUWXFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjQwMDQwMjRaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDg0NmIwNGEyM2I4NDlkOTdjMjBhZTQ5NTRkYWNhYjU3MzQ4ZGU5ZjFjMjk3
YzQzMmExMjdiMmNmODE4NWZmNTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO+nxldqjcRlqVqXmlqKhEUTs3FmbU86vuN3BMaYMCbJZdiehwlGKnORAiH7
pGDXLR7NxXK8ufu5qFfnSfWvcY3TYstwhGqqk2z+/jEtu4+6x6IpdM3j5Zd0XvwE
yoIrWSnwzKS7FYbXhdBKrCdEiZB7MhBpLphTGSO3mVsIIvIk1HmsuK3KIx7pf/us
yKqJTR4cjUWZccKDQiEhuJyZ4/pjg2naNtuEPJss8whtYIJ01qZxHm3Eiskk93T2
o9X5AfC5fR6/pRHQP35wqaC1fwaC8LMXdwZus7n9D5JBH2zpivQAE0ViOF/27tb2
PxRLUSadlKZAm/vQth0QV0H3958CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRIVFnj
fw2CjOBrbJ7UuITu/lzkZTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDJmNDdjODUtZTlmZS00MGY5LWFlMWMtNTdlYTFiODA1NDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMYMA0G
CSqGSIb3DQEBCwUAA4IBAQDTyzkhup9pR9KtPqGUvcZVbx9fzCn52+VnuqIUXL48
SqDPXlSGp7P3XpQHYlcY8NEzHwOJeoqpGaDoIBHJRMaEnfE0ip8XdREU3IKqk6Ya
Nk6sEvXwZO5raVpxmjcG5HAPiUNCEikADeeC6u+kHz9hZmelCuyVLkbtODvDzkzx
VGYOxICvneDmDbIqCXYvvb0AxNQMPnTTZNaPl7sKqQiS+dTjuX3tbTopj/FDIZy4
lxvs7eknTNuWDJKxSRgV1CiXnU5s+UjatpH+E6MfUe1RiThWtbGiaggYRhvl7Zl8
aeLLj6STxdVg5ZgIfrbKjZTILIbjFHH+jMln5te/s1ju
-----END CERTIFICATE-----
Generated at Wed Nov 5 09:36:41 2025 by rpki-client