Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46b220b9-837f-4174-97e6-c711958273ea.roa
File: 46b220b9-837f-4174-97e6-c711958273ea.roa (raw, json)
Hash identifier: pCO5fl9gJUCewFmGEor/+/GCqdzxS6vlBUqlC2Jq/Js=
Subject key identifier: B7:E3:EC:C4:22:CA:D6:83:95:10:09:FE:54:EC:1F:F0:B9:E8:5A:C8
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5F4BDA12C715119356BB46523FF14041A7B384F4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46b220b9-837f-4174-97e6-c711958273ea.roa
Signing time: Tue 21 Oct 2025 14:50:26 +0000
ROA not before: Tue 21 Oct 2025 14:50:26 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.78.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:4b:da:12:c7:15:11:93:56:bb:46:52:3f:f1:40:41:a7:b3:84:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:26 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=828975daef5ca9881fb67754657e299dc71e521cd509dd42fd80d9c97f93ca84, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:b6:f2:92:7f:1b:dd:f3:60:be:b3:8d:73:91:
cb:41:0b:b2:48:a5:4a:a9:39:cd:26:19:0e:8d:1b:
7c:8b:98:3a:01:39:47:b5:ae:24:c6:86:5a:7e:e5:
08:29:ea:43:b1:c8:a3:af:62:ab:91:ad:9d:68:38:
27:05:52:75:c8:1b:36:55:6a:10:5d:4c:63:de:4a:
9d:fa:8e:a2:31:e8:8d:97:79:98:30:a3:52:ad:0f:
ce:75:5b:de:57:2b:19:01:e3:a0:04:cf:9b:e3:d0:
f5:53:3f:e4:7e:fa:3c:3c:5d:64:49:b3:6f:71:c2:
b0:1a:60:0e:e4:3b:da:0c:dd:6a:ab:12:3f:25:d3:
0f:17:a8:35:7b:d8:80:35:21:1f:1a:e6:03:44:e8:
b6:7c:0c:3e:d0:ab:fe:61:8f:80:11:7c:15:09:5e:
0e:3a:2d:19:e7:78:3e:62:80:86:d7:66:ff:6e:74:
d3:de:ae:31:cb:6a:14:6c:84:8b:3f:4a:88:6b:04:
6b:ed:0b:ae:d7:32:8e:1f:77:ba:9b:f7:f6:77:1a:
14:68:ff:7e:73:58:ee:0d:94:62:f7:7a:24:bb:e5:
8d:66:7d:0e:d2:e8:63:0a:aa:fe:b5:83:6a:f6:53:
26:df:a6:14:6a:84:39:5d:10:6a:36:e5:fd:9e:02:
7a:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:E3:EC:C4:22:CA:D6:83:95:10:09:FE:54:EC:1F:F0:B9:E8:5A:C8
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46b220b9-837f-4174-97e6-c711958273ea.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.78.0.0/16
Signature Algorithm: sha256WithRSAEncryption
21:7a:ce:56:db:98:4c:aa:b1:29:71:fc:71:da:27:57:5e:2a:
b9:98:33:4f:af:2b:12:81:d9:88:09:68:bd:d9:90:40:55:c8:
d0:bd:11:29:e3:de:63:6d:62:c4:a0:d0:20:6f:8c:88:46:34:
e6:9b:37:61:a0:97:c2:a2:74:22:79:64:99:9e:c8:63:06:73:
1c:2d:7f:9a:0e:57:4d:b4:6e:e7:48:42:21:ba:1d:c8:ad:4c:
22:6d:fe:c7:02:af:37:6b:d9:2a:46:34:7c:5b:b5:ff:0b:c7:
87:d4:94:69:8b:e6:b1:42:62:0d:f8:91:4b:8c:e5:1e:34:e4:
c9:f2:6e:66:5b:86:9e:7e:9b:62:4a:47:f4:f0:09:ec:2f:ab:
bd:0a:1c:e1:d4:ad:c9:55:72:fb:66:d1:c6:ca:13:5f:42:8c:
59:c0:42:b7:b2:f8:c6:97:5a:8c:7c:00:f7:7a:6d:bc:a8:e7:
5c:72:dc:00:27:e3:86:2f:ec:cd:b3:2e:01:22:54:65:6f:c1:
bd:c2:38:ba:ab:e3:43:35:36:a8:5d:4b:6b:83:29:ac:35:1d:
9d:42:ed:17:99:22:f6:93:a3:93:bf:42:75:13:2a:f2:52:11:
c0:19:9d:bd:11:73:b4:fa:7b:ea:48:5f:51:41:9b:ab:f2:25:
bd:24:74:57
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUX0vaEscVEZNWu0ZSP/FAQaezhPQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDgyODk3NWRhZWY1Y2E5ODgxZmI2Nzc1NDY1N2UyOTlkYzcxZTUyMWNkNTA5
ZGQ0MmZkODBkOWM5N2Y5M2NhODQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALe28pJ/G93zYL6zjXORy0ELskilSqk5zSYZDo0bfIuYOgE5R7WuJMaGWn7l
CCnqQ7HIo69iq5GtnWg4JwVSdcgbNlVqEF1MY95KnfqOojHojZd5mDCjUq0PznVb
3lcrGQHjoATPm+PQ9VM/5H76PDxdZEmzb3HCsBpgDuQ72gzdaqsSPyXTDxeoNXvY
gDUhHxrmA0TotnwMPtCr/mGPgBF8FQleDjotGed4PmKAhtdm/250096uMctqFGyE
iz9KiGsEa+0Lrtcyjh93upv39ncaFGj/fnNY7g2UYvd6JLvljWZ9DtLoYwqq/rWD
avZTJt+mFGqEOV0Qajbl/Z4CersCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS34+zE
IsrWg5UQCf5U7B/wuehayDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDZiMjIwYjktODM3Zi00MTc0LTk3ZTYtYzcxMTk1ODI3M2VhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNOMA0G
CSqGSIb3DQEBCwUAA4IBAQAhes5W25hMqrEpcfxx2idXXiq5mDNPrysSgdmICWi9
2ZBAVcjQvREp495jbWLEoNAgb4yIRjTmmzdhoJfConQieWSZnshjBnMcLX+aDldN
tG7nSEIhuh3IrUwibf7HAq83a9kqRjR8W7X/C8eH1JRpi+axQmIN+JFLjOUeNOTJ
8m5mW4aefptiSkf08AnsL6u9Chzh1K3JVXL7ZtHGyhNfQoxZwEK3svjGl1qMfAD3
em28qOdcctwAJ+OGL+zNsy4BIlRlb8G9wji6q+NDNTaoXUtrgymsNR2dQu0XmSL2
k6OTv0J1EyryUhHAGZ29EXO0+nvqSF9RQZur8iW9JHRX
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:36:39 2025 by rpki-client