Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4a35eec8-470f-4ad0-852b-9006065bbbb0.roa
File: 4a35eec8-470f-4ad0-852b-9006065bbbb0.roa (raw, json)
Hash identifier: DRbiQroRkW/dCl4UrreF2jxS16OM0ELWdul5Q4ykPYM=
Subject key identifier: AB:7C:8B:06:FF:08:BE:F9:05:E5:65:C5:06:E9:70:28:27:C6:02:85
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5D82F7926ED777B9DC3F0E328D793BFC2D45EF03
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4a35eec8-470f-4ad0-852b-9006065bbbb0.roa
Signing time: Tue 21 Oct 2025 14:50:23 +0000
ROA not before: Tue 21 Oct 2025 14:50:23 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.166.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:82:f7:92:6e:d7:77:b9:dc:3f:0e:32:8d:79:3b:fc:2d:45:ef:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:23 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=bec6e007d900245148e9916eb8992d828e819431e0e9242914390f92dfc2b545, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:5a:c0:44:99:a8:fa:fe:82:e8:39:6b:a6:67:
45:71:de:73:0e:74:5f:61:2c:02:c0:6d:68:39:c2:
07:f6:6f:cb:47:52:d5:3f:80:18:07:4f:13:26:e0:
b5:07:c4:a8:47:6e:8c:f5:1d:6f:0b:57:ea:72:34:
81:e6:d0:d6:71:46:02:1b:f5:7c:97:91:ef:5b:31:
cc:41:5d:1f:7a:06:bf:b2:76:22:9a:dc:81:cd:11:
f6:a6:e9:4f:c5:53:64:b5:2a:16:61:50:ad:40:a6:
be:6f:d3:38:29:59:69:16:ac:71:5b:db:cf:79:bd:
d6:9e:e3:23:c6:4e:a0:a5:c7:d7:db:44:97:8d:b5:
a6:15:29:b1:56:10:dd:2b:cc:a8:61:8d:2b:cd:4b:
78:cd:79:ea:63:31:0a:a9:e1:db:04:d0:97:1f:1c:
21:ab:31:1b:f5:a1:2c:cb:aa:12:93:0c:d1:78:cc:
50:c3:d7:3e:e5:93:31:85:bd:49:6f:da:25:68:c4:
42:d6:69:85:30:66:9e:6f:d4:24:81:8d:5b:33:bd:
5d:dd:7d:0c:4f:76:92:ad:29:92:a0:84:30:0b:7b:
0e:0c:bf:71:c0:08:77:63:23:8d:06:7f:02:3d:71:
6d:60:6d:8d:91:58:63:4e:16:0a:b3:2d:99:69:97:
d9:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:7C:8B:06:FF:08:BE:F9:05:E5:65:C5:06:E9:70:28:27:C6:02:85
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4a35eec8-470f-4ad0-852b-9006065bbbb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.166.0.0/15
Signature Algorithm: sha256WithRSAEncryption
3c:bf:75:4f:3b:75:94:01:cb:74:51:8f:f8:65:79:95:cb:41:
6e:e8:ad:d1:7b:94:15:d1:67:c4:e6:2e:84:2c:92:a1:6b:fd:
1f:56:96:e8:50:ed:15:fa:1d:ee:ab:fa:50:d7:32:bf:df:19:
8d:45:4a:b4:eb:9b:34:39:bb:5c:6c:81:e1:0c:f0:58:e0:db:
e4:70:2d:a7:52:48:e8:03:b8:1f:2c:1d:73:7b:9e:f2:cd:5e:
f1:13:8a:d1:82:0d:93:af:e7:6a:d9:a9:3b:3e:4b:2e:90:84:
8b:33:3c:f2:e5:55:30:a4:c8:0c:7d:02:20:fe:1e:0f:ce:1e:
b2:17:8f:75:eb:00:38:a1:7b:75:2f:6d:c4:b2:41:87:30:93:
b2:42:9c:d6:f8:8e:1a:37:3c:ad:0a:83:06:a1:d5:05:af:00:
88:a9:69:b9:ae:40:fa:b7:9f:96:d5:c7:73:49:09:31:80:da:
c5:0a:88:5e:f3:58:8d:43:7e:72:80:72:1a:79:4c:2c:73:a8:
6b:ea:f9:04:d9:4f:dd:2a:ac:d8:3f:7f:17:e0:b2:da:97:2b:
80:91:fe:0d:b6:cc:7b:be:29:d1:ac:b8:69:01:08:5f:68:8e:
de:37:79:8b:7e:e4:6c:4e:80:a9:9b:e3:c7:1c:f2:c7:96:d2:
f4:fe:5a:1b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXYL3km7Xd7ncPw4yjXk7/C1F7wMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJlYzZlMDA3ZDkwMDI0NTE0OGU5OTE2ZWI4OTkyZDgyOGU4MTk0MzFlMGU5
MjQyOTE0MzkwZjkyZGZjMmI1NDUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMFawESZqPr+gug5a6ZnRXHecw50X2EsAsBtaDnCB/Zvy0dS1T+AGAdPEybg
tQfEqEdujPUdbwtX6nI0gebQ1nFGAhv1fJeR71sxzEFdH3oGv7J2Iprcgc0R9qbp
T8VTZLUqFmFQrUCmvm/TOClZaRascVvbz3m91p7jI8ZOoKXH19tEl421phUpsVYQ
3SvMqGGNK81LeM156mMxCqnh2wTQlx8cIasxG/WhLMuqEpMM0XjMUMPXPuWTMYW9
SW/aJWjEQtZphTBmnm/UJIGNWzO9Xd19DE92kq0pkqCEMAt7Dgy/ccAId2MjjQZ/
Aj1xbWBtjZFYY04WCrMtmWmX2eECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSrfIsG
/wi++QXlZcUG6XAoJ8YChTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGEzNWVlYzgtNDcwZi00YWQwLTg1MmItOTAwNjA2NWJiYmIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOmMA0G
CSqGSIb3DQEBCwUAA4IBAQA8v3VPO3WUAct0UY/4ZXmVy0Fu6K3Re5QV0WfE5i6E
LJKha/0fVpboUO0V+h3uq/pQ1zK/3xmNRUq065s0ObtcbIHhDPBY4NvkcC2nUkjo
A7gfLB1ze57yzV7xE4rRgg2Tr+dq2ak7PksukISLMzzy5VUwpMgMfQIg/h4Pzh6y
F4916wA4oXt1L23EskGHMJOyQpzW+I4aNzytCoMGodUFrwCIqWm5rkD6t5+W1cdz
SQkxgNrFCohe81iNQ35ygHIaeUwsc6hr6vkE2U/dKqzYP38X4LLalyuAkf4Ntsx7
vinRrLhpAQhfaI7eN3mLfuRsToCpm+PHHPLHltL0/lob
-----END CERTIFICATE-----
Generated at Wed Nov 5 08:12:55 2025 by rpki-client