Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa
File: 4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa (raw, json)
Hash identifier: zqtRtCTsxlWfK07/ArtWJkpcunlQBt2vG1e7gGoncuU=
Subject key identifier: 13:F5:20:71:EB:42:20:27:B6:B6:9C:D9:88:85:40:59:37:50:28:B8
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7984CFF945D638D0F703427F345D676693C7C940
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa
Signing time: Wed 22 Oct 2025 00:50:15 +0000
ROA not before: Wed 22 Oct 2025 00:50:15 +0000
ROA not after: Wed 26 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.88.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:84:cf:f9:45:d6:38:d0:f7:03:42:7f:34:5d:67:66:93:c7:c9:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 22 00:50:15 2025 GMT
Not After : Nov 26 23:59:59 2025 GMT
Subject: serialNumber=bb0211127b264f797ff03117184c1602338781d6ae4d874bf3a957099e8706ec, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:fa:7a:4a:a4:95:1b:83:b1:34:a7:c3:2f:6b:
cb:2e:e6:7e:44:67:d5:96:e6:cf:4b:4b:4f:07:08:
86:51:80:c3:7b:ce:b5:f1:79:d9:c0:11:f1:41:26:
c1:98:1d:e4:66:05:8a:09:74:2e:de:f9:cd:f8:5b:
58:68:6b:c2:97:0d:61:83:13:88:74:08:1e:22:5c:
2a:26:03:74:22:64:ed:d2:cb:ab:03:c1:2e:62:89:
14:00:8c:8b:b2:6a:a2:8c:09:61:57:7b:cb:b1:90:
4e:c0:90:78:79:50:d4:8d:91:c4:05:d7:d8:2f:b7:
24:e8:b2:c8:43:ff:03:3e:5e:db:17:af:6e:02:4e:
58:1a:c6:6f:d8:d0:c5:f1:dd:f8:cb:57:24:1d:28:
d8:0a:e1:f3:48:c7:18:95:68:4f:35:fe:c3:3d:bf:
33:f8:81:94:48:52:e4:d6:4c:f8:6e:90:b0:74:13:
e2:5a:39:dd:d6:68:5a:af:f5:45:f9:c0:21:9a:26:
5b:db:4a:64:b0:4b:57:e8:e2:3e:78:0b:2b:4a:47:
57:f1:77:35:6e:a6:38:24:19:29:c5:50:d0:a1:14:
d8:65:91:0b:31:dd:d1:2e:e7:9a:4a:00:78:ca:cb:
3b:e8:ec:e9:45:19:fe:12:85:a2:8f:8c:f5:bc:5c:
1b:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:F5:20:71:EB:42:20:27:B6:B6:9C:D9:88:85:40:59:37:50:28:B8
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.88.0/21
Signature Algorithm: sha256WithRSAEncryption
4e:eb:d7:6f:88:06:18:da:3e:7c:2e:2e:d9:e3:01:9a:69:ae:
b8:f0:5f:60:5c:83:f1:e8:53:c8:c4:5a:26:4b:db:8a:25:4d:
cd:40:dc:b9:21:12:0e:35:10:f7:39:c0:6b:08:f9:ae:4b:bf:
68:28:0f:7c:33:d9:3c:bd:e3:ca:7b:c2:35:52:fa:c1:e0:ab:
f2:20:14:d5:b7:fb:b6:ac:7b:2e:b9:6d:a3:46:12:7a:89:50:
25:8f:50:17:59:4c:b0:cd:a2:f3:22:05:33:44:0b:9d:ad:81:
37:dd:b9:b5:da:c5:86:d0:74:56:36:25:01:3d:9e:8c:0e:41:
5d:03:d0:cf:65:b6:d3:17:21:53:10:60:0f:d1:6b:05:4e:b7:
8c:d2:57:c9:3d:53:f2:f9:c1:0b:a5:1d:7f:a0:30:08:bd:cb:
23:b0:14:88:96:b8:64:26:ce:3a:28:83:73:8f:e6:d6:3d:3f:
70:5d:20:b1:93:af:b7:3b:05:10:a1:ce:4d:d5:76:68:b4:dd:
99:7e:31:31:3d:45:15:c4:96:5e:be:f2:62:bb:47:31:ac:6e:
1f:13:40:97:13:9e:08:05:cc:2b:f9:ce:ca:5c:91:d8:fd:c8:
bf:53:f6:df:da:aa:78:b3:3a:bb:16:8e:50:1d:42:0b:9d:ed:
7c:0b:54:00
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUeYTP+UXWOND3A0J/NF1nZpPHyUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjIwMDUwMTVaFw0yNTExMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQGJiMDIxMTEyN2IyNjRmNzk3ZmYwMzExNzE4NGMxNjAyMzM4NzgxZDZhZTRk
ODc0YmYzYTk1NzA5OWU4NzA2ZWMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALj6ekqklRuDsTSnwy9ryy7mfkRn1Zbmz0tLTwcIhlGAw3vOtfF52cAR8UEm
wZgd5GYFigl0Lt75zfhbWGhrwpcNYYMTiHQIHiJcKiYDdCJk7dLLqwPBLmKJFACM
i7JqoowJYVd7y7GQTsCQeHlQ1I2RxAXX2C+3JOiyyEP/Az5e2xevbgJOWBrGb9jQ
xfHd+MtXJB0o2Arh80jHGJVoTzX+wz2/M/iBlEhS5NZM+G6QsHQT4lo53dZoWq/1
RfnAIZomW9tKZLBLV+jiPngLK0pHV/F3NW6mOCQZKcVQ0KEU2GWRCzHd0S7nmkoA
eMrLO+js6UUZ/hKFoo+M9bxcGykCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQT9SBx
60IgJ7a2nNmIhUBZN1AouDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGY5ZDNjMzktYWU3Ni00ZjIyLTlkZjktYzY1MDFhY2JjYzg0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAWDAN
BgkqhkiG9w0BAQsFAAOCAQEATuvXb4gGGNo+fC4u2eMBmmmuuPBfYFyD8ehTyMRa
JkvbiiVNzUDcuSESDjUQ9znAawj5rku/aCgPfDPZPL3jynvCNVL6weCr8iAU1bf7
tqx7Lrlto0YSeolQJY9QF1lMsM2i8yIFM0QLna2BN925tdrFhtB0VjYlAT2ejA5B
XQPQz2W20xchUxBgD9FrBU63jNJXyT1T8vnBC6Udf6AwCL3LI7AUiJa4ZCbOOiiD
c4/m1j0/cF0gsZOvtzsFEKHOTdV2aLTdmX4xMT1FFcSWXr7yYrtHMaxuHxNAlxOe
CAXMK/nOylyR2P3Iv1P239qqeLM6uxaOUB1CC53tfAtUAA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 09:36:06 2025 by rpki-client