Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/51429a37-e3fd-4b49-a184-1e07ed522f97.roa
File: 51429a37-e3fd-4b49-a184-1e07ed522f97.roa (raw, json)
Hash identifier: 5RmqNHlyyldCNePbQhtENH43SoZr3LBZGnCXg6icMqI=
Subject key identifier: D3:4B:F3:AE:B4:2E:99:2F:7D:8F:C9:D1:02:3C:51:A3:3E:9B:87:4B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0633E9306C2B2CDF07FBAF8E224BC315137D4C26
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/51429a37-e3fd-4b49-a184-1e07ed522f97.roa
Signing time: Tue 21 Oct 2025 14:40:35 +0000
ROA not before: Tue 21 Oct 2025 14:40:35 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.3.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:33:e9:30:6c:2b:2c:df:07:fb:af:8e:22:4b:c3:15:13:7d:4c:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:35 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=649033796308965ccdfaa4bf27a88e5de32c356dda5a0f2f321b817ecf5685d8, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:a4:e9:18:da:b2:37:25:73:60:d4:57:02:62:
69:4f:4c:ce:2f:fb:f0:82:9c:7f:d5:fa:3b:48:2f:
fa:28:49:c4:e4:50:82:a5:22:44:bc:9a:55:3b:41:
3f:ca:ff:d1:12:f3:8d:73:10:65:fb:eb:02:14:e3:
07:a1:d9:a6:a7:07:03:fe:37:2d:5b:f3:8c:f3:39:
fc:ad:a1:53:3a:79:09:ea:64:b9:e7:d4:64:b1:5d:
0f:cd:8d:44:9a:59:ed:8a:f3:a8:ab:b7:82:4e:26:
8e:4b:95:d5:27:44:70:25:b6:7c:aa:43:0a:9b:b0:
0d:98:03:4f:1a:4e:f5:0e:90:ea:41:53:c3:99:f0:
bd:ca:f4:29:09:90:e9:02:2f:7d:45:0e:0d:8b:13:
5d:ea:c4:49:db:56:63:69:af:18:a6:5f:cf:a2:6e:
8d:cb:33:98:bc:fe:a0:06:62:dd:f0:61:68:f8:3f:
c9:13:45:d8:7c:7e:fb:d3:74:29:d8:e2:4c:d7:b0:
ac:16:5a:1b:ef:84:e3:f7:de:53:be:9e:a9:fc:d5:
b1:d6:24:ff:71:19:06:af:5e:8e:f4:96:79:79:0d:
9c:d5:78:24:a6:a7:6a:d9:3a:6e:e6:1b:e1:8e:08:
76:ef:31:71:ff:38:0c:fd:e5:27:3f:28:14:32:3b:
15:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:4B:F3:AE:B4:2E:99:2F:7D:8F:C9:D1:02:3C:51:A3:3E:9B:87:4B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/51429a37-e3fd-4b49-a184-1e07ed522f97.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.3.0.0/16
Signature Algorithm: sha256WithRSAEncryption
44:00:3f:52:b2:0d:09:fe:82:77:a9:c7:9b:b7:37:83:7a:be:
64:c0:bd:c4:d2:3d:c5:cf:80:3c:24:1a:af:b9:6c:a3:23:b2:
b7:f1:33:03:3c:af:cf:1b:40:83:e7:d8:c5:f2:c1:a4:79:aa:
14:1d:6e:92:68:f9:b9:6c:95:90:10:d6:a7:90:d0:3b:99:73:
c8:e5:36:a3:41:01:00:76:11:9c:87:93:b6:24:3f:63:bc:8b:
a4:fc:fc:c7:50:bc:b2:9c:b8:43:bf:a8:4c:9e:03:a7:da:c4:
43:5c:39:19:76:0e:93:41:de:c3:04:0c:36:b7:8e:e7:bc:3f:
b2:77:23:55:27:22:6d:52:d9:9e:6b:84:51:18:44:c2:7b:4b:
2c:23:38:45:b0:d0:d4:01:c7:22:7e:8b:d2:c9:2c:12:7f:28:
56:35:14:70:45:a5:4e:d4:3b:c5:4a:90:75:79:47:5b:a1:76:
f8:95:47:92:68:0e:bd:dc:e0:0f:be:75:1f:38:25:d6:87:de:
b3:ce:4a:54:07:3e:56:80:f0:39:67:66:00:bd:7d:21:e2:b3:
0e:0e:16:67:b9:b8:29:00:36:85:1f:40:14:4b:af:66:a6:01:
3e:1b:7b:5f:00:b4:49:1a:7f:c6:39:1f:53:3b:ff:cc:6c:b3:
dc:11:99:af
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBjPpMGwrLN8H+6+OIkvDFRN9TCYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMzVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY0OTAzMzc5NjMwODk2NWNjZGZhYTRiZjI3YTg4ZTVkZTMyYzM1NmRkYTVh
MGYyZjMyMWI4MTdlY2Y1Njg1ZDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmk6Rjasjclc2DUVwJiaU9Mzi/78IKcf9X6O0gv+ihJxORQgqUiRLyaVTtB
P8r/0RLzjXMQZfvrAhTjB6HZpqcHA/43LVvzjPM5/K2hUzp5CepkuefUZLFdD82N
RJpZ7YrzqKu3gk4mjkuV1SdEcCW2fKpDCpuwDZgDTxpO9Q6Q6kFTw5nwvcr0KQmQ
6QIvfUUODYsTXerESdtWY2mvGKZfz6JujcszmLz+oAZi3fBhaPg/yRNF2Hx++9N0
KdjiTNewrBZaG++E4/feU76eqfzVsdYk/3EZBq9ejvSWeXkNnNV4JKanatk6buYb
4Y4Idu8xcf84DP3lJz8oFDI7FXMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTTS/Ou
tC6ZL32PydECPFGjPpuHSzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTE0MjlhMzctZTNmZC00YjQ5LWExODQtMWUwN2VkNTIyZjk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMDMA0G
CSqGSIb3DQEBCwUAA4IBAQBEAD9Ssg0J/oJ3qcebtzeDer5kwL3E0j3Fz4A8JBqv
uWyjI7K38TMDPK/PG0CD59jF8sGkeaoUHW6SaPm5bJWQENankNA7mXPI5TajQQEA
dhGch5O2JD9jvIuk/PzHULyynLhDv6hMngOn2sRDXDkZdg6TQd7DBAw2t47nvD+y
dyNVJyJtUtmea4RRGETCe0ssIzhFsNDUAccifovSySwSfyhWNRRwRaVO1DvFSpB1
eUdboXb4lUeSaA693OAPvnUfOCXWh96zzkpUBz5WgPA5Z2YAvX0h4rMODhZnubgp
ADaFH0AUS69mpgE+G3tfALRJGn/GOR9TO//MbLPcEZmv
-----END CERTIFICATE-----
Generated at Wed Nov 5 00:01:05 2025 by rpki-client