Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c89335-41cc-407d-8ffe-34cda7e66bb7.roa
File: 60c89335-41cc-407d-8ffe-34cda7e66bb7.roa (raw, json)
Hash identifier: bmr472Ojad2rhEIyL0HSCCUYuCgxMOrMECrUQZdqGpg=
Subject key identifier: 8C:9F:B6:7B:A3:CE:9E:A5:08:C7:BA:69:CF:F7:AA:5C:9F:19:7E:DE
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 555FA8A408BA251A4A5D41DC6710F1A94697B5B4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c89335-41cc-407d-8ffe-34cda7e66bb7.roa
Signing time: Fri 24 Oct 2025 00:40:11 +0000
ROA not before: Fri 24 Oct 2025 00:40:11 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.96.0.0/14 maxlen: 14
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:5f:a8:a4:08:ba:25:1a:4a:5d:41:dc:67:10:f1:a9:46:97:b5:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 24 00:40:11 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=0f18c3437dc65fad99b72881e2088e8720151c5b7c8a22e1d7f254168f84905b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:65:f3:54:84:ba:62:10:2a:3a:79:b7:1a:ff:
11:eb:6a:03:f9:c6:2d:54:dd:5c:41:68:c9:8d:5f:
8b:f9:9e:2e:bc:6f:d1:44:49:14:82:bc:de:9b:cd:
1a:0a:2d:ff:0b:1d:8a:20:1e:07:d6:0b:4a:a8:ac:
0f:ee:e3:f5:ce:e4:d9:d1:6e:12:67:44:65:3f:04:
9e:0f:95:03:24:6c:7e:17:86:47:30:0e:51:af:b7:
f9:f2:f6:0e:33:ff:5b:f9:1a:e1:dc:7f:63:2e:b2:
70:ca:ce:27:49:c9:27:ea:32:e5:ba:28:6c:a5:84:
5d:08:fd:11:98:88:60:6c:da:10:89:7e:6a:93:4b:
33:b3:bd:52:9e:fa:69:2d:b4:66:00:95:0e:43:16:
69:bf:65:34:15:3d:28:43:85:16:f5:0e:1c:9c:24:
c8:cd:b7:3e:46:79:33:92:53:4e:2e:cc:fb:af:75:
e5:60:c1:a6:0f:44:e7:c6:cd:88:6c:f0:3d:a6:e4:
e7:56:c8:81:29:9d:f5:97:31:ef:0d:06:4a:43:a4:
12:5b:36:73:81:57:84:ff:04:be:46:f0:f5:7a:32:
7a:27:92:e8:a3:aa:70:00:39:8c:6a:a9:ff:da:d4:
52:f3:1a:5a:ff:71:b2:2e:53:ff:fc:6e:f1:a9:2b:
96:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:9F:B6:7B:A3:CE:9E:A5:08:C7:BA:69:CF:F7:AA:5C:9F:19:7E:DE
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c89335-41cc-407d-8ffe-34cda7e66bb7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.96.0.0/14
Signature Algorithm: sha256WithRSAEncryption
ca:c9:29:db:1e:a4:2d:b1:7d:93:b9:13:b2:61:68:24:6d:e3:
8e:b0:09:24:a0:ee:c5:81:91:70:e9:ce:1e:5b:bb:15:b7:37:
a8:1a:3e:04:79:ef:d7:d4:a4:7d:2a:de:53:89:2a:77:69:a2:
52:6f:1d:05:46:dc:7c:6c:f1:06:f3:0a:7e:30:99:13:c2:f6:
58:e7:d7:a2:a6:eb:55:10:ba:79:da:8a:56:b5:fa:5d:86:2f:
7d:b5:df:c2:94:a0:60:db:16:e1:ac:5d:94:b9:95:78:98:7c:
79:cf:5f:4c:b6:7c:dd:68:89:61:0c:38:67:ef:b6:1e:ae:b0:
84:6e:0e:cd:5a:85:4f:c1:c0:5e:57:89:08:18:f1:39:1b:ba:
ef:40:40:59:2b:ec:c3:b4:21:c5:f2:d6:d0:66:39:76:0c:69:
22:95:40:8a:12:9d:cc:50:e1:b0:63:49:71:be:7d:f0:5c:da:
70:c7:8f:5c:48:01:ec:f3:73:b5:03:1e:a8:65:8c:f1:74:26:
99:5c:06:3d:09:15:ec:23:4c:3a:3b:3a:dd:0b:ee:06:0d:cf:
49:d9:2a:7e:2b:cf:b6:c1:52:32:fa:ff:30:a6:ca:76:69:22:
c7:7b:c4:42:76:6b:b2:62:1c:48:e4:e5:fb:4e:a7:60:6e:a1:
3b:3f:9a:8e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVV+opAi6JRpKXUHcZxDxqUaXtbQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjQwMDQwMTFaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDBmMThjMzQzN2RjNjVmYWQ5OWI3Mjg4MWUyMDg4ZTg3MjAxNTFjNWI3Yzhh
MjJlMWQ3ZjI1NDE2OGY4NDkwNWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOJl81SEumIQKjp5txr/EetqA/nGLVTdXEFoyY1fi/meLrxv0URJFIK83pvN
Ggot/wsdiiAeB9YLSqisD+7j9c7k2dFuEmdEZT8Eng+VAyRsfheGRzAOUa+3+fL2
DjP/W/ka4dx/Yy6ycMrOJ0nJJ+oy5boobKWEXQj9EZiIYGzaEIl+apNLM7O9Up76
aS20ZgCVDkMWab9lNBU9KEOFFvUOHJwkyM23PkZ5M5JTTi7M+6915WDBpg9E58bN
iGzwPabk51bIgSmd9Zcx7w0GSkOkEls2c4FXhP8Evkbw9XoyeieS6KOqcAA5jGqp
/9rUUvMaWv9xsi5T//xu8akrloMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSMn7Z7
o86epQjHumnP96pcnxl+3jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjBjODkzMzUtNDFjYy00MDdkLThmZmUtMzRjZGE3ZTY2YmI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAjNgMA0G
CSqGSIb3DQEBCwUAA4IBAQDKySnbHqQtsX2TuROyYWgkbeOOsAkkoO7FgZFw6c4e
W7sVtzeoGj4Eee/X1KR9Kt5TiSp3aaJSbx0FRtx8bPEG8wp+MJkTwvZY59eiputV
ELp52opWtfpdhi99td/ClKBg2xbhrF2UuZV4mHx5z19MtnzdaIlhDDhn77YerrCE
bg7NWoVPwcBeV4kIGPE5G7rvQEBZK+zDtCHF8tbQZjl2DGkilUCKEp3MUOGwY0lx
vn3wXNpwx49cSAHs83O1Ax6oZYzxdCaZXAY9CRXsI0w6OzrdC+4GDc9J2Sp+K8+2
wVIy+v8wpsp2aSLHe8RCdmuyYhxI5OX7TqdgbqE7P5qO
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:37:46 2025 by rpki-client