Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/620d46e8-bb13-40cd-8918-677590eaf682.roa
File: 620d46e8-bb13-40cd-8918-677590eaf682.roa (raw, json)
Hash identifier: n3Dh40TM7ji3Yz6zu3Hz9IBXozSkE8aTYf7uq+i/kp4=
Subject key identifier: B2:53:F7:4D:6F:71:7B:3B:09:47:E5:A5:E0:53:0C:73:78:F1:F4:06
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 50969068BD9F4D238C68DC15CB6DAFAF1AD73C24
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/620d46e8-bb13-40cd-8918-677590eaf682.roa
Signing time: Tue 21 Oct 2025 15:00:34 +0000
ROA not before: Tue 21 Oct 2025 15:00:34 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.226.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:96:90:68:bd:9f:4d:23:8c:68:dc:15:cb:6d:af:af:1a:d7:3c:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 15:00:34 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=ccfd27a3041b5af31457b59843b9fdf49e4d2bfd96e4e2ff9414fce04b6b7b01, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:e7:7e:bf:bc:14:36:e4:4b:41:14:19:7b:67:
d2:e0:54:72:c0:7a:fa:d9:83:30:d4:85:3b:a7:69:
48:b7:a0:4e:b6:d3:5f:07:eb:ca:46:0a:cd:63:d3:
12:83:f9:a8:b0:2d:a6:ee:0b:9c:f1:00:f3:23:8a:
af:bd:60:17:70:e9:f5:9a:8a:99:a6:f2:2a:f1:63:
70:2c:38:6d:bc:cf:a6:c4:a3:9d:63:53:4c:5c:89:
25:4b:8d:0e:28:62:87:fb:94:c7:39:9e:56:b9:ea:
d6:57:7c:8e:e4:ba:4e:e3:53:37:b2:6e:2c:ef:68:
a0:1a:5a:05:7f:20:64:8f:e8:44:18:57:29:d5:30:
6e:93:1a:34:da:9c:70:82:d2:af:38:4e:71:ef:e3:
08:bf:95:b7:ce:ad:f4:fc:b8:ad:43:59:c1:5d:cc:
7b:e4:ff:b7:65:60:7b:e6:6d:b5:c6:ec:8f:e7:fb:
1d:a7:f8:b8:29:17:3d:59:67:32:7d:d7:04:ea:f5:
f6:76:4a:f6:93:fe:c1:57:e9:7b:98:be:fc:62:33:
df:52:54:a8:2c:56:9d:75:a9:01:b2:bd:ed:ce:21:
56:42:70:65:99:15:42:67:49:98:d1:de:80:aa:1f:
ce:7d:05:23:c0:39:7d:d5:e2:73:cb:75:d4:e0:b7:
06:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:53:F7:4D:6F:71:7B:3B:09:47:E5:A5:E0:53:0C:73:78:F1:F4:06
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/620d46e8-bb13-40cd-8918-677590eaf682.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.226.0.0/15
Signature Algorithm: sha256WithRSAEncryption
71:44:68:7f:76:4b:1a:87:65:a3:21:d3:86:fb:d6:9a:a5:de:
c8:c3:64:69:98:2d:80:ee:eb:bd:9e:0c:b7:78:30:1e:f1:f5:
cc:22:18:2b:f6:56:d9:6b:23:7e:4d:cc:7f:55:37:17:81:b5:
b3:2a:02:06:fd:bc:15:b0:2f:f5:19:02:7a:21:94:75:fd:51:
03:e4:21:c3:0c:f5:19:68:9d:b5:4c:fc:bf:a8:48:33:cd:87:
82:68:bc:c2:da:59:da:a2:0c:fa:f2:bb:3a:4c:b5:3b:47:4d:
4a:10:4b:2e:9f:12:0b:94:34:ee:06:9c:6d:2d:0c:11:75:0f:
8e:6f:6d:df:c2:4a:dc:d8:ae:c8:9e:65:8d:86:60:3d:6c:4d:
02:be:ac:b7:78:9d:c8:b9:9b:62:0b:a6:e3:a2:89:bb:c6:d7:
83:6e:e2:ff:a0:ea:e9:3e:3c:fc:f6:99:c8:57:e9:75:96:bb:
3a:3e:c0:0e:0f:75:76:2c:f3:89:34:eb:96:f2:d9:62:9f:9a:
85:5a:e0:7f:0b:3e:50:28:1f:11:d1:aa:e9:aa:c0:1f:66:74:
4c:b5:82:89:6d:7b:5b:90:3c:ce:45:ee:3e:9f:6b:c9:35:e0:
a5:4b:7e:78:22:01:f3:9b:77:eb:40:8a:f5:c7:2d:28:00:ea:
86:15:ef:cc
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUJaQaL2fTSOMaNwVy22vrxrXPCQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNTAwMzRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGNjZmQyN2EzMDQxYjVhZjMxNDU3YjU5ODQzYjlmZGY0OWU0ZDJiZmQ5NmU0
ZTJmZjk0MTRmY2UwNGI2YjdiMDExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANTnfr+8FDbkS0EUGXtn0uBUcsB6+tmDMNSFO6dpSLegTrbTXwfrykYKzWPT
EoP5qLAtpu4LnPEA8yOKr71gF3Dp9ZqKmabyKvFjcCw4bbzPpsSjnWNTTFyJJUuN
Dihih/uUxzmeVrnq1ld8juS6TuNTN7JuLO9ooBpaBX8gZI/oRBhXKdUwbpMaNNqc
cILSrzhOce/jCL+Vt86t9Py4rUNZwV3Me+T/t2Vge+Zttcbsj+f7Haf4uCkXPVln
Mn3XBOr19nZK9pP+wVfpe5i+/GIz31JUqCxWnXWpAbK97c4hVkJwZZkVQmdJmNHe
gKofzn0FI8A5fdXic8t11OC3Bv8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSyU/dN
b3F7OwlH5aXgUwxzePH0BjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjIwZDQ2ZTgtYmIxMy00MGNkLTg5MTgtNjc3NTkwZWFmNjgyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPiMA0G
CSqGSIb3DQEBCwUAA4IBAQBxRGh/dksah2WjIdOG+9aapd7Iw2RpmC2A7uu9ngy3
eDAe8fXMIhgr9lbZayN+Tcx/VTcXgbWzKgIG/bwVsC/1GQJ6IZR1/VED5CHDDPUZ
aJ21TPy/qEgzzYeCaLzC2lnaogz68rs6TLU7R01KEEsunxILlDTuBpxtLQwRdQ+O
b23fwkrc2K7InmWNhmA9bE0Cvqy3eJ3IuZtiC6bjoom7xteDbuL/oOrpPjz89pnI
V+l1lrs6PsAOD3V2LPOJNOuW8tlin5qFWuB/Cz5QKB8R0arpqsAfZnRMtYKJbXtb
kDzORe4+n2vJNeClS354IgHzm3frQIr1xy0oAOqGFe/M
-----END CERTIFICATE-----
Generated at Wed Nov 5 08:44:54 2025 by rpki-client