Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
File: 63e023f1-83fd-412f-8365-33afe1ac80af.roa (raw, json)
Hash identifier: ighUBZm9jI6WevLVBqDIXwSmUX3ix8MBH3Cgjm+WpDE=
Subject key identifier: ED:28:14:1E:02:B9:8A:CC:4F:AF:B3:A7:0D:DE:CE:6D:1E:87:8C:E1
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 473B1C1108D20B8AA45347AD0EA2944075366652
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
Signing time: Tue 21 Oct 2025 14:50:03 +0000
ROA not before: Tue 21 Oct 2025 14:50:03 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.160.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:3b:1c:11:08:d2:0b:8a:a4:53:47:ad:0e:a2:94:40:75:36:66:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:03 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=23c1d2dc1298becac7e9cc1a8a919525db9215fa0224145632e8fe2d2d03269f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:5c:64:5c:b7:95:28:18:31:3a:78:d4:40:4a:
83:6b:4d:92:15:f4:9d:d6:29:ec:0c:19:84:d7:20:
fb:31:cb:78:2b:ae:4e:2e:b0:74:28:58:ba:b1:e5:
e8:c5:f5:2c:bf:60:a5:38:c7:ee:a4:b5:c3:33:2d:
ed:97:74:df:89:ae:22:e4:7f:7c:43:22:29:e6:95:
24:86:ec:a7:3f:cd:b2:f8:4a:f9:54:eb:6c:66:ec:
b8:76:ef:47:43:f7:ec:62:99:98:eb:18:8f:84:1d:
84:b9:0f:17:0f:26:72:70:3c:31:4d:ee:e6:b4:89:
71:d2:5e:85:98:70:04:5d:8d:ce:19:87:3c:b3:c0:
3f:d5:68:af:8e:94:73:14:5e:2e:c9:42:0c:b7:7e:
61:0d:3c:4a:2a:a8:69:7f:47:eb:fa:24:ec:03:0e:
b6:95:de:12:f8:07:61:b0:01:8d:52:c4:32:d9:82:
a0:fe:ae:3b:6e:27:aa:b1:78:e9:5f:61:21:76:93:
6e:25:8e:2a:7c:0e:a4:2f:44:76:b4:15:8e:e8:7c:
bc:0d:6c:77:5f:5c:76:e5:b4:44:4f:55:80:3f:d9:
4f:fe:58:a9:31:3d:95:3a:81:f6:03:6e:df:42:81:
c5:cf:8c:85:02:c2:18:fc:56:da:ad:01:7b:8b:b4:
a6:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:28:14:1E:02:B9:8A:CC:4F:AF:B3:A7:0D:DE:CE:6D:1E:87:8C:E1
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.160.0.0/16
Signature Algorithm: sha256WithRSAEncryption
84:49:5d:f5:88:0e:b5:8f:d5:89:67:d4:34:b3:9a:80:2f:c5:
fe:e0:37:db:2d:8c:f2:05:f7:95:ed:27:6a:97:5d:20:12:c4:
8e:59:74:2d:2b:1a:35:2e:b8:50:5e:0d:03:df:6c:7d:4c:97:
35:21:8e:5e:cf:4f:b9:9a:01:45:5f:6c:9d:b9:ec:82:92:23:
9e:58:7f:52:83:09:b7:62:28:76:10:fb:7f:5a:0f:82:78:0c:
14:2d:c7:f9:89:c8:44:ae:21:dc:d9:35:56:a3:38:d1:6d:3a:
30:f3:d0:64:90:61:9a:42:40:fd:14:cb:97:da:dd:e0:1b:fa:
47:d7:40:bd:33:34:12:4a:77:2c:25:ae:fd:db:f5:54:39:b4:
60:58:e9:bd:7a:b2:56:4d:50:a2:05:2c:b1:d1:a8:cf:75:22:
bd:27:86:b0:91:63:65:2f:c1:8b:76:62:1c:81:c7:55:4c:e1:
ad:d3:30:b3:38:34:4e:61:dc:a0:75:13:92:1e:14:23:e6:64:
57:59:76:e8:64:83:a9:7a:cd:a3:6e:dd:5c:0d:2a:b9:a1:c5:
ee:d4:e9:9f:99:b2:58:40:9c:19:73:16:a6:80:9e:f6:f4:39:
5a:5b:1c:5b:64:f7:7f:61:33:10:bb:a9:d1:bf:c8:ab:3f:48:
d7:42:d0:e8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIURzscEQjSC4qkU0etDqKUQHU2ZlIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMDNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDIzYzFkMmRjMTI5OGJlY2FjN2U5Y2MxYThhOTE5NTI1ZGI5MjE1ZmEwMjI0
MTQ1NjMyZThmZTJkMmQwMzI2OWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZcZFy3lSgYMTp41EBKg2tNkhX0ndYp7AwZhNcg+zHLeCuuTi6wdChYurHl
6MX1LL9gpTjH7qS1wzMt7Zd034muIuR/fEMiKeaVJIbspz/NsvhK+VTrbGbsuHbv
R0P37GKZmOsYj4QdhLkPFw8mcnA8MU3u5rSJcdJehZhwBF2NzhmHPLPAP9Vor46U
cxReLslCDLd+YQ08SiqoaX9H6/ok7AMOtpXeEvgHYbABjVLEMtmCoP6uO24nqrF4
6V9hIXaTbiWOKnwOpC9EdrQVjuh8vA1sd19cduW0RE9VgD/ZT/5YqTE9lTqB9gNu
30KBxc+MhQLCGPxW2q0Be4u0pmcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTtKBQe
ArmKzE+vs6cN3s5tHoeM4TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjNlMDIzZjEtODNmZC00MTJmLTgzNjUtMzNhZmUxYWM4MGFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOgMA0G
CSqGSIb3DQEBCwUAA4IBAQCESV31iA61j9WJZ9Q0s5qAL8X+4DfbLYzyBfeV7Sdq
l10gEsSOWXQtKxo1LrhQXg0D32x9TJc1IY5ez0+5mgFFX2ydueyCkiOeWH9Sgwm3
Yih2EPt/Wg+CeAwULcf5ichEriHc2TVWozjRbTow89BkkGGaQkD9FMuX2t3gG/pH
10C9MzQSSncsJa792/VUObRgWOm9erJWTVCiBSyx0ajPdSK9J4awkWNlL8GLdmIc
gcdVTOGt0zCzODROYdygdROSHhQj5mRXWXboZIOpes2jbt1cDSq5ocXu1OmfmbJY
QJwZcxamgJ729DlaWxxbZPd/YTMQu6nRv8irP0jXQtDo
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:39:00 2025 by rpki-client