Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
File: 67568c6a-cd1a-4586-a397-580b374dbdb0.roa (raw, json)
Hash identifier: 4HXjQoTVFuxhvDICf3OUVQsY1GBr01vKIMvpOlDcZLI=
Subject key identifier: E6:16:90:D7:B1:F0:AC:99:D6:ED:07:4F:82:EE:74:14:2E:94:74:04
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0F30F9EE36808BDBE09DA5B5F98A8A951D64924E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
Signing time: Tue 21 Oct 2025 14:50:43 +0000
ROA not before: Tue 21 Oct 2025 14:50:43 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.60.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:30:f9:ee:36:80:8b:db:e0:9d:a5:b5:f9:8a:8a:95:1d:64:92:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:43 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=ace212153c846a3300c07829454d308fcf4b4f8a1b8455979c562441a5f170b1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:8a:ff:2f:e2:c0:46:78:79:e2:e2:b7:b4:9d:
7a:8d:32:c8:44:36:48:fb:b9:42:00:d7:01:ab:b9:
90:d5:ad:4a:17:b2:cd:cf:f8:74:56:58:cd:32:37:
ce:f4:ae:27:e2:c5:2c:97:86:d5:fb:8c:1d:be:d6:
ad:f4:63:24:63:a9:fd:8d:6c:96:73:d8:32:17:ba:
26:3e:c8:6d:d0:96:0a:d7:97:6d:5a:ec:2d:c4:25:
9d:f1:6f:6f:3a:20:51:7e:2a:7b:9b:ac:99:b4:a0:
4a:40:eb:fc:18:1b:3c:22:6d:19:c3:82:a6:83:11:
56:f6:64:05:f0:0a:e5:88:fa:ec:2a:5f:76:cc:40:
27:67:15:11:b8:9d:d0:4f:32:ab:a4:22:7e:97:ea:
3b:b8:0a:b2:66:b9:81:54:98:12:f0:7f:cb:5b:65:
28:06:75:64:68:b1:13:c5:b1:db:ff:b7:1d:43:7f:
6f:9f:49:07:39:ba:6b:75:e3:f6:26:69:8a:96:df:
a3:36:dc:79:6d:45:eb:b1:c8:cb:13:9b:fd:15:17:
fe:3c:c3:bd:24:34:66:f4:e6:32:ea:22:40:3c:b1:
00:12:32:cb:8c:95:ff:b6:2b:db:19:06:aa:f8:8d:
bb:9d:67:d0:49:17:6e:6f:66:d8:55:60:49:78:1f:
52:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:16:90:D7:B1:F0:AC:99:D6:ED:07:4F:82:EE:74:14:2E:94:74:04
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.60.0.0/16
Signature Algorithm: sha256WithRSAEncryption
c6:be:41:ff:6d:ec:f7:56:6e:d9:f1:d2:26:39:62:0e:45:1b:
f9:bf:22:3a:aa:64:23:6f:2b:b5:78:41:d1:98:e5:06:3d:7c:
06:c0:94:05:ba:e8:fb:3c:ca:36:21:e9:ea:3a:11:73:dd:73:
41:3f:4b:0a:aa:b7:82:a1:21:72:3e:c5:a8:0a:72:fa:91:a8:
ad:52:1a:19:86:8e:b6:e3:58:a8:fe:e8:3e:a2:49:dd:02:08:
fa:38:70:be:24:4a:be:a4:b9:f2:fc:f9:4d:c3:31:26:ad:e3:
ae:5f:e1:67:7c:2f:19:e9:3f:69:f3:ab:12:fd:8c:b8:cf:c8:
48:48:3d:8e:42:60:d7:3b:4d:db:c0:4d:43:d9:ce:fc:fc:c6:
f8:27:2c:0b:44:b6:6d:60:cd:19:f1:63:cb:44:87:8f:9c:db:
00:f5:30:3d:8e:c2:59:4d:74:ba:8c:e3:e3:f4:cc:37:cd:78:
9f:0a:68:c6:ca:7a:cb:a1:3b:31:f4:e4:e1:f6:f5:6a:aa:87:
29:c0:59:50:7a:bf:d9:e8:5d:b9:2b:53:ae:15:18:8e:ba:27:
18:69:f1:2e:1e:d6:9e:17:05:68:88:16:c6:00:55:45:ed:43:
2a:7a:9e:7e:ab:dd:7d:1d:9d:d6:ca:38:f4:50:83:e0:ac:5f:
10:f9:3f:b9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDzD57jaAi9vgnaW1+YqKlR1kkk4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwNDNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFjZTIxMjE1M2M4NDZhMzMwMGMwNzgyOTQ1NGQzMDhmY2Y0YjRmOGExYjg0
NTU5NzljNTYyNDQxYTVmMTcwYjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPiK/y/iwEZ4eeLit7Sdeo0yyEQ2SPu5QgDXAau5kNWtSheyzc/4dFZYzTI3
zvSuJ+LFLJeG1fuMHb7WrfRjJGOp/Y1slnPYMhe6Jj7IbdCWCteXbVrsLcQlnfFv
bzogUX4qe5usmbSgSkDr/BgbPCJtGcOCpoMRVvZkBfAK5Yj67CpfdsxAJ2cVEbid
0E8yq6QifpfqO7gKsma5gVSYEvB/y1tlKAZ1ZGixE8Wx2/+3HUN/b59JBzm6a3Xj
9iZpipbfozbceW1F67HIyxOb/RUX/jzDvSQ0ZvTmMuoiQDyxABIyy4yV/7Yr2xkG
qviNu51n0EkXbm9m2FVgSXgfUscCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTmFpDX
sfCsmdbtB0+C7nQULpR0BDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc1NjhjNmEtY2QxYS00NTg2LWEzOTctNTgwYjM3NGRiZGIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQDGvkH/bez3Vm7Z8dImOWIORRv5vyI6qmQjbyu1eEHR
mOUGPXwGwJQFuuj7PMo2IenqOhFz3XNBP0sKqreCoSFyPsWoCnL6kaitUhoZho62
41io/ug+okndAgj6OHC+JEq+pLny/PlNwzEmreOuX+FnfC8Z6T9p86sS/Yy4z8hI
SD2OQmDXO03bwE1D2c78/Mb4JywLRLZtYM0Z8WPLRIePnNsA9TA9jsJZTXS6jOPj
9Mw3zXifCmjGynrLoTsx9OTh9vVqqocpwFlQer/Z6F25K1OuFRiOuicYafEuHtae
FwVoiBbGAFVF7UMqep5+q919HZ3Wyjj0UIPgrF8Q+T+5
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:31:37 2025 by rpki-client