Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
File: 676cc479-c956-49aa-8372-560fd674c62c.roa (raw, json)
Hash identifier: Efbu04jf+tFETYkbaQy0wcBXE+aVVEYF+nLqPaFhSQU=
Subject key identifier: 13:A7:09:98:05:08:38:24:0E:82:4A:35:21:12:0B:77:C9:8C:65:47
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 51907D091FFDEBD0E13BE3E687AA91590A679087
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
Signing time: Fri 24 Oct 2025 00:40:23 +0000
ROA not before: Fri 24 Oct 2025 00:40:23 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.20.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:90:7d:09:1f:fd:eb:d0:e1:3b:e3:e6:87:aa:91:59:0a:67:90:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 24 00:40:23 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=a93f7fbcc71bd2f02addb1d6181df96a45dbf90446cf8333abae8d610bc10700, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:77:5c:cc:97:54:66:81:89:fa:42:94:9c:15:
0b:31:26:1f:3d:65:b5:6b:db:09:46:b3:65:82:76:
4a:bf:94:6f:1d:00:bf:13:9b:27:d3:1d:18:6b:cf:
e7:7f:3c:8f:92:4b:7f:70:33:0c:78:6b:ae:88:ac:
9e:cc:61:2c:c8:c1:b3:52:2a:fa:db:fa:6b:0a:d7:
15:c9:13:da:f3:24:45:7b:7d:b6:64:f8:e8:81:99:
f4:40:3c:0e:66:91:e2:bc:ee:d7:c0:56:eb:ae:5c:
af:ad:be:ea:cd:e4:87:57:a7:fa:79:1e:f0:9f:69:
54:a5:fe:1d:93:ed:bc:64:4b:ce:1d:2c:c1:12:1b:
69:ce:c5:b9:e2:9f:76:20:93:03:cc:fa:85:0d:f0:
20:6a:37:c6:02:08:45:01:10:31:12:c6:6e:bf:d3:
49:0d:c9:5f:13:64:f2:ef:2a:0c:43:a4:33:f4:c7:
6e:65:f7:16:a7:31:6f:61:6d:2c:3e:28:96:7f:25:
4a:41:0c:15:d7:1e:6d:9d:4f:33:1d:16:bb:38:6e:
82:00:3d:8d:a1:9f:65:00:a8:2c:c8:7f:21:9a:ca:
e1:4a:bf:36:8e:d5:43:12:86:6c:8a:28:a0:c8:03:
1a:a9:cf:99:1b:b8:59:0d:8b:bb:9c:50:c8:8e:61:
f5:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:A7:09:98:05:08:38:24:0E:82:4A:35:21:12:0B:77:C9:8C:65:47
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.20.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8f:24:c1:3f:ef:46:b7:ae:8e:7b:ab:0f:90:28:46:76:fe:c2:
83:1e:1e:b5:b1:a2:a4:0b:df:34:b9:f3:b3:aa:94:de:9e:8c:
d3:b5:c0:de:b9:ec:01:e1:97:0c:0b:d1:a2:ad:cb:6e:14:a0:
ae:a9:7b:c5:47:47:23:b6:4e:a8:be:6f:79:36:5f:09:e9:58:
b7:ea:02:d0:20:76:f2:f9:de:3c:d5:20:57:79:f4:e4:b7:21:
4d:33:7a:81:12:ac:6e:d6:7a:8f:77:1e:83:dc:d5:d3:72:ae:
53:64:48:63:64:21:b5:12:62:20:21:62:88:22:89:0f:69:72:
15:79:f9:6d:74:ab:dc:25:92:25:33:57:39:b2:0a:e0:4b:f8:
0b:dd:1b:44:bc:05:43:1a:87:e6:5c:b4:69:c5:1a:47:40:c8:
8c:3b:73:98:07:d2:89:b0:f5:0f:3d:2a:20:d3:10:3e:bd:d2:
18:02:69:40:0b:3c:01:b2:93:12:7e:fd:e8:d6:1a:29:d2:ab:
b2:d2:c6:70:a8:b2:68:37:e3:be:9d:03:73:72:46:ee:93:a6:
0b:4d:96:92:1d:4e:b6:8d:e1:fd:a4:67:d2:34:b6:5e:8e:15:
5b:09:a3:cc:42:69:d0:69:15:92:97:d9:0f:2a:7a:31:d0:7c:
13:14:23:c7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUZB9CR/969DhO+Pmh6qRWQpnkIcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjQwMDQwMjNaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5M2Y3ZmJjYzcxYmQyZjAyYWRkYjFkNjE4MWRmOTZhNDVkYmY5MDQ0NmNm
ODMzM2FiYWU4ZDYxMGJjMTA3MDAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALR3XMyXVGaBifpClJwVCzEmHz1ltWvbCUazZYJ2Sr+Ubx0AvxObJ9MdGGvP
5388j5JLf3AzDHhrroisnsxhLMjBs1Iq+tv6awrXFckT2vMkRXt9tmT46IGZ9EA8
DmaR4rzu18BW665cr62+6s3kh1en+nke8J9pVKX+HZPtvGRLzh0swRIbac7FueKf
diCTA8z6hQ3wIGo3xgIIRQEQMRLGbr/TSQ3JXxNk8u8qDEOkM/THbmX3Fqcxb2Ft
LD4oln8lSkEMFdcebZ1PMx0WuzhuggA9jaGfZQCoLMh/IZrK4Uq/No7VQxKGbIoo
oMgDGqnPmRu4WQ2Lu5xQyI5h9e0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQTpwmY
BQg4JA6CSjUhEgt3yYxlRzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc2Y2M0NzktYzk1Ni00OWFhLTgzNzItNTYwZmQ2NzRjNjJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMUMA0G
CSqGSIb3DQEBCwUAA4IBAQCPJME/70a3ro57qw+QKEZ2/sKDHh61saKkC980ufOz
qpTenozTtcDeuewB4ZcMC9GirctuFKCuqXvFR0cjtk6ovm95Nl8J6Vi36gLQIHby
+d481SBXefTktyFNM3qBEqxu1nqPdx6D3NXTcq5TZEhjZCG1EmIgIWKIIokPaXIV
efltdKvcJZIlM1c5sgrgS/gL3RtEvAVDGofmXLRpxRpHQMiMO3OYB9KJsPUPPSog
0xA+vdIYAmlACzwBspMSfv3o1hop0quy0sZwqLJoN+O+nQNzckbuk6YLTZaSHU62
jeH9pGfSNLZejhVbCaPMQmnQaRWSl9kPKnox0HwTFCPH
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:39:08 2025 by rpki-client