Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/709c8cf6-9d5d-47d6-8b70-40eff8390658.roa
File: 709c8cf6-9d5d-47d6-8b70-40eff8390658.roa (raw, json)
Hash identifier: tNUYqDqOtKaniFtLfP3tjHVdslaG622YORoK8vQH0Eo=
Subject key identifier: 6D:98:C0:B7:0D:8D:71:12:1E:A6:71:36:3B:48:27:84:18:39:EC:6F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1F90561C42A186BAD975D203E4D096F195CEFBB5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/709c8cf6-9d5d-47d6-8b70-40eff8390658.roa
Signing time: Tue 21 Oct 2025 14:40:35 +0000
ROA not before: Tue 21 Oct 2025 14:40:35 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.220.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1f:90:56:1c:42:a1:86:ba:d9:75:d2:03:e4:d0:96:f1:95:ce:fb:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:35 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=92edc0890b3267c1313520a56e2d32541c3bf9276d0124ac618f628d94139ab4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:53:62:72:ef:14:de:3d:1f:16:98:18:27:64:
8e:ec:f7:c5:89:a5:39:de:98:b7:80:d3:15:7e:e5:
4c:b6:63:34:e5:bf:da:79:78:dd:3f:26:8e:76:66:
90:2b:82:69:e6:48:68:53:69:35:2e:85:c9:00:30:
9e:2d:27:be:a2:55:40:c7:bb:07:c6:4d:ec:ce:32:
6b:93:4d:8d:88:9b:f8:e6:65:34:0f:2d:08:12:72:
67:ee:93:8d:47:01:b1:33:c5:8a:f5:a2:28:9e:57:
10:fb:26:ca:c9:17:24:ac:fb:cc:d1:c1:5c:41:cd:
5d:20:37:c1:b8:f3:eb:82:52:d3:81:df:ac:c0:dc:
0b:a7:fe:ff:77:ae:5e:9f:c6:70:1e:9d:37:58:0a:
98:9f:d6:9e:b4:a9:92:91:d1:f1:20:6d:0f:d6:dc:
1f:68:81:53:73:d5:fd:20:4e:38:c0:8d:26:23:98:
2d:d3:a6:b8:f3:2e:f2:55:0f:a6:b0:12:28:99:d9:
9c:cf:97:43:16:b6:18:91:62:c7:f5:b9:a6:bf:d2:
31:2d:bd:50:5a:43:20:e0:59:b7:0c:ab:0d:7c:67:
c9:32:1c:c8:0d:9e:d1:62:68:cf:f5:b1:8b:28:8e:
8f:73:e2:d7:72:21:d3:e0:b7:c9:24:eb:34:85:0c:
c6:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:98:C0:B7:0D:8D:71:12:1E:A6:71:36:3B:48:27:84:18:39:EC:6F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/709c8cf6-9d5d-47d6-8b70-40eff8390658.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.220.0.0/15
Signature Algorithm: sha256WithRSAEncryption
7f:f0:98:ec:71:7f:11:38:d1:45:3c:81:2b:5a:f8:c4:a1:51:
27:90:f8:13:e4:2d:0d:e5:bd:cf:bb:12:54:7d:f7:dc:24:22:
e7:b8:9c:8e:d7:39:2c:b3:9d:e8:18:2a:2b:c3:d7:45:2d:f2:
52:69:69:69:2e:e2:38:c2:7d:cd:f6:58:0a:2b:ad:e3:11:d1:
1d:ce:ec:91:f3:9b:49:53:61:ad:2b:c1:92:4f:d6:66:3a:1c:
1f:d8:b4:1b:33:e1:13:89:5d:9d:54:bd:f4:8a:14:55:42:f9:
a3:a1:fa:99:4b:a1:5a:9a:80:29:47:c6:06:18:fd:2c:c8:20:
ae:2a:42:f1:9c:6e:e3:93:fe:75:cd:a5:68:bb:72:33:e4:b8:
88:d3:72:00:99:1d:30:ec:03:f4:ff:d7:bd:fc:d2:e2:64:5c:
07:b1:14:0c:54:12:32:19:f0:9e:6d:66:d5:9b:52:96:38:19:
ca:44:3d:5f:41:4f:f3:71:13:3d:40:8b:a8:2f:9e:46:f6:67:
3e:08:24:a5:70:8e:e0:1d:e3:ad:b7:9f:53:cd:f6:d7:58:70:
23:c4:73:5e:8a:04:f8:85:e0:d8:c8:30:db:44:8c:c9:f0:0b:
7c:5c:30:b4:e0:99:ee:da:db:ab:65:4d:a9:64:88:2d:13:85:
6e:2b:7a:e4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUH5BWHEKhhrrZddID5NCW8ZXO+7UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMzVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDkyZWRjMDg5MGIzMjY3YzEzMTM1MjBhNTZlMmQzMjU0MWMzYmY5Mjc2ZDAx
MjRhYzYxOGY2MjhkOTQxMzlhYjQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKVTYnLvFN49HxaYGCdkjuz3xYmlOd6Yt4DTFX7lTLZjNOW/2nl43T8mjnZm
kCuCaeZIaFNpNS6FyQAwni0nvqJVQMe7B8ZN7M4ya5NNjYib+OZlNA8tCBJyZ+6T
jUcBsTPFivWiKJ5XEPsmyskXJKz7zNHBXEHNXSA3wbjz64JS04HfrMDcC6f+/3eu
Xp/GcB6dN1gKmJ/WnrSpkpHR8SBtD9bcH2iBU3PV/SBOOMCNJiOYLdOmuPMu8lUP
prASKJnZnM+XQxa2GJFix/W5pr/SMS29UFpDIOBZtwyrDXxnyTIcyA2e0WJoz/Wx
iyiOj3Pi13Ih0+C3ySTrNIUMxgUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRtmMC3
DY1xEh6mcTY7SCeEGDnsbzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzA5YzhjZjYtOWQ1ZC00N2Q2LThiNzAtNDBlZmY4MzkwNjU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPcMA0G
CSqGSIb3DQEBCwUAA4IBAQB/8JjscX8RONFFPIErWvjEoVEnkPgT5C0N5b3PuxJU
fffcJCLnuJyO1zkss53oGCorw9dFLfJSaWlpLuI4wn3N9lgKK63jEdEdzuyR85tJ
U2GtK8GST9ZmOhwf2LQbM+ETiV2dVL30ihRVQvmjofqZS6FamoApR8YGGP0syCCu
KkLxnG7jk/51zaVou3Iz5LiI03IAmR0w7AP0/9e9/NLiZFwHsRQMVBIyGfCebWbV
m1KWOBnKRD1fQU/zcRM9QIuoL55G9mc+CCSlcI7gHeOtt59TzfbXWHAjxHNeigT4
heDYyDDbRIzJ8At8XDC04Jnu2turZU2pZIgtE4VuK3rk
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:30:57 2025 by rpki-client