Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
File: 795bae65-e494-4497-8c64-6c78c5a4b388.roa (raw, json)
Hash identifier: 3fU1RGACVlsd/fToTLHIfpYpKCMvXcrzlXOWc244Qvw=
Subject key identifier: B2:B8:C9:FE:CC:3A:79:44:43:A0:B3:18:A3:33:AF:23:07:1F:D4:43
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 765318FCF61BBF3AE29B625013EB9ABC33FC18B3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
Signing time: Wed 22 Oct 2025 00:50:14 +0000
ROA not before: Wed 22 Oct 2025 00:50:14 +0000
ROA not after: Wed 26 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.104.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:53:18:fc:f6:1b:bf:3a:e2:9b:62:50:13:eb:9a:bc:33:fc:18:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 22 00:50:14 2025 GMT
Not After : Nov 26 23:59:59 2025 GMT
Subject: serialNumber=2b3f23019ffb44db64c09abc26d8ad33a4496b3720996ae910b6fc6c7a959975, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:69:5d:69:f7:50:4a:64:79:ac:aa:49:38:d8:
1e:1d:37:47:2c:7f:1b:c6:02:80:87:75:1c:ae:42:
58:4f:45:a8:8e:00:f8:4a:44:28:18:b2:18:3c:a8:
03:ef:9b:2d:d0:15:14:6d:03:46:c2:e2:8f:da:8a:
de:a7:42:9d:45:ad:78:fd:67:86:af:99:1a:5f:0e:
34:a0:a9:6e:66:33:57:85:be:fb:64:e5:cd:ce:6d:
67:ea:28:ec:f0:5a:68:14:02:1c:5c:a3:dd:1c:c7:
13:ff:d0:71:07:0c:19:e7:64:59:8e:3a:3d:73:1e:
9e:62:a7:85:5d:8a:e4:8f:35:51:fa:92:38:36:9e:
90:1b:49:24:6b:58:99:32:75:68:fa:9a:80:6a:ac:
2f:80:4b:88:cb:f9:f2:5d:bc:c3:96:1c:cb:ba:c8:
13:66:69:06:40:7c:12:9b:44:8f:29:65:6e:ba:91:
48:d7:f8:d2:65:99:7f:bc:3a:d9:4a:a6:34:8e:92:
de:4e:27:5b:67:37:d8:c5:d9:98:0d:3a:e0:5e:a9:
c7:fc:54:4e:e9:2c:7d:4e:29:33:9b:f2:6a:a7:c0:
5a:08:1d:8c:eb:b3:34:09:5d:97:20:e4:49:a3:95:
5b:4b:52:58:c1:3f:03:84:d0:0a:e7:cd:b4:7b:ba:
94:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:B8:C9:FE:CC:3A:79:44:43:A0:B3:18:A3:33:AF:23:07:1F:D4:43
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.104.0/21
Signature Algorithm: sha256WithRSAEncryption
0a:fa:c0:65:c0:32:27:a3:06:e0:d6:3e:9a:46:47:9a:2f:ef:
28:fd:75:31:5d:8e:80:e4:25:75:a4:ab:f3:b9:c1:1d:ea:26:
89:1f:9e:e6:7b:42:45:27:a7:ec:9f:19:ac:10:4f:a9:15:12:
09:e6:5b:3c:b2:15:2a:a2:2e:aa:e2:30:34:d0:8a:57:07:0a:
3b:75:54:88:5f:6f:0d:b8:7d:72:50:7f:7e:0e:b3:5b:50:10:
f0:2a:cf:74:de:0c:f2:e3:a7:a7:13:89:79:f9:68:e5:8b:e9:
0e:b3:00:32:be:44:2b:2e:1a:ea:7f:e9:ef:5b:0b:b7:cd:59:
ef:e9:e7:f5:4c:29:6b:b1:b7:41:37:d3:eb:72:a4:9b:f7:f9:
ed:24:1d:3f:4c:cc:56:17:54:4a:90:66:ed:36:01:ce:36:59:
c3:d3:66:fc:2c:22:d1:0f:a5:56:29:33:e1:da:b8:32:96:e9:
15:c1:87:d4:21:0d:0a:94:6a:e6:44:fa:31:14:64:92:3b:bb:
01:b3:95:2f:7c:2a:25:bd:7a:be:d4:a1:5d:1e:31:e6:22:b6:
79:69:e2:f5:e6:94:be:a4:b5:0d:b4:b4:a7:3b:1e:fd:5f:f4:
60:b8:0e:5f:49:d7:f8:7c:ff:9c:15:98:1f:d5:6b:dc:c6:3a:
e0:9e:7c:f2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUdlMY/PYbvzrim2JQE+uavDP8GLMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjIwMDUwMTRaFw0yNTExMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQDJiM2YyMzAxOWZmYjQ0ZGI2NGMwOWFiYzI2ZDhhZDMzYTQ0OTZiMzcyMDk5
NmFlOTEwYjZmYzZjN2E5NTk5NzUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMBpXWn3UEpkeayqSTjYHh03Ryx/G8YCgId1HK5CWE9FqI4A+EpEKBiyGDyo
A++bLdAVFG0DRsLij9qK3qdCnUWteP1nhq+ZGl8ONKCpbmYzV4W++2Tlzc5tZ+oo
7PBaaBQCHFyj3RzHE//QcQcMGedkWY46PXMenmKnhV2K5I81UfqSODaekBtJJGtY
mTJ1aPqagGqsL4BLiMv58l28w5Ycy7rIE2ZpBkB8EptEjyllbrqRSNf40mWZf7w6
2UqmNI6S3k4nW2c32MXZmA064F6px/xUTuksfU4pM5vyaqfAWggdjOuzNAldlyDk
SaOVW0tSWME/A4TQCufNtHu6lDUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSyuMn+
zDp5REOgsxijM68jBx/UQzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Nzk1YmFlNjUtZTQ5NC00NDk3LThjNjQtNmM3OGM1YTRiMzg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAaDAN
BgkqhkiG9w0BAQsFAAOCAQEACvrAZcAyJ6MG4NY+mkZHmi/vKP11MV2OgOQldaSr
87nBHeomiR+e5ntCRSen7J8ZrBBPqRUSCeZbPLIVKqIuquIwNNCKVwcKO3VUiF9v
Dbh9clB/fg6zW1AQ8CrPdN4M8uOnpxOJeflo5YvpDrMAMr5EKy4a6n/p71sLt81Z
7+nn9Uwpa7G3QTfT63Kkm/f57SQdP0zMVhdUSpBm7TYBzjZZw9Nm/Cwi0Q+lVikz
4dq4MpbpFcGH1CENCpRq5kT6MRRkkju7AbOVL3wqJb16vtShXR4x5iK2eWni9eaU
vqS1DbS0pzse/V/0YLgOX0nX+Hz/nBWYH9Vr3MY64J588g==
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:32:27 2025 by rpki-client