Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
File: 7b957dae-110a-40bf-9710-191cf24c9e94.roa (raw, json)
Hash identifier: ClWQyGBjdU3uxr1XWQPrGmfscyxJB+m44++mTDZMpX4=
Subject key identifier: 10:1E:66:76:10:98:E9:02:66:BB:84:AB:5D:FC:BA:08:F6:5B:76:E1
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2340CEF0C67DA8CBDE3E5BB1C496FE22DB2CD615
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
Signing time: Wed 22 Oct 2025 00:50:15 +0000
ROA not before: Wed 22 Oct 2025 00:50:15 +0000
ROA not after: Wed 26 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.96.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:40:ce:f0:c6:7d:a8:cb:de:3e:5b:b1:c4:96:fe:22:db:2c:d6:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 22 00:50:15 2025 GMT
Not After : Nov 26 23:59:59 2025 GMT
Subject: serialNumber=dbcc6d46ca33fe160b789925471834159f1e11c71a5616c5e4e241d6c78f7f23, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:49:45:10:9d:02:00:53:88:d1:0c:19:74:7e:
1a:2a:d2:d2:54:69:c6:63:de:f0:ee:95:b3:e3:0c:
52:28:f9:0c:a9:2d:5a:0c:d5:1b:9e:9e:e4:38:a8:
96:d9:f1:5f:7c:26:20:7a:24:2e:d0:51:8b:6c:c7:
ff:02:54:ae:2c:78:df:f3:f0:ba:c8:c9:b7:24:ac:
c7:ed:91:ea:31:f6:84:fb:34:f5:d5:23:2d:80:43:
db:3b:44:be:72:f6:02:bb:60:e2:5d:0d:68:46:9b:
fc:2a:5f:b0:e3:09:36:7f:20:d9:d0:a6:3e:47:ef:
58:e4:d7:a2:b9:2a:f5:10:d2:21:72:e0:bb:3b:3d:
8e:47:01:e8:24:34:92:59:1d:b3:cc:88:60:87:4a:
03:f3:6c:f2:84:c1:c1:06:a8:3c:e5:a0:d1:b9:11:
77:dd:6a:84:18:53:ef:56:c1:ee:3e:3e:9e:65:34:
ec:f7:30:b7:81:78:54:16:ee:4e:5c:c3:e0:e2:f4:
0d:7e:7c:8f:ca:91:49:ee:35:b4:83:69:c1:51:33:
7e:1c:ee:9a:0f:a7:18:0f:72:7d:85:8d:a9:95:54:
f0:2f:14:79:09:b6:06:9a:c5:56:92:6b:b5:ec:3a:
1e:36:59:ed:d9:e6:38:9c:3e:9e:0d:2e:03:b2:de:
9d:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:1E:66:76:10:98:E9:02:66:BB:84:AB:5D:FC:BA:08:F6:5B:76:E1
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.96.0/21
Signature Algorithm: sha256WithRSAEncryption
cf:fe:99:2e:6d:8c:2f:24:87:93:1a:8f:8a:ad:95:86:ae:0d:
20:7d:d0:32:64:f7:70:97:23:44:2a:82:34:69:35:d0:d9:53:
0f:ad:ad:67:43:4a:e7:20:5b:61:f7:f8:a9:ec:44:bd:3a:c0:
0a:fc:81:c7:7e:e4:83:fc:29:32:df:3f:23:e5:ca:85:97:b5:
3f:09:0b:75:1e:1f:a7:e3:fd:5b:bb:6a:28:63:60:86:aa:85:
e9:6e:9e:25:22:43:2c:a7:a2:79:46:17:c1:5e:e2:2b:fc:1b:
47:b9:d5:52:a2:98:a9:30:da:be:69:f2:15:91:09:71:88:06:
b9:a6:08:15:7d:dc:4c:73:74:d2:56:27:20:e2:dc:22:ad:69:
17:0e:df:3d:f6:53:12:bb:4b:85:00:55:40:fe:43:fe:aa:68:
d2:4c:23:b3:4d:45:e0:0b:86:73:e0:f3:58:1e:a7:05:50:14:
f0:73:55:c1:13:bb:58:e7:8a:f2:ec:6f:1c:f5:23:b2:4a:aa:
be:61:fd:e7:8e:a0:35:8a:bf:a4:0c:5d:6c:d5:9e:e3:7f:cf:
d9:38:46:13:f5:cd:ca:8e:ea:e0:71:9f:81:32:07:79:47:23:
32:53:8e:4d:99:f7:86:93:b8:b9:7b:d2:d0:ca:1e:aa:ef:22:
8a:cc:16:2c
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUI0DO8MZ9qMvePluxxJb+Itss1hUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjIwMDUwMTVaFw0yNTExMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiY2M2ZDQ2Y2EzM2ZlMTYwYjc4OTkyNTQ3MTgzNDE1OWYxZTExYzcxYTU2
MTZjNWU0ZTI0MWQ2Yzc4ZjdmMjMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANxJRRCdAgBTiNEMGXR+GirS0lRpxmPe8O6Vs+MMUij5DKktWgzVG56e5Dio
ltnxX3wmIHokLtBRi2zH/wJUrix43/PwusjJtySsx+2R6jH2hPs09dUjLYBD2ztE
vnL2Artg4l0NaEab/CpfsOMJNn8g2dCmPkfvWOTXorkq9RDSIXLguzs9jkcB6CQ0
klkds8yIYIdKA/Ns8oTBwQaoPOWg0bkRd91qhBhT71bB7j4+nmU07Pcwt4F4VBbu
TlzD4OL0DX58j8qRSe41tINpwVEzfhzumg+nGA9yfYWNqZVU8C8UeQm2BprFVpJr
tew6HjZZ7dnmOJw+ng0uA7Lenb0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQQHmZ2
EJjpAma7hKtd/LoI9lt24TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2I5NTdkYWUtMTEwYS00MGJmLTk3MTAtMTkxY2YyNGM5ZTk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAYDAN
BgkqhkiG9w0BAQsFAAOCAQEAz/6ZLm2MLySHkxqPiq2Vhq4NIH3QMmT3cJcjRCqC
NGk10NlTD62tZ0NK5yBbYff4qexEvTrACvyBx37kg/wpMt8/I+XKhZe1PwkLdR4f
p+P9W7tqKGNghqqF6W6eJSJDLKeieUYXwV7iK/wbR7nVUqKYqTDavmnyFZEJcYgG
uaYIFX3cTHN00lYnIOLcIq1pFw7fPfZTErtLhQBVQP5D/qpo0kwjs01F4AuGc+Dz
WB6nBVAU8HNVwRO7WOeK8uxvHPUjskqqvmH9546gNYq/pAxdbNWe43/P2ThGE/XN
yo7q4HGfgTIHeUcjMlOOTZn3hpO4uXvS0Moequ8iiswWLA==
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:58:56 2025 by rpki-client