Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/85620864-b6e3-4aeb-8798-74669cc5226c.roa
File: 85620864-b6e3-4aeb-8798-74669cc5226c.roa (raw, json)
Hash identifier: DVlvFxRjN7BdaLIKU3YRgzPQxveKMQUaQnN8RnOKzEo=
Subject key identifier: CA:C5:F8:D0:61:65:99:5D:91:D0:49:3E:63:26:D0:DF:45:70:D3:7A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 728BACD8857E1D0EB483E708A24ACAD50CD12F29
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/85620864-b6e3-4aeb-8798-74669cc5226c.roa
Signing time: Tue 21 Oct 2025 14:50:06 +0000
ROA not before: Tue 21 Oct 2025 14:50:06 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.202.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:8b:ac:d8:85:7e:1d:0e:b4:83:e7:08:a2:4a:ca:d5:0c:d1:2f:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:06 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=de418b14968df8fff1a6df47ae4282308c2d65c07141b4dec3300ff03ec8f01c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:ee:a0:65:79:c2:63:ad:23:4b:5f:38:c0:ae:
30:69:94:43:d7:27:b9:55:8f:db:57:88:e3:40:c8:
34:c8:8c:00:86:c3:36:8e:38:e8:9b:29:41:ad:67:
07:1b:18:78:fd:15:e9:9a:98:6b:7d:9b:c2:7f:04:
14:be:6a:08:99:4f:42:bb:78:b5:30:a1:2f:6d:a6:
34:c7:3a:86:21:14:07:35:f3:72:e3:9d:05:53:59:
e4:02:f0:34:3e:e9:d6:de:33:f1:de:32:f4:0f:e2:
e6:8d:35:54:98:c4:d6:d4:69:bb:c5:2a:51:ff:9e:
af:5e:91:26:ea:23:fc:55:c9:46:99:d4:bd:34:a9:
8f:3a:3f:42:1c:3c:a2:85:15:81:89:36:f2:e5:ab:
13:26:92:fa:0f:bf:9a:a2:8d:eb:b3:56:d3:35:8b:
8d:e1:f6:b0:1e:4a:6d:a7:7c:24:d7:79:63:52:12:
5f:04:39:ed:a4:d8:f0:2d:bf:e9:d7:6a:ac:83:bd:
6b:e8:32:0f:52:b2:52:5b:cd:52:5f:05:59:11:f3:
c6:8f:53:fd:21:e6:05:cd:c6:e0:6e:97:9f:47:23:
d0:08:bd:7d:4c:c9:d1:ce:4f:b7:5b:0f:f4:af:96:
88:ff:c7:c8:95:ab:96:33:60:58:c0:eb:65:10:fb:
a3:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:C5:F8:D0:61:65:99:5D:91:D0:49:3E:63:26:D0:DF:45:70:D3:7A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/85620864-b6e3-4aeb-8798-74669cc5226c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.202.0.0/15
Signature Algorithm: sha256WithRSAEncryption
d3:78:8f:c4:58:86:00:cc:79:72:cf:e4:ed:ac:cd:1f:87:b3:
84:58:32:b2:e7:84:bd:1e:ec:e8:b5:9e:83:3d:b9:7b:b9:26:
a0:ac:79:bc:79:6e:a4:25:07:4b:22:b4:8c:54:7b:ea:02:c1:
45:45:16:b1:32:38:2b:02:65:99:a7:92:27:be:99:0d:e4:cc:
86:69:b4:cd:f4:b4:9a:22:22:61:8d:74:30:46:09:5b:32:96:
aa:18:11:2c:4e:d3:04:02:e4:b7:1e:de:64:ed:67:92:bb:bb:
cb:47:c3:f1:ce:5d:fe:bf:e3:a7:5e:03:73:e9:db:1c:df:00:
d6:7f:53:af:4c:f7:cd:f4:81:8b:52:41:c2:5c:72:aa:81:83:
93:7f:00:52:d9:18:4b:94:b6:69:c8:5a:4d:2e:28:2e:03:8d:
bd:6b:b6:f8:62:9e:72:cb:ac:f1:d2:c4:86:d0:4d:84:eb:67:
27:48:65:e6:bb:09:7b:51:af:a9:d0:fd:f3:d7:11:8f:8c:80:
ec:86:57:7b:8c:55:16:6c:11:90:78:52:e6:47:ea:86:63:6f:
74:ee:09:49:4d:d3:84:c8:d1:c2:60:4c:df:08:45:53:03:b1:
45:12:b4:e0:fb:4f:a4:9a:36:74:83:d0:70:5a:86:f9:a5:2d:
59:c9:ee:b5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUcous2IV+HQ60g+cIokrK1QzRLykwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMDZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGRlNDE4YjE0OTY4ZGY4ZmZmMWE2ZGY0N2FlNDI4MjMwOGMyZDY1YzA3MTQx
YjRkZWMzMzAwZmYwM2VjOGYwMWMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALHuoGV5wmOtI0tfOMCuMGmUQ9cnuVWP21eI40DINMiMAIbDNo446JspQa1n
BxsYeP0V6ZqYa32bwn8EFL5qCJlPQrt4tTChL22mNMc6hiEUBzXzcuOdBVNZ5ALw
ND7p1t4z8d4y9A/i5o01VJjE1tRpu8UqUf+er16RJuoj/FXJRpnUvTSpjzo/Qhw8
ooUVgYk28uWrEyaS+g+/mqKN67NW0zWLjeH2sB5Kbad8JNd5Y1ISXwQ57aTY8C2/
6ddqrIO9a+gyD1KyUlvNUl8FWRHzxo9T/SHmBc3G4G6Xn0cj0Ai9fUzJ0c5Pt1sP
9K+WiP/HyJWrljNgWMDrZRD7o7kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTKxfjQ
YWWZXZHQST5jJtDfRXDTejAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODU2MjA4NjQtYjZlMy00YWViLTg3OTgtNzQ2NjljYzUyMjZjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPKMA0G
CSqGSIb3DQEBCwUAA4IBAQDTeI/EWIYAzHlyz+TtrM0fh7OEWDKy54S9HuzotZ6D
Pbl7uSagrHm8eW6kJQdLIrSMVHvqAsFFRRaxMjgrAmWZp5InvpkN5MyGabTN9LSa
IiJhjXQwRglbMpaqGBEsTtMEAuS3Ht5k7WeSu7vLR8Pxzl3+v+OnXgNz6dsc3wDW
f1OvTPfN9IGLUkHCXHKqgYOTfwBS2RhLlLZpyFpNLiguA429a7b4Yp5yy6zx0sSG
0E2E62cnSGXmuwl7Ua+p0P3z1xGPjIDshld7jFUWbBGQeFLmR+qGY2907glJTdOE
yNHCYEzfCEVTA7FFErTg+0+kmjZ0g9BwWob5pS1Zye61
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:28:45 2025 by rpki-client