Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
File: 87cbc454-e777-437d-a43a-911995d2a7ce.roa (raw, json)
Hash identifier: wWh0mN/FndF59xGXQup7nk443hTfX2RWs0Cl54s5x4s=
Subject key identifier: BC:CD:2F:E5:24:0D:F3:FF:4D:95:05:5E:EA:D4:60:8D:20:76:23:72
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 15E34DA5625BDCDAE2A7F471D53EB7E782299913
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
Signing time: Fri 24 Oct 2025 00:40:04 +0000
ROA not before: Fri 24 Oct 2025 00:40:04 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.21.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:e3:4d:a5:62:5b:dc:da:e2:a7:f4:71:d5:3e:b7:e7:82:29:99:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 24 00:40:04 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=b00cd2766225fd98945126cf74a7dab62f0a456a57c75b7c08a18c5cce561c71, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:3d:90:d5:4d:94:0b:72:ab:91:bf:cc:22:96:
9d:b9:41:e2:7f:a4:40:8a:6e:3e:89:5f:3b:a9:61:
58:f5:63:49:30:db:d5:81:3e:5b:c3:de:da:e8:c6:
84:95:2a:ef:70:48:40:2b:ae:3e:60:de:d4:f6:86:
a9:62:af:73:16:b5:e9:75:c3:fe:98:a9:e8:65:0d:
fa:0c:f9:03:40:4b:9d:61:6e:10:27:a7:c0:09:28:
3d:29:93:98:0a:a0:73:f7:a8:7a:8f:34:8c:86:e1:
ad:d1:8f:56:fe:c6:ff:b6:23:15:97:bd:ff:d7:a9:
de:79:9d:94:81:07:b0:90:5a:ae:04:a5:ac:55:92:
77:cb:87:d4:1b:bc:b5:4e:ee:d9:1e:74:4d:f3:b0:
25:7b:0e:5d:70:4f:a6:ab:f1:88:d7:3b:03:47:9b:
d4:1b:a3:ac:12:dd:5f:81:5a:86:06:44:07:d2:be:
c2:0e:4b:ec:a5:82:8a:cd:d2:b5:f7:85:54:1a:9a:
e9:f1:35:23:06:70:b7:da:a8:d9:ae:30:01:83:3a:
1c:04:1c:8e:09:b8:89:38:22:b0:f8:b0:a7:55:d0:
47:77:a5:d7:e0:68:99:99:cf:5c:75:6c:90:36:a7:
4e:d6:4b:df:5a:a0:69:5e:3e:6a:0c:74:8f:4b:8f:
22:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:CD:2F:E5:24:0D:F3:FF:4D:95:05:5E:EA:D4:60:8D:20:76:23:72
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.21.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7f:31:0a:63:f1:46:d9:92:9b:08:31:f2:c2:8c:c6:53:eb:79:
3a:b5:0e:c2:3a:fd:44:25:14:5c:5e:5a:82:79:05:f2:d8:06:
1a:d7:57:c4:3a:1c:25:91:fd:3c:6c:23:f2:ac:c2:54:71:21:
5b:87:ad:21:4e:e0:1e:c9:ce:4e:e6:9f:1b:00:b8:d0:0e:0e:
a5:40:e3:e5:b6:c2:3f:29:ec:b0:9e:15:34:c6:ee:f3:a8:aa:
0f:15:8c:c1:bb:98:20:25:07:37:8b:bb:d5:18:37:fa:74:c5:
7a:07:55:0f:3f:b4:b1:42:92:c2:de:e1:54:41:31:40:4a:07:
a9:fc:11:12:c3:ab:ba:32:68:c1:6d:46:95:b7:8f:e2:db:6d:
f8:f0:fc:9d:3f:0a:a1:c3:81:b2:5d:af:cb:24:eb:01:1b:12:
21:50:d3:76:d9:fa:05:51:24:27:88:a0:ee:fe:45:d0:3b:ec:
fd:de:4c:29:dd:5d:57:74:f3:a0:3f:99:4d:94:3e:fd:01:e6:
3f:cb:40:93:cf:c7:e9:54:39:66:0d:54:72:f4:bd:0c:03:01:
cd:b4:36:7e:c1:b6:20:a6:2e:cd:ce:55:e3:84:33:a8:ad:7e:
1c:9f:34:7c:c8:29:50:7f:c2:cd:57:d9:74:93:ad:5d:11:87:
10:fb:7b:cd
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUFeNNpWJb3Nrip/Rx1T6354IpmRMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjQwMDQwMDRaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQGIwMGNkMjc2NjIyNWZkOTg5NDUxMjZjZjc0YTdkYWI2MmYwYTQ1NmE1N2M3
NWI3YzA4YTE4YzVjY2U1NjFjNzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL89kNVNlAtyq5G/zCKWnblB4n+kQIpuPolfO6lhWPVjSTDb1YE+W8Pe2ujG
hJUq73BIQCuuPmDe1PaGqWKvcxa16XXD/pip6GUN+gz5A0BLnWFuECenwAkoPSmT
mAqgc/eoeo80jIbhrdGPVv7G/7YjFZe9/9ep3nmdlIEHsJBargSlrFWSd8uH1Bu8
tU7u2R50TfOwJXsOXXBPpqvxiNc7A0eb1BujrBLdX4FahgZEB9K+wg5L7KWCis3S
tfeFVBqa6fE1IwZwt9qo2a4wAYM6HAQcjgm4iTgisPiwp1XQR3el1+BomZnPXHVs
kDanTtZL31qgaV4+agx0j0uPIucCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS8zS/l
JA3z/02VBV7q1GCNIHYjcjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODdjYmM0NTQtZTc3Ny00MzdkLWE0M2EtOTExOTk1ZDJhN2NlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMVMA0G
CSqGSIb3DQEBCwUAA4IBAQB/MQpj8UbZkpsIMfLCjMZT63k6tQ7COv1EJRRcXlqC
eQXy2AYa11fEOhwlkf08bCPyrMJUcSFbh60hTuAeyc5O5p8bALjQDg6lQOPltsI/
KeywnhU0xu7zqKoPFYzBu5ggJQc3i7vVGDf6dMV6B1UPP7SxQpLC3uFUQTFASgep
/BESw6u6MmjBbUaVt4/i22348PydPwqhw4GyXa/LJOsBGxIhUNN22foFUSQniKDu
/kXQO+z93kwp3V1XdPOgP5lNlD79AeY/y0CTz8fpVDlmDVRy9L0MAwHNtDZ+wbYg
pi7NzlXjhDOorX4cnzR8yClQf8LNV9l0k61dEYcQ+3vN
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:59:14 2025 by rpki-client