Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
File: 94c2a36e-245b-439a-bf61-04132c5df5a4.roa (raw, json)
Hash identifier: anDJQ7gn51lTEkExJRqkaKFw6UNChNnEd7Og1mC7urk=
Subject key identifier: 13:B8:97:2C:06:15:E0:4C:1B:37:B5:3E:F6:98:08:FC:C9:BA:F9:24
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 499091352E31EAAE0BC24623FE156AAF2D134CBB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
Signing time: Tue 21 Oct 2025 14:40:36 +0000
ROA not before: Tue 21 Oct 2025 14:40:36 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.35.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
49:90:91:35:2e:31:ea:ae:0b:c2:46:23:fe:15:6a:af:2d:13:4c:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:36 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=f7ec3af45a73ac2762c85154dd087bd9186d9edd7c6626bbb3cd5e17ab4fc941, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:ee:22:21:ed:c0:5f:a8:56:86:87:84:9e:f3:
be:5d:4b:76:a0:d3:5c:1a:9c:e9:dc:7b:d5:fa:79:
44:43:be:23:70:4f:fd:59:e8:68:14:ed:f4:e4:ff:
ba:40:44:57:b8:dd:de:35:47:7a:f5:5e:12:0f:59:
0b:82:f2:a0:4c:48:88:0b:7d:e8:a0:27:86:06:13:
56:16:5a:61:2a:72:0f:fa:1e:28:7d:2d:a1:03:82:
8a:8d:89:3f:dc:6d:82:bb:d2:fc:b3:de:94:78:5a:
15:e5:14:07:fb:6d:07:74:69:3f:04:ec:53:39:7e:
50:44:02:d1:03:82:8f:d3:52:cb:68:58:d2:23:f0:
80:7b:e6:cd:5c:e6:55:d1:4c:9d:64:1a:91:64:62:
58:b0:de:0d:1b:5c:1d:a5:41:86:44:22:b2:7a:08:
c0:2c:12:57:0c:cd:04:50:95:0a:e5:89:b3:4d:7b:
c3:d8:93:4d:4d:b0:1b:d6:fc:73:01:2a:09:7c:16:
bf:fc:f8:f8:9d:09:3f:70:82:6a:f1:10:5e:72:07:
19:d4:14:50:38:33:5e:c6:99:aa:09:8c:60:0f:30:
12:59:f7:2d:ae:0c:74:3d:e5:a3:81:ee:41:e2:8f:
2f:14:b6:e9:27:cf:9d:6d:47:5f:06:1e:34:ea:15:
2a:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:B8:97:2C:06:15:E0:4C:1B:37:B5:3E:F6:98:08:FC:C9:BA:F9:24
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.35.0.0/16
Signature Algorithm: sha256WithRSAEncryption
29:05:bd:65:37:57:60:8f:7c:0f:87:23:e2:cf:e6:64:08:b6:
c7:aa:0e:d5:3b:98:31:50:cb:3c:81:93:6b:29:b2:5c:77:c4:
0d:ce:13:d2:a9:91:0e:c9:65:2e:67:fe:f2:c2:d1:df:88:3e:
8c:ac:36:a3:69:65:e0:6e:87:01:6d:62:ab:62:35:b7:d7:0a:
71:d8:37:a6:7a:d9:78:72:c1:23:73:06:85:2f:89:df:45:27:
be:5b:94:ee:9c:68:71:7f:0f:a9:ae:a8:d2:88:22:ca:60:22:
90:82:76:d5:18:36:b5:57:c8:40:50:d6:10:26:43:f6:5e:a4:
44:07:26:7b:af:68:79:2a:a1:1d:00:16:ad:3e:2a:2e:0c:e7:
d3:a7:c8:a3:e6:a9:25:3a:a3:c8:62:a4:dd:0e:ae:29:cd:0e:
d4:81:3a:a9:9b:9f:fc:f4:13:0a:6d:2f:de:da:e7:c4:66:3e:
a0:6e:db:e7:bf:c1:e9:60:a3:d1:29:5f:8e:99:65:21:b3:e9:
90:89:45:c3:5b:5d:c8:67:51:1c:1f:ca:98:aa:49:b0:a3:76:
28:7a:8a:88:aa:29:b5:20:da:60:e3:39:ca:33:cc:6e:65:3c:
ea:dc:0a:fc:a7:8b:29:93:d1:7d:24:08:5b:83:f3:f4:1c:ff:
93:9c:ec:cf
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSZCRNS4x6q4LwkYj/hVqry0TTLswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMzZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3ZWMzYWY0NWE3M2FjMjc2MmM4NTE1NGRkMDg3YmQ5MTg2ZDllZGQ3YzY2
MjZiYmIzY2Q1ZTE3YWI0ZmM5NDExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN3uIiHtwF+oVoaHhJ7zvl1LdqDTXBqc6dx71fp5REO+I3BP/VnoaBTt9OT/
ukBEV7jd3jVHevVeEg9ZC4LyoExIiAt96KAnhgYTVhZaYSpyD/oeKH0toQOCio2J
P9xtgrvS/LPelHhaFeUUB/ttB3RpPwTsUzl+UEQC0QOCj9NSy2hY0iPwgHvmzVzm
VdFMnWQakWRiWLDeDRtcHaVBhkQisnoIwCwSVwzNBFCVCuWJs017w9iTTU2wG9b8
cwEqCXwWv/z4+J0JP3CCavEQXnIHGdQUUDgzXsaZqgmMYA8wEln3La4MdD3lo4Hu
QeKPLxS26SfPnW1HXwYeNOoVKicCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQTuJcs
BhXgTBs3tT72mAj8ybr5JDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTRjMmEzNmUtMjQ1Yi00MzlhLWJmNjEtMDQxMzJjNWRmNWE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMjMA0G
CSqGSIb3DQEBCwUAA4IBAQApBb1lN1dgj3wPhyPiz+ZkCLbHqg7VO5gxUMs8gZNr
KbJcd8QNzhPSqZEOyWUuZ/7ywtHfiD6MrDajaWXgbocBbWKrYjW31wpx2Demetl4
csEjcwaFL4nfRSe+W5TunGhxfw+prqjSiCLKYCKQgnbVGDa1V8hAUNYQJkP2XqRE
ByZ7r2h5KqEdABatPiouDOfTp8ij5qklOqPIYqTdDq4pzQ7UgTqpm5/89BMKbS/e
2ufEZj6gbtvnv8HpYKPRKV+OmWUhs+mQiUXDW13IZ1EcH8qYqkmwo3YoeoqIqim1
INpg4znKM8xuZTzq3Ar8p4spk9F9JAhbg/P0HP+TnOzP
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:37:08 2025 by rpki-client