Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/993731a0-abe8-41b9-bad3-ce7852d4f117.roa
File: 993731a0-abe8-41b9-bad3-ce7852d4f117.roa (raw, json)
Hash identifier: Tvk+5RbRyjVoW8YcbsuXMCBv6xZM0irqVwzPZSbQNIE=
Subject key identifier: 6F:33:57:21:18:CD:6F:4C:14:4D:22:3F:2D:2B:47:8A:34:31:C2:D6
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0318C063A376AA462FDC80D725258235572377DF
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/993731a0-abe8-41b9-bad3-ce7852d4f117.roa
Signing time: Tue 21 Oct 2025 14:40:36 +0000
ROA not before: Tue 21 Oct 2025 14:40:36 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.34.0.0/15 maxlen: 15
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:18:c0:63:a3:76:aa:46:2f:dc:80:d7:25:25:82:35:57:23:77:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:36 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c4e700ec43018ef37de4f651376da5d1a607072279d9c14e2914dcebcac87bb8, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:72:80:7f:bd:a7:ff:42:c2:7d:fc:ca:24:21:
14:9e:05:2d:b8:a5:0a:73:b1:8f:bc:47:b5:64:71:
8d:26:50:6f:d0:3e:c9:23:ad:a9:f6:3d:6d:77:b0:
d6:59:38:dd:15:a0:4c:c1:5d:0f:4d:7d:5d:d3:7f:
61:8a:58:ff:d3:34:2b:11:f5:e8:47:cc:1e:7a:69:
01:a6:83:aa:6d:7a:40:61:70:5a:a9:7a:37:5d:e9:
7c:02:e3:a4:8d:0f:2a:ca:6f:3a:68:d4:f0:6b:dd:
c7:e4:37:c2:9a:14:23:d9:e2:e4:c6:1f:de:27:26:
c2:e4:1a:99:d1:95:f9:1f:5f:37:98:69:ca:be:ce:
f2:dd:d5:e2:73:3d:a7:08:87:76:46:d8:64:d6:31:
d3:4f:18:17:8f:ec:56:91:88:33:92:82:f8:25:f8:
e3:6e:89:b6:fb:d2:95:89:d6:0c:9c:e0:72:fe:72:
1c:31:b3:c1:8c:9d:5d:8f:f5:0f:98:ae:94:97:2d:
cb:b9:35:0b:a8:7d:4d:5c:dd:8f:17:a1:bf:97:aa:
cd:30:19:49:c2:02:96:7a:bf:1f:c5:46:aa:1b:a7:
cc:c8:25:4f:b0:d8:9c:e6:3f:1e:78:7c:29:fa:51:
d5:95:da:1e:b7:a3:2f:4e:b7:ff:2d:5f:f4:bb:88:
18:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:33:57:21:18:CD:6F:4C:14:4D:22:3F:2D:2B:47:8A:34:31:C2:D6
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/993731a0-abe8-41b9-bad3-ce7852d4f117.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.34.0.0/15
Signature Algorithm: sha256WithRSAEncryption
5c:a5:d7:48:8a:c4:50:f9:69:87:71:e8:37:b2:b1:0c:ab:c3:
93:7b:f4:d1:aa:b3:29:c6:97:8c:54:f0:fe:6c:ed:b0:e1:9d:
09:d1:08:00:ea:ad:2a:23:07:f0:93:2d:c5:82:f7:ba:b8:3c:
cd:3c:46:bf:5a:a5:68:50:eb:de:1d:c6:60:f4:ad:7f:17:98:
8b:a9:97:bb:ce:15:0d:72:c4:b2:bd:36:33:69:e4:7f:c3:21:
b8:f6:51:1b:7f:c3:91:2c:e5:81:30:c9:5a:c0:70:f2:02:09:
84:2b:15:c5:67:a5:c1:00:b1:ef:6d:f7:9e:d3:54:22:fe:3e:
8c:1f:02:08:d3:93:e5:69:ef:03:d8:dd:5b:c8:b8:ab:4a:e4:
13:36:18:96:47:8f:81:07:76:2f:7f:12:bd:35:1f:b3:78:0c:
2e:37:ba:6c:7b:98:6f:a5:e3:d2:5f:6f:08:c1:44:9c:54:a7:
8a:da:d6:ad:d4:ec:f3:73:b6:43:38:8e:12:b5:bc:4a:da:93:
7e:d5:7a:47:77:43:48:3f:36:6c:23:53:18:2d:db:94:5f:07:
23:cc:bb:a1:2c:f9:e6:f6:18:9d:71:ce:7b:40:b1:22:12:73:
aa:e0:27:75:69:d4:4c:4b:d9:6b:c2:9c:d6:ca:48:29:10:04:
52:6e:ea:30
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUAxjAY6N2qkYv3IDXJSWCNVcjd98wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMzZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM0ZTcwMGVjNDMwMThlZjM3ZGU0ZjY1MTM3NmRhNWQxYTYwNzA3MjI3OWQ5
YzE0ZTI5MTRkY2ViY2FjODdiYjgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdygH+9p/9Cwn38yiQhFJ4FLbilCnOxj7xHtWRxjSZQb9A+ySOtqfY9bXew
1lk43RWgTMFdD019XdN/YYpY/9M0KxH16EfMHnppAaaDqm16QGFwWql6N13pfALj
pI0PKspvOmjU8Gvdx+Q3wpoUI9ni5MYf3icmwuQamdGV+R9fN5hpyr7O8t3V4nM9
pwiHdkbYZNYx008YF4/sVpGIM5KC+CX4426JtvvSlYnWDJzgcv5yHDGzwYydXY/1
D5iulJcty7k1C6h9TVzdjxehv5eqzTAZScIClnq/H8VGqhunzMglT7DYnOY/Hnh8
KfpR1ZXaHrejL063/y1f9LuIGOsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRvM1ch
GM1vTBRNIj8tK0eKNDHC1jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTkzNzMxYTAtYWJlOC00MWI5LWJhZDMtY2U3ODUyZDRmMTE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMiMA0G
CSqGSIb3DQEBCwUAA4IBAQBcpddIisRQ+WmHceg3srEMq8OTe/TRqrMpxpeMVPD+
bO2w4Z0J0QgA6q0qIwfwky3Fgve6uDzNPEa/WqVoUOveHcZg9K1/F5iLqZe7zhUN
csSyvTYzaeR/wyG49lEbf8ORLOWBMMlawHDyAgmEKxXFZ6XBALHvbfee01Qi/j6M
HwII05Plae8D2N1byLirSuQTNhiWR4+BB3YvfxK9NR+zeAwuN7pse5hvpePSX28I
wUScVKeK2tat1Ozzc7ZDOI4StbxK2pN+1XpHd0NIPzZsI1MYLduUXwcjzLuhLPnm
9hidcc57QLEiEnOq4Cd1adRMS9lrwpzWykgpEARSbuow
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:30:58 2025 by rpki-client