Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa
File: 9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa (raw, json)
Hash identifier: apmISA0sotCRrn8ByV59h1FgSvvUyDBzoZ8dr7DavFY=
Subject key identifier: 60:A1:66:19:80:E3:1B:CB:70:E8:FA:27:B5:54:7B:EB:A7:98:DB:16
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 023D8221BAC18254161A290C1B454777A4CD0F0B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa
Signing time: Tue 21 Oct 2025 14:50:41 +0000
ROA not before: Tue 21 Oct 2025 14:50:41 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.188.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:3d:82:21:ba:c1:82:54:16:1a:29:0c:1b:45:47:77:a4:cd:0f:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:41 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=4f214a51e032347108a5bf10e2953752b12398c4938389d3864c836e83d6b95e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:67:20:d8:11:34:2c:be:28:6f:27:14:a5:4f:
fa:5a:1e:de:77:3a:ff:8c:5d:12:43:39:17:0a:73:
f6:0b:c2:c7:b6:83:1c:a6:4d:87:4e:c0:ce:25:e5:
06:f3:78:70:f7:c3:eb:d4:b6:68:47:87:15:d9:97:
3f:1c:fb:fe:83:32:77:35:f9:d1:6b:f1:10:5b:5f:
a9:d8:0a:96:b1:4c:c1:35:02:30:a1:e1:7c:ea:d6:
f5:e5:d1:c3:eb:25:d4:ad:de:18:14:cd:8e:cc:7c:
e7:8d:29:f9:97:5e:03:02:f0:2d:1d:73:7e:53:5b:
c2:a6:9a:b5:ed:40:ca:50:5d:cc:c3:98:91:82:93:
a9:f0:7f:e9:c3:81:cf:02:15:e7:be:e8:db:94:8d:
c3:73:13:d4:28:81:de:86:f0:cf:82:06:34:6c:82:
64:8e:4d:30:a9:0c:28:de:e6:45:2a:94:fc:5b:90:
22:90:0e:a3:c6:9b:46:3f:ef:57:5c:23:e4:fb:b2:
32:49:aa:ef:02:84:6f:93:fd:e1:1a:6c:4d:0e:45:
01:77:32:2a:2c:20:0d:af:27:2e:03:b4:b0:ab:a8:
36:3d:d9:b2:8c:be:29:f9:2d:54:78:51:fc:65:9b:
5d:d8:25:ef:b9:a6:9b:08:f9:60:8a:4a:f6:97:39:
ed:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:A1:66:19:80:E3:1B:CB:70:E8:FA:27:B5:54:7B:EB:A7:98:DB:16
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.188.0.0/15
Signature Algorithm: sha256WithRSAEncryption
02:54:ca:74:29:2c:25:40:3f:35:ea:86:89:48:db:7f:dd:1f:
f5:51:06:f6:92:4e:9b:05:22:d5:92:19:22:49:2a:4c:f6:d8:
c1:36:65:f9:81:88:cb:98:70:2a:74:e1:f0:8e:ca:ae:19:c7:
58:80:54:39:05:f8:c7:7c:af:ff:50:f8:92:dc:5a:6f:ba:5f:
f7:8f:07:17:60:a6:13:fe:67:83:d2:66:4a:3e:86:47:78:b4:
0a:d6:39:9b:38:57:7d:ba:7f:45:c3:f9:6a:59:c8:32:38:31:
45:2b:62:cd:26:8c:9b:da:68:cb:36:23:67:41:ba:40:ea:85:
bf:86:37:3c:97:0a:e6:9d:e7:1a:94:e9:31:04:ac:03:cc:a5:
1a:2f:2f:f9:58:3c:71:03:a3:6b:d5:d1:9b:8e:81:ee:6a:88:
46:6f:a1:8a:ad:02:98:35:a2:ab:fe:ca:04:fd:0f:af:18:12:
3e:77:cd:df:12:3b:ce:8c:96:e1:ec:eb:ea:ca:bf:19:3a:52:
d0:55:42:ea:16:84:ad:ac:85:09:43:92:07:f1:e5:63:d3:d1:
31:78:55:d6:56:d7:6e:1a:62:07:3a:0f:5d:69:ad:fb:c6:e8:
d5:a5:ff:0a:f2:bb:40:30:f5:19:04:e7:8e:f5:24:b9:56:8a:
bd:2f:ed:f0
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUAj2CIbrBglQWGikMG0VHd6TNDwswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwNDFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDRmMjE0YTUxZTAzMjM0NzEwOGE1YmYxMGUyOTUzNzUyYjEyMzk4YzQ5Mzgz
ODlkMzg2NGM4MzZlODNkNmI5NWUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKZnINgRNCy+KG8nFKVP+loe3nc6/4xdEkM5Fwpz9gvCx7aDHKZNh07AziXl
BvN4cPfD69S2aEeHFdmXPxz7/oMydzX50WvxEFtfqdgKlrFMwTUCMKHhfOrW9eXR
w+sl1K3eGBTNjsx8540p+ZdeAwLwLR1zflNbwqaate1AylBdzMOYkYKTqfB/6cOB
zwIV577o25SNw3MT1CiB3obwz4IGNGyCZI5NMKkMKN7mRSqU/FuQIpAOo8abRj/v
V1wj5PuyMkmq7wKEb5P94RpsTQ5FAXcyKiwgDa8nLgO0sKuoNj3Zsoy+KfktVHhR
/GWbXdgl77mmmwj5YIpK9pc57QkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRgoWYZ
gOMby3Do+ie1VHvrp5jbFjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWViZmEzNDgtNTkxMC00NjY3LWI0ZGItY2ZiNWJiM2FjYmM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATO8MA0G
CSqGSIb3DQEBCwUAA4IBAQACVMp0KSwlQD816oaJSNt/3R/1UQb2kk6bBSLVkhki
SSpM9tjBNmX5gYjLmHAqdOHwjsquGcdYgFQ5BfjHfK//UPiS3Fpvul/3jwcXYKYT
/meD0mZKPoZHeLQK1jmbOFd9un9Fw/lqWcgyODFFK2LNJoyb2mjLNiNnQbpA6oW/
hjc8lwrmnecalOkxBKwDzKUaLy/5WDxxA6Nr1dGbjoHuaohGb6GKrQKYNaKr/soE
/Q+vGBI+d83fEjvOjJbh7Ovqyr8ZOlLQVULqFoStrIUJQ5IH8eVj09ExeFXWVtdu
GmIHOg9daa37xujVpf8K8rtAMPUZBOeO9SS5Voq9L+3w
-----END CERTIFICATE-----
Generated at Wed Nov 5 09:36:20 2025 by rpki-client