Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
File: af8582f5-d209-4e12-aacf-31186289c430.roa (raw, json)
Hash identifier: dlAWqN0Y7E1eagKRk6878onJZ0kfPrUrwYCCD+TWyuM=
Subject key identifier: F8:E2:64:69:69:B5:A4:43:5F:26:C9:35:AC:4E:F2:B3:C6:1E:E8:91
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7F88A60684BD825C2393575878FFDC1CF1C86D1C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
Signing time: Tue 21 Oct 2025 14:50:07 +0000
ROA not before: Tue 21 Oct 2025 14:50:07 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.216.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:88:a6:06:84:bd:82:5c:23:93:57:58:78:ff:dc:1c:f1:c8:6d:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:07 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=77815daa9c7e77f7dc20d51448a1a4a6aa43d7d2edb12f9938a6b1122e1da337, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:95:7b:bd:3b:0a:bf:21:fc:e6:b0:51:fd:b5:
0d:3f:da:28:9b:18:b5:4a:3e:4d:f2:22:73:84:9d:
e4:d0:b6:34:c2:07:58:ff:c6:37:40:f0:97:21:66:
e5:1c:51:61:34:46:d2:f8:b6:05:df:9c:3a:a2:41:
d1:14:a8:9f:3d:36:3b:37:f5:63:58:9a:3b:23:96:
a2:32:be:d9:d2:89:61:b0:fa:64:f1:ec:4e:97:58:
76:fa:ee:8c:e7:2b:65:72:41:b1:ee:f7:5b:c1:8b:
5d:a3:e5:01:c4:36:c5:d5:87:ae:b9:df:d2:f0:86:
55:b9:14:30:75:3e:a5:3f:4f:19:f7:de:0b:42:cd:
2e:2a:49:c5:7b:4b:60:25:45:d8:c1:6e:e6:e5:45:
52:35:c5:3e:23:9e:b7:8f:4b:8b:71:31:ce:a3:d2:
14:9f:09:80:39:3d:23:a3:55:88:df:38:c0:eb:fc:
dd:b7:f1:b4:cf:d1:ca:90:53:a7:d1:3e:f2:30:3b:
7f:cb:1f:de:ac:1b:3a:1b:5b:73:11:34:3a:52:3f:
28:39:ac:a5:5b:07:30:2f:4e:1c:d8:2e:eb:43:e1:
c1:69:11:6c:01:b6:e2:da:f0:cc:81:15:f4:63:cd:
e1:27:de:b3:ab:46:64:2f:11:cd:ba:ef:9f:eb:d5:
45:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:E2:64:69:69:B5:A4:43:5F:26:C9:35:AC:4E:F2:B3:C6:1E:E8:91
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.216.0.0/15
Signature Algorithm: sha256WithRSAEncryption
17:2a:2c:42:ec:ff:4b:a9:ca:b2:ec:db:aa:1f:22:8e:e9:59:
13:b6:63:27:51:d8:30:45:42:96:ef:d3:cb:2a:af:28:bd:90:
6a:e2:99:a0:9e:ac:a3:3e:02:d0:36:7d:68:4f:25:e4:16:6d:
03:55:fb:3e:1b:cc:e8:f3:81:d6:28:aa:dc:a1:14:e1:4a:81:
f3:54:d7:53:a3:11:a5:5a:14:46:32:6f:8e:94:a0:1d:bf:96:
3a:8b:94:e8:b5:cb:3a:5d:50:57:af:80:a6:37:65:48:ba:cd:
1d:87:67:e3:ec:d0:29:25:18:c7:52:47:66:4e:37:9c:46:5f:
d5:09:e7:a3:b8:8b:65:60:7d:66:25:30:ef:c6:1d:c3:9e:f2:
fb:22:6f:de:72:65:2c:ec:fb:aa:26:e6:3c:dc:f7:ad:2e:16:
8d:82:11:fc:c6:b9:3f:70:8c:2e:ed:23:a1:25:d6:e2:3c:ad:
ec:a3:c2:e7:29:4a:9d:4a:0c:d8:c1:c9:e8:38:c5:a9:2e:d6:
31:50:62:53:18:6f:79:86:f8:77:6e:f7:63:d1:99:64:44:15:
b6:91:66:21:62:01:bf:56:36:28:5c:50:48:5e:c7:a1:94:1a:
06:f2:46:54:55:49:75:5d:98:f9:44:1d:9b:76:6b:19:9f:16:
5e:69:10:e1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUf4imBoS9glwjk1dYeP/cHPHIbRwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMDdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc3ODE1ZGFhOWM3ZTc3ZjdkYzIwZDUxNDQ4YTFhNGE2YWE0M2Q3ZDJlZGIx
MmY5OTM4YTZiMTEyMmUxZGEzMzcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmVe707Cr8h/OawUf21DT/aKJsYtUo+TfIic4Sd5NC2NMIHWP/GN0DwlyFm
5RxRYTRG0vi2Bd+cOqJB0RSonz02Ozf1Y1iaOyOWojK+2dKJYbD6ZPHsTpdYdvru
jOcrZXJBse73W8GLXaPlAcQ2xdWHrrnf0vCGVbkUMHU+pT9PGffeC0LNLipJxXtL
YCVF2MFu5uVFUjXFPiOet49Li3ExzqPSFJ8JgDk9I6NViN84wOv83bfxtM/RypBT
p9E+8jA7f8sf3qwbOhtbcxE0OlI/KDmspVsHMC9OHNgu60PhwWkRbAG24trwzIEV
9GPN4Sfes6tGZC8Rzbrvn+vVRdkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT44mRp
abWkQ18myTWsTvKzxh7okTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWY4NTgyZjUtZDIwOS00ZTEyLWFhY2YtMzExODYyODljNDMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPYMA0G
CSqGSIb3DQEBCwUAA4IBAQAXKixC7P9Lqcqy7NuqHyKO6VkTtmMnUdgwRUKW79PL
Kq8ovZBq4pmgnqyjPgLQNn1oTyXkFm0DVfs+G8zo84HWKKrcoRThSoHzVNdToxGl
WhRGMm+OlKAdv5Y6i5Totcs6XVBXr4CmN2VIus0dh2fj7NApJRjHUkdmTjecRl/V
CeejuItlYH1mJTDvxh3DnvL7Im/ecmUs7PuqJuY83PetLhaNghH8xrk/cIwu7SOh
JdbiPK3so8LnKUqdSgzYwcnoOMWpLtYxUGJTGG95hvh3bvdj0ZlkRBW2kWYhYgG/
VjYoXFBIXsehlBoG8kZUVUl1XZj5RB2bdmsZnxZeaRDh
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:36:56 2025 by rpki-client