Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b1f2e92a-59bb-45af-9b7f-630a07248560.roa
File: b1f2e92a-59bb-45af-9b7f-630a07248560.roa (raw, json)
Hash identifier: XEfxk0csA0Ea1J8mO+ylVJLDUh03E1Gq7UfQzxWYTEw=
Subject key identifier: 9F:B3:D7:BB:51:E0:8B:29:07:9D:7F:38:67:DC:80:E7:C3:B1:45:F8
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0BAF1A8CD7E5DF3B7CA6157BD70D749072FEDC45
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b1f2e92a-59bb-45af-9b7f-630a07248560.roa
Signing time: Fri 31 Oct 2025 02:00:20 +0000
ROA not before: Fri 31 Oct 2025 02:00:20 +0000
ROA not after: Fri 05 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.240.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:af:1a:8c:d7:e5:df:3b:7c:a6:15:7b:d7:0d:74:90:72:fe:dc:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 31 02:00:20 2025 GMT
Not After : Dec 5 23:59:59 2025 GMT
Subject: serialNumber=d9e5a7e19063a23b9967a98f8c855f0f75e3f089feea6174189755be26774db6, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:d0:23:62:2e:67:5c:52:e1:ff:2c:1f:5c:5e:
c2:b4:4f:e5:3c:13:fc:ef:7a:a9:9a:93:da:e9:10:
47:f0:2d:88:cf:c5:54:04:bc:a3:3b:fa:a6:10:97:
5f:31:f1:7e:a4:7f:6f:86:f7:56:f1:a4:fb:64:30:
a7:66:d7:35:07:11:73:7c:0c:30:c0:70:02:ec:4f:
fe:b7:fd:b0:c1:fe:ad:e2:f0:e2:b6:05:b0:c1:b4:
96:10:79:ed:fe:34:c6:f6:7e:25:cf:20:ba:cc:6b:
3c:3d:7a:89:0a:5b:d6:dc:6c:51:d3:d0:a7:a4:60:
8c:c9:c5:00:2d:8f:cb:b2:6d:0d:95:d4:17:11:f0:
5d:a3:14:71:9f:b6:f8:9b:d8:49:9d:36:20:b5:c6:
3a:aa:53:01:a5:b4:2a:49:8b:8c:9d:6f:9d:ec:c6:
3a:5b:bd:a5:99:e4:46:cb:ba:b1:72:20:24:af:a8:
9b:f2:3b:28:7e:eb:18:6c:36:5c:9a:e2:13:7c:cd:
6f:41:cd:24:ee:4c:2c:11:97:2d:9a:ce:b7:27:9b:
bd:15:8c:ee:ac:41:09:33:95:8d:2e:d9:a4:0d:d3:
86:9a:25:05:c7:00:f8:de:b7:c0:d7:fd:33:d8:ca:
84:63:ad:3f:7d:eb:89:69:3c:2f:11:42:fe:27:b8:
76:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:B3:D7:BB:51:E0:8B:29:07:9D:7F:38:67:DC:80:E7:C3:B1:45:F8
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b1f2e92a-59bb-45af-9b7f-630a07248560.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.240.0.0/16
Signature Algorithm: sha256WithRSAEncryption
80:90:56:5b:19:a2:2e:69:ee:91:9d:8a:64:49:2d:98:a4:a2:
87:aa:01:bb:1b:f2:5e:63:c2:64:d0:fa:72:94:98:b4:ca:7c:
78:59:cf:1d:80:ee:9d:71:8c:39:21:80:00:df:12:b1:8e:f7:
c9:62:79:4f:24:9a:87:ba:ac:24:27:60:53:a2:55:f5:71:63:
96:c4:57:8b:db:06:d5:08:e0:62:7d:b0:9a:83:9b:72:26:ab:
d4:be:ab:5a:4c:c1:0b:8d:3c:d5:bf:1a:d1:f6:a7:12:dd:66:
28:e3:00:9d:31:7b:6d:29:14:9c:a6:31:50:01:10:b4:42:42:
c8:b9:e7:38:bd:6e:b4:83:02:3a:6f:3b:f8:81:f8:9e:24:19:
cc:3d:dc:71:45:0e:c4:4d:9c:79:18:da:d8:14:f1:e9:3d:f6:
53:70:0c:0e:f4:c2:b1:75:e2:d8:d7:b1:94:1a:0f:6e:fb:f5:
38:0c:a4:f6:a5:a6:e9:0a:1c:36:0d:9a:56:04:76:4e:84:b7:
ef:af:a3:62:d8:48:25:e2:2f:a6:f0:45:b3:eb:3b:96:79:bb:
81:2a:ce:4f:19:65:e7:30:b1:05:be:b7:b3:d6:b2:e1:a2:f7:
b5:45:1f:9a:40:89:f2:e0:1f:21:bc:0d:94:ae:8e:d5:8a:c3:
97:77:4b:3f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUC68ajNfl3zt8phV71w10kHL+3EUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMzEwMjAwMjBaFw0yNTEyMDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ5ZTVhN2UxOTA2M2EyM2I5OTY3YTk4ZjhjODU1ZjBmNzVlM2YwODlmZWVh
NjE3NDE4OTc1NWJlMjY3NzRkYjYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJvQI2IuZ1xS4f8sH1xewrRP5TwT/O96qZqT2ukQR/AtiM/FVAS8ozv6phCX
XzHxfqR/b4b3VvGk+2Qwp2bXNQcRc3wMMMBwAuxP/rf9sMH+reLw4rYFsMG0lhB5
7f40xvZ+Jc8gusxrPD16iQpb1txsUdPQp6RgjMnFAC2Py7JtDZXUFxHwXaMUcZ+2
+JvYSZ02ILXGOqpTAaW0KkmLjJ1vnezGOlu9pZnkRsu6sXIgJK+om/I7KH7rGGw2
XJriE3zNb0HNJO5MLBGXLZrOtyebvRWM7qxBCTOVjS7ZpA3ThpolBccA+N63wNf9
M9jKhGOtP33riWk8LxFC/ie4do8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSfs9e7
UeCLKQedfzhn3IDnw7FF+DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjFmMmU5MmEtNTliYi00NWFmLTliN2YtNjMwYTA3MjQ4NTYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADPwMA0G
CSqGSIb3DQEBCwUAA4IBAQCAkFZbGaIuae6RnYpkSS2YpKKHqgG7G/JeY8Jk0Ppy
lJi0ynx4Wc8dgO6dcYw5IYAA3xKxjvfJYnlPJJqHuqwkJ2BTolX1cWOWxFeL2wbV
COBifbCag5tyJqvUvqtaTMELjTzVvxrR9qcS3WYo4wCdMXttKRScpjFQARC0QkLI
uec4vW60gwI6bzv4gfieJBnMPdxxRQ7ETZx5GNrYFPHpPfZTcAwO9MKxdeLY17GU
Gg9u+/U4DKT2pabpChw2DZpWBHZOhLfvr6Ni2Egl4i+m8EWz6zuWebuBKs5PGWXn
MLEFvrez1rLhove1RR+aQIny4B8hvA2Uro7VisOXd0s/
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:37:56 2025 by rpki-client