Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
File: bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa (raw, json)
Hash identifier: LKFf1HJrEQQoICaGuTWjHkZtcZRu/r14KfKCYbn8vd4=
Subject key identifier: 2C:2E:FB:57:9E:3E:61:FB:CC:BE:5A:27:4C:B4:04:9E:96:0E:82:B2
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0422EA9B7A79F5602EBDA0FABD8064FAB618E089
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
Signing time: Tue 21 Oct 2025 14:50:21 +0000
ROA not before: Tue 21 Oct 2025 14:50:21 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.100.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:22:ea:9b:7a:79:f5:60:2e:bd:a0:fa:bd:80:64:fa:b6:18:e0:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:21 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=57bb4fe79122f6602616fdc69dc88620e36d0d752f98d0169f8572a0b5d50e81, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:8b:5a:e5:76:e4:c0:7c:dd:46:55:fb:4c:e4:
92:a5:0e:f5:18:1d:ed:cb:18:b8:c0:4d:09:74:97:
d6:cd:4e:45:f6:07:73:2a:3d:ad:e9:37:19:bc:3b:
c2:10:f9:02:78:3e:b8:4f:48:13:73:a2:9d:9c:60:
52:79:f4:bd:99:49:35:5c:a6:01:68:d8:f2:08:92:
10:30:e4:7c:fa:fa:cb:84:ea:37:da:71:c7:3c:95:
3d:58:67:4d:e7:98:22:61:c1:b9:85:04:46:26:d5:
86:5e:31:3f:9a:05:a5:07:30:f5:c1:b8:24:7c:7f:
50:3e:c5:b3:35:e4:4e:b4:d7:0e:f6:cc:e2:5a:af:
ed:97:c7:0b:55:f8:84:c7:18:00:f0:ba:b7:5e:05:
f2:ea:fa:e3:21:e8:6c:0f:be:ea:a4:81:79:6f:d8:
3a:11:ee:ad:82:d2:f9:5b:77:d5:3a:29:df:c9:f1:
a6:5a:68:18:0d:57:d2:38:df:06:b6:d4:f2:0b:98:
60:d2:b7:ac:c0:9e:cd:24:31:33:44:d4:e8:eb:51:
21:a6:91:3f:55:31:d4:e9:a0:ed:73:d7:36:aa:01:
d9:84:22:e3:82:2d:f6:30:7b:72:04:26:53:0b:ee:
0d:a1:76:57:bd:9a:45:17:5b:da:c9:3a:79:81:73:
0a:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:2E:FB:57:9E:3E:61:FB:CC:BE:5A:27:4C:B4:04:9E:96:0E:82:B2
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.100.0.0/15
Signature Algorithm: sha256WithRSAEncryption
89:89:a9:88:dd:cd:e2:72:cb:d1:f5:dd:4d:36:69:15:c8:ab:
62:f5:7e:0b:be:89:73:8a:1c:2b:55:d9:9c:17:04:b1:3e:c4:
9e:66:87:00:02:36:34:7d:62:68:55:b7:11:12:91:85:6d:4c:
b1:5d:76:57:b7:46:2a:16:02:ab:1b:76:d6:d8:bc:00:78:8d:
c5:1b:08:2c:b2:af:d0:f7:10:24:d6:f1:78:72:aa:fc:78:24:
4c:79:4b:83:90:86:0c:a7:cd:f5:2f:d5:aa:87:c4:cc:bb:24:
ba:b8:05:94:07:98:22:c4:7b:be:d7:6f:49:7a:2f:20:c1:ad:
13:7b:10:39:fb:ea:d7:64:f0:d2:f2:a0:5d:fe:14:59:17:b7:
3f:b3:94:74:87:da:97:75:ec:24:0a:e6:f4:a4:cc:4e:32:5f:
76:05:aa:b4:74:77:4f:dd:6c:be:55:30:25:16:c8:ca:ec:1b:
fc:3e:ce:35:25:5e:07:df:ab:1c:f7:94:f1:64:c3:80:a6:91:
21:f0:3d:a6:66:68:50:67:29:b4:f7:c8:3c:01:37:c5:64:77:
ce:12:5d:62:d2:e2:0f:88:04:ea:66:20:78:6c:d5:72:f2:2d:
16:88:0d:0f:5e:d2:2a:ce:4e:79:8c:ba:0c:88:0d:ea:44:01:
19:69:5b:c7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBCLqm3p59WAuvaD6vYBk+rYY4IkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDU3YmI0ZmU3OTEyMmY2NjAyNjE2ZmRjNjlkYzg4NjIwZTM2ZDBkNzUyZjk4
ZDAxNjlmODU3MmEwYjVkNTBlODExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALCLWuV25MB83UZV+0zkkqUO9Rgd7csYuMBNCXSX1s1ORfYHcyo9rek3Gbw7
whD5Ang+uE9IE3OinZxgUnn0vZlJNVymAWjY8giSEDDkfPr6y4TqN9pxxzyVPVhn
TeeYImHBuYUERibVhl4xP5oFpQcw9cG4JHx/UD7FszXkTrTXDvbM4lqv7ZfHC1X4
hMcYAPC6t14F8ur64yHobA++6qSBeW/YOhHurYLS+Vt31Top38nxplpoGA1X0jjf
BrbU8guYYNK3rMCezSQxM0TU6OtRIaaRP1Ux1Omg7XPXNqoB2YQi44It9jB7cgQm
UwvuDaF2V72aRRdb2sk6eYFzCqMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQsLvtX
nj5h+8y+WidMtASelg6CsjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmFjZjg0M2EtMTdlZS00Y2ExLTllM2ItOGYzNzI4ODE0ZDIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNkMA0G
CSqGSIb3DQEBCwUAA4IBAQCJiamI3c3icsvR9d1NNmkVyKti9X4LvolzihwrVdmc
FwSxPsSeZocAAjY0fWJoVbcREpGFbUyxXXZXt0YqFgKrG3bW2LwAeI3FGwgssq/Q
9xAk1vF4cqr8eCRMeUuDkIYMp831L9Wqh8TMuyS6uAWUB5gixHu+129Jei8gwa0T
exA5++rXZPDS8qBd/hRZF7c/s5R0h9qXdewkCub0pMxOMl92Baq0dHdP3Wy+VTAl
FsjK7Bv8Ps41JV4H36sc95TxZMOAppEh8D2mZmhQZym098g8ATfFZHfOEl1i0uIP
iATqZiB4bNVy8i0WiA0PXtIqzk55jLoMiA3qRAEZaVvH
-----END CERTIFICATE-----
Generated at Wed Nov 5 00:35:58 2025 by rpki-client