Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
File: c2c395e2-491c-4141-ba1e-1b3717841063.roa (raw, json)
Hash identifier: 5pTo/GIS/UpU+swq4lYb5zroxh9bi3T5zk0pcL1VxQc=
Subject key identifier: 2F:04:C2:E5:61:E7:62:C8:49:2F:E7:93:97:15:23:E6:C5:68:83:36
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7449F78AD7E7FCECB0A81008BBCEA264A1BE4A11
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
Signing time: Tue 21 Oct 2025 14:50:03 +0000
ROA not before: Tue 21 Oct 2025 14:50:03 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.152.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
74:49:f7:8a:d7:e7:fc:ec:b0:a8:10:08:bb:ce:a2:64:a1:be:4a:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:03 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=bea8acc9a875f5664303a235e6074ad3caf9f1150950a9f47703d9ba61ed276d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:23:ec:8b:eb:ce:70:e3:0a:2a:dc:02:5d:93:
a8:a3:66:fa:0b:88:97:2c:36:ee:0f:55:a8:33:ff:
5d:0a:32:ea:da:75:8d:b6:77:f9:e6:d6:3f:65:cd:
67:ad:47:29:6f:88:5e:e7:78:42:4b:a9:f5:f1:57:
d2:e6:9a:da:4a:38:4f:df:c3:40:95:62:7f:14:5a:
2b:0f:55:ec:78:71:bc:0b:3e:2a:8a:59:4f:1c:ae:
88:00:c6:c7:c0:5e:9b:07:60:59:e9:4a:43:fc:d6:
c4:ee:24:59:39:c7:13:45:a8:96:41:b5:0d:74:63:
01:0e:57:10:4f:f6:9d:39:16:bf:f1:fb:d6:de:9e:
7c:fb:58:d8:4a:14:05:f6:fc:a2:fd:10:9b:9f:a9:
91:b0:90:b5:a2:93:d9:73:44:00:e4:db:04:7e:3b:
f3:d7:87:16:11:b7:10:c7:62:79:e6:a2:fa:fc:e7:
bd:93:d4:e1:b5:42:1c:54:35:6e:73:f0:fe:e9:60:
a8:88:cd:dc:48:8f:a9:83:3b:37:d7:a1:15:01:be:
bf:f6:08:83:e5:5f:89:15:36:92:6c:4f:af:df:a8:
bd:89:68:fd:63:37:27:4f:dd:ba:17:3e:44:f4:24:
1f:1a:7f:6a:57:a9:7a:f6:2e:fe:96:cb:be:57:c8:
97:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:04:C2:E5:61:E7:62:C8:49:2F:E7:93:97:15:23:E6:C5:68:83:36
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.152.0.0/15
Signature Algorithm: sha256WithRSAEncryption
31:31:19:53:3e:60:9a:33:ce:4f:11:2c:ec:f4:91:16:00:de:
c6:53:b8:43:08:b4:17:28:42:16:7d:d1:4d:fc:5f:65:bb:60:
3a:33:9c:33:2e:54:42:0e:cc:c0:bf:28:bf:e6:cb:24:fd:7a:
d1:e3:5a:c7:ef:5b:12:65:d4:f0:88:57:23:92:ea:97:3e:4d:
af:3c:0e:21:12:79:52:99:f2:b4:86:ef:3a:70:77:ea:7f:4d:
39:c6:11:ad:6f:46:a4:a9:3e:d2:72:79:b4:58:55:5f:38:77:
f5:f5:7d:f7:8f:bf:09:4d:74:38:b4:26:f3:08:ce:2b:de:c8:
5b:78:7d:a5:4d:9c:38:02:86:dc:c1:42:42:de:b5:e1:f0:e1:
be:ac:79:86:c4:bf:13:b4:0d:ea:8b:85:3b:61:7b:6a:cb:51:
9d:68:e2:47:02:50:72:49:c4:da:74:27:42:47:1a:eb:f7:cd:
97:59:fc:77:42:4f:23:32:d5:10:c1:32:c7:e7:ba:38:95:9b:
94:f5:02:0f:3d:b8:6b:e5:44:fc:fc:db:10:3f:86:ae:88:7d:
5a:f5:aa:48:9e:a4:96:f4:cd:06:0d:bf:d3:d8:76:cc:14:7e:
56:c4:dc:11:f3:ba:2d:44:d2:d3:de:05:1b:44:8d:45:54:48:
87:c8:6d:0d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdEn3itfn/OywqBAIu86iZKG+ShEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMDNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJlYThhY2M5YTg3NWY1NjY0MzAzYTIzNWU2MDc0YWQzY2FmOWYxMTUwOTUw
YTlmNDc3MDNkOWJhNjFlZDI3NmQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0j7IvrznDjCircAl2TqKNm+guIlyw27g9VqDP/XQoy6tp1jbZ3+ebWP2XN
Z61HKW+IXud4Qkup9fFX0uaa2ko4T9/DQJVifxRaKw9V7HhxvAs+KopZTxyuiADG
x8BemwdgWelKQ/zWxO4kWTnHE0WolkG1DXRjAQ5XEE/2nTkWv/H71t6efPtY2EoU
Bfb8ov0Qm5+pkbCQtaKT2XNEAOTbBH4789eHFhG3EMdieeai+vznvZPU4bVCHFQ1
bnPw/ulgqIjN3EiPqYM7N9ehFQG+v/YIg+VfiRU2kmxPr9+ovYlo/WM3J0/duhc+
RPQkHxp/alepevYu/pbLvlfIl28CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQvBMLl
YediyEkv55OXFSPmxWiDNjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzJjMzk1ZTItNDkxYy00MTQxLWJhMWUtMWIzNzE3ODQxMDYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOYMA0G
CSqGSIb3DQEBCwUAA4IBAQAxMRlTPmCaM85PESzs9JEWAN7GU7hDCLQXKEIWfdFN
/F9lu2A6M5wzLlRCDszAvyi/5ssk/XrR41rH71sSZdTwiFcjkuqXPk2vPA4hEnlS
mfK0hu86cHfqf005xhGtb0akqT7Scnm0WFVfOHf19X33j78JTXQ4tCbzCM4r3shb
eH2lTZw4AobcwUJC3rXh8OG+rHmGxL8TtA3qi4U7YXtqy1GdaOJHAlByScTadCdC
Rxrr982XWfx3Qk8jMtUQwTLH57o4lZuU9QIPPbhr5UT8/NsQP4auiH1a9apInqSW
9M0GDb/T2HbMFH5WxNwR87otRNLT3gUbRI1FVEiHyG0N
-----END CERTIFICATE-----
Generated at Wed Nov 5 09:49:33 2025 by rpki-client