Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa
File: c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa (raw, json)
Hash identifier: QcoiEETxj3k25VgUUuQsXJ9PbLN4SFF0QrnpWToZZeU=
Subject key identifier: CA:82:B1:93:83:2A:C7:13:6D:B0:94:09:C1:2B:F0:8A:19:B2:6A:25
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4F97C2CC88B27CFA19A7A40AAE06C63B62CFCE61
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa
Signing time: Fri 24 Oct 2025 00:40:03 +0000
ROA not before: Fri 24 Oct 2025 00:40:03 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.238.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4f:97:c2:cc:88:b2:7c:fa:19:a7:a4:0a:ae:06:c6:3b:62:cf:ce:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 24 00:40:03 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=b65cfdef0b80dd927c62be1cd1b4a425e4dfadf93171b4f233a71e5d8b0e6790, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:1e:d8:8f:4d:83:71:6c:ad:aa:f5:7c:17:90:
7f:f1:3c:8e:ec:62:4a:4e:91:86:3c:bd:da:9b:e9:
9e:6a:31:94:0e:f2:f3:cd:be:23:a3:d3:51:74:62:
95:70:8f:38:c5:b4:9c:cc:e2:09:c9:e8:e9:97:26:
7c:b2:38:2b:36:5a:c4:a1:e1:65:c6:95:39:72:fa:
80:5a:38:87:9e:f3:0e:84:8d:4e:bd:72:70:4c:ed:
09:df:a8:41:9a:9a:7b:1a:4f:1a:6c:1d:e7:ab:15:
25:9f:af:0a:12:b2:c3:a2:8f:ae:17:fd:20:eb:af:
2f:77:4b:c2:ba:cd:65:c0:7b:a8:dd:c7:49:e1:42:
ba:14:b2:1b:e8:a8:38:91:44:3a:b0:53:33:00:db:
61:f8:bd:2a:7a:01:8e:62:e2:11:ab:f7:cd:37:24:
6b:a4:ab:f7:cb:34:4e:82:22:8e:34:55:c2:99:12:
28:ec:ce:3c:4f:13:b9:bf:e2:f9:99:27:13:36:8a:
5b:08:44:b3:bc:03:3a:3a:a4:34:c9:68:f3:e7:b6:
42:cb:f9:fe:19:66:0c:c3:b3:e0:7b:53:05:4b:b6:
4d:19:a5:f7:3e:2b:8a:a7:64:db:41:04:dd:09:bd:
68:47:2a:30:d3:66:23:16:b1:2b:2f:81:5a:f5:0f:
08:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:82:B1:93:83:2A:C7:13:6D:B0:94:09:C1:2B:F0:8A:19:B2:6A:25
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.238.0/23
Signature Algorithm: sha256WithRSAEncryption
18:30:64:e3:a9:e6:b9:0a:cb:4f:38:d7:77:eb:ff:ed:0b:38:
47:5b:56:1b:86:ea:11:8c:b0:f5:19:a6:55:2a:00:80:ce:02:
2d:2f:6d:2a:ea:01:cd:59:5e:56:21:5a:61:a9:a3:0c:db:d2:
0a:46:8f:da:b6:6f:58:b5:ae:71:9a:62:85:c5:f4:42:28:77:
c4:c5:dc:67:e3:b4:e6:ee:62:0e:cd:92:9e:10:51:e7:c4:79:
db:0c:81:d3:57:c8:67:4f:52:84:bc:a9:f5:3f:82:04:b4:d4:
57:47:b7:6a:51:88:1d:6d:2f:de:50:9e:1e:50:a5:85:cf:84:
87:45:42:64:e0:33:aa:93:e8:cd:0f:7f:c0:4d:f6:9e:bb:68:
d3:a8:3e:50:e7:f3:2e:27:ac:78:8b:1f:49:e6:45:b7:93:e4:
3e:78:12:f2:e4:6a:f8:54:69:13:2a:52:6b:96:84:94:b8:3a:
e0:f9:ca:69:c3:e2:78:37:c3:71:cf:46:40:95:ab:6a:ee:1d:
ac:01:aa:f5:81:d7:28:25:28:e0:3f:6a:37:ed:33:30:48:e8:
6e:e8:62:9a:3a:1a:80:e0:b8:99:ab:0a:71:20:5c:d8:24:e7:
35:58:6a:d9:0f:e1:40:1e:da:d2:02:8e:4d:55:e0:bc:d0:5b:
54:77:e6:22
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUT5fCzIiyfPoZp6QKrgbGO2LPzmEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjQwMDQwMDNaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQGI2NWNmZGVmMGI4MGRkOTI3YzYyYmUxY2QxYjRhNDI1ZTRkZmFkZjkzMTcx
YjRmMjMzYTcxZTVkOGIwZTY3OTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwe2I9Ng3Fsrar1fBeQf/E8juxiSk6Rhjy92pvpnmoxlA7y882+I6PTUXRi
lXCPOMW0nMziCcno6ZcmfLI4KzZaxKHhZcaVOXL6gFo4h57zDoSNTr1ycEztCd+o
QZqaexpPGmwd56sVJZ+vChKyw6KPrhf9IOuvL3dLwrrNZcB7qN3HSeFCuhSyG+io
OJFEOrBTMwDbYfi9KnoBjmLiEav3zTcka6Sr98s0ToIijjRVwpkSKOzOPE8Tub/i
+ZknEzaKWwhEs7wDOjqkNMlo8+e2Qsv5/hlmDMOz4HtTBUu2TRml9z4riqdk20EE
3Qm9aEcqMNNmIxaxKy+BWvUPCDUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTKgrGT
gyrHE22wlAnBK/CKGbJqJTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzhmZDhjNDQtNzUxNC00MGU2LTkxOTgtZTBiNmUzN2I0YzY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMQ7jAN
BgkqhkiG9w0BAQsFAAOCAQEAGDBk46nmuQrLTzjXd+v/7Qs4R1tWG4bqEYyw9Rmm
VSoAgM4CLS9tKuoBzVleViFaYamjDNvSCkaP2rZvWLWucZpihcX0Qih3xMXcZ+O0
5u5iDs2SnhBR58R52wyB01fIZ09ShLyp9T+CBLTUV0e3alGIHW0v3lCeHlClhc+E
h0VCZOAzqpPozQ9/wE32nrto06g+UOfzLieseIsfSeZFt5PkPngS8uRq+FRpEypS
a5aElLg64PnKacPieDfDcc9GQJWrau4drAGq9YHXKCUo4D9qN+0zMEjobuhimjoa
gOC4masKcSBc2CTnNVhq2Q/hQB7a0gKOTVXgvNBbVHfmIg==
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:25:56 2025 by rpki-client