Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
File: cf5e86ef-0733-4056-8b1b-683470ef90f1.roa (raw, json)
Hash identifier: pSyUZYYrkV3EfzzilOcmdaU0SuKhwUMYQ/JhPcZ7f6Y=
Subject key identifier: 92:3D:77:5C:2C:03:33:81:3D:A7:67:20:96:87:59:63:18:3A:79:F0
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0A35DC2BFE6D597AAC50C74DCD8A76972E14B44E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
Signing time: Wed 22 Oct 2025 00:50:01 +0000
ROA not before: Wed 22 Oct 2025 00:50:01 +0000
ROA not after: Wed 26 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.112.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:35:dc:2b:fe:6d:59:7a:ac:50:c7:4d:cd:8a:76:97:2e:14:b4:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 22 00:50:01 2025 GMT
Not After : Nov 26 23:59:59 2025 GMT
Subject: serialNumber=26f5cac9e5bd1c8aaf3058580648e2880ec81c9523338487da338629312d053b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:a3:43:64:02:62:4d:b2:c1:eb:00:d6:b8:72:
e0:da:98:06:48:f3:30:c3:89:44:2d:61:c0:a6:4b:
60:ea:06:49:e0:3d:d2:25:c9:65:8c:90:a7:c4:36:
b0:53:cd:35:c6:86:cf:dc:8d:0a:45:fd:4b:6b:b3:
52:7d:27:45:31:67:84:cc:4b:47:a8:e7:ab:88:36:
f3:be:db:2c:92:71:62:62:b6:19:37:7b:52:fe:d6:
80:97:37:69:d5:35:49:4b:b3:8d:13:a0:ce:bf:90:
2f:dd:7f:fd:53:7e:b9:af:ee:ae:33:20:50:58:db:
0a:5b:67:16:74:8d:6e:95:90:34:12:87:7d:8b:70:
f2:b9:b5:bb:c7:b9:88:fc:a2:4e:b5:7d:01:d8:ff:
41:59:5f:07:81:ef:ab:1f:25:44:ec:7d:d1:66:bd:
9a:f0:af:6f:8f:26:57:66:b1:cc:74:60:8f:5f:ce:
fe:cf:63:4c:d5:90:02:09:be:24:6e:3a:08:c7:f5:
97:39:f3:d3:9a:3c:6d:1e:4b:51:93:88:aa:7c:86:
a2:59:9c:69:39:35:98:59:4d:8e:0f:bd:ed:7b:5d:
82:5d:bd:08:d1:03:59:9b:3a:d3:9f:49:68:fb:02:
4a:f2:fb:75:94:c4:4e:d9:29:16:e7:52:a9:2f:f1:
c3:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:3D:77:5C:2C:03:33:81:3D:A7:67:20:96:87:59:63:18:3A:79:F0
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.112.0/21
Signature Algorithm: sha256WithRSAEncryption
3b:43:5a:51:f0:59:15:5a:20:ff:3d:08:fe:a6:5d:63:e9:70:
b9:93:a9:3b:0a:60:46:7a:2c:4b:98:1a:c6:97:22:e9:ad:1e:
5a:70:29:a5:ea:96:75:94:e9:4b:9e:ab:0b:3f:85:af:8c:a4:
80:48:e3:35:75:c9:58:3c:75:0b:7e:64:bb:9c:15:13:1a:56:
ed:9a:f4:7d:c4:8b:da:c9:19:dd:c7:4c:b0:67:5b:36:98:b5:
05:97:3c:75:9c:0e:d9:22:bd:a4:48:09:a4:61:dc:e8:3f:e5:
eb:7d:df:6a:67:1e:52:48:95:84:b1:7d:23:54:21:cf:04:36:
c1:eb:d9:e1:04:b9:55:1f:55:0f:ec:b4:40:c7:ca:0b:c8:78:
9f:ee:b0:18:07:7d:df:0f:09:e0:64:f1:5e:43:37:c3:c6:fc:
77:b9:27:76:2e:ae:50:4f:18:66:ac:ed:f5:7d:4d:db:9e:16:
3f:d4:14:35:dc:ba:6b:c7:bc:71:ba:77:ce:9c:f9:1b:32:19:
5b:a8:2d:63:6b:a8:37:b2:ef:6f:3f:2b:66:39:f0:69:67:2d:
ec:33:06:0a:d9:e0:2b:87:fa:e9:41:5d:8d:c1:f6:4e:c2:53:
24:9f:fe:f7:82:e5:2b:81:17:86:aa:dc:d1:f7:08:f1:c4:c4:
cc:ce:6a:f5
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCjXcK/5tWXqsUMdNzYp2ly4UtE4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjIwMDUwMDFaFw0yNTExMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQDI2ZjVjYWM5ZTViZDFjOGFhZjMwNTg1ODA2NDhlMjg4MGVjODFjOTUyMzMz
ODQ4N2RhMzM4NjI5MzEyZDA1M2IxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANajQ2QCYk2ywesA1rhy4NqYBkjzMMOJRC1hwKZLYOoGSeA90iXJZYyQp8Q2
sFPNNcaGz9yNCkX9S2uzUn0nRTFnhMxLR6jnq4g2877bLJJxYmK2GTd7Uv7WgJc3
adU1SUuzjROgzr+QL91//VN+ua/urjMgUFjbCltnFnSNbpWQNBKHfYtw8rm1u8e5
iPyiTrV9Adj/QVlfB4Hvqx8lROx90Wa9mvCvb48mV2axzHRgj1/O/s9jTNWQAgm+
JG46CMf1lznz05o8bR5LUZOIqnyGolmcaTk1mFlNjg+97Xtdgl29CNEDWZs6059J
aPsCSvL7dZTETtkpFudSqS/xw38CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSSPXdc
LAMzgT2nZyCWh1ljGDp58DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2Y1ZTg2ZWYtMDczMy00MDU2LThiMWItNjgzNDcwZWY5MGYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAcDAN
BgkqhkiG9w0BAQsFAAOCAQEAO0NaUfBZFVog/z0I/qZdY+lwuZOpOwpgRnosS5ga
xpci6a0eWnAppeqWdZTpS56rCz+Fr4ykgEjjNXXJWDx1C35ku5wVExpW7Zr0fcSL
2skZ3cdMsGdbNpi1BZc8dZwO2SK9pEgJpGHc6D/l633famceUkiVhLF9I1QhzwQ2
wevZ4QS5VR9VD+y0QMfKC8h4n+6wGAd93w8J4GTxXkM3w8b8d7kndi6uUE8YZqzt
9X1N254WP9QUNdy6a8e8cbp3zpz5GzIZW6gtY2uoN7Lvbz8rZjnwaWct7DMGCtng
K4f66UFdjcH2TsJTJJ/+94LlK4EXhqrc0fcI8cTEzM5q9Q==
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:30:39 2025 by rpki-client