Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
File: ef3e6945-57bf-41fe-9e98-2db6c2800547.roa (raw, json)
Hash identifier: De6so1/4Cg++RzuI0pmGbKtJhGPQOK7Ex/6sbtU8UMo=
Subject key identifier: 20:33:51:F8:24:E1:69:2B:2E:49:10:DB:A9:C5:46:74:1D:AA:27:24
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 683231E0177611BE50335E11C682E2811B00C99A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
Signing time: Tue 21 Oct 2025 14:40:08 +0000
ROA not before: Tue 21 Oct 2025 14:40:08 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.208.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:32:31:e0:17:76:11:be:50:33:5e:11:c6:82:e2:81:1b:00:c9:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:08 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=eee2242241159f98dcbfd79b0d929688782490ff67dba5df5640ddf96ce80c45, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:f1:ee:f9:ab:97:cc:b4:a6:d4:e3:5f:c1:94:
6c:32:81:3b:69:ae:24:5a:0b:55:87:45:1b:55:dd:
29:27:c3:f4:38:6f:61:60:b1:e5:83:99:44:80:6c:
a7:2b:c2:8c:1d:f7:6b:53:d9:ff:69:f5:d2:61:ce:
ca:35:e8:e2:1e:9b:fd:3c:76:91:e1:b5:e3:59:4f:
4c:c4:ad:d6:92:ea:5e:19:75:e0:16:ae:a6:66:a5:
6a:87:a8:e2:fc:69:50:d7:01:66:b9:96:20:84:df:
38:46:ab:72:37:9e:0a:96:74:94:b3:f7:a7:98:a1:
36:ac:1d:61:07:5f:10:09:ac:d7:0d:c2:07:35:08:
82:54:d7:d9:28:6f:f0:a1:57:d5:51:bb:37:f9:80:
cb:8a:c8:19:40:52:2e:8d:7e:71:c5:44:c2:12:26:
af:6e:0c:a6:47:9a:e8:df:53:dc:66:4d:7e:3d:29:
90:7d:81:24:69:4c:d3:e9:63:cf:5e:dc:87:c3:03:
14:2d:1c:cd:0d:04:90:d7:63:54:7d:15:4b:64:b2:
c8:32:6f:b7:d8:a5:a9:53:f5:c9:62:6e:41:31:d9:
73:58:84:f4:d1:b5:1f:67:fb:c3:d9:26:d4:43:14:
21:80:e1:33:be:31:98:28:03:0f:73:8f:c7:94:19:
b7:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:33:51:F8:24:E1:69:2B:2E:49:10:DB:A9:C5:46:74:1D:AA:27:24
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.208.0.0/15
Signature Algorithm: sha256WithRSAEncryption
9c:25:94:9c:fb:db:2c:8c:f0:42:f7:79:a4:a8:da:75:74:46:
b5:f1:d4:8d:98:e3:c7:e9:a4:52:01:ef:3f:41:94:88:20:c3:
07:58:c4:3b:bb:f1:93:03:2a:8e:0d:cd:20:e2:aa:21:65:54:
70:50:92:99:a1:d0:16:1a:aa:1c:90:10:ed:0c:c0:98:85:5c:
06:f0:ef:05:fb:6a:75:c5:f1:1f:05:d3:4e:7e:4a:17:ed:f5:
89:f9:09:8d:90:2d:28:35:e0:5b:a9:34:5d:65:b3:25:e9:1d:
46:f4:10:ce:c0:28:10:c7:05:75:fb:ef:98:86:32:e1:c3:d6:
2f:a0:ba:dc:db:e4:1f:06:b8:0e:34:50:bb:8e:4c:4b:67:32:
8a:6b:62:75:a5:42:2b:0b:93:d3:b1:39:70:bf:70:bf:cf:91:
39:39:3d:9c:a3:e0:cd:ea:c8:c7:a4:e4:fb:36:78:5a:79:a6:
af:29:5e:ca:86:56:40:28:02:57:8f:79:c3:ae:e7:78:11:aa:
c7:2b:a3:33:a8:e7:bc:a6:af:51:08:9e:10:45:01:b5:99:77:
aa:de:df:3f:62:ed:68:37:8e:91:51:c3:a9:33:d9:84:34:6a:
19:54:2e:30:6b:22:c6:fe:b7:64:dc:db:e4:b3:a8:17:d5:70:
ce:21:48:1e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUaDIx4Bd2Eb5QM14RxoLigRsAyZowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMDhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGVlZTIyNDIyNDExNTlmOThkY2JmZDc5YjBkOTI5Njg4NzgyNDkwZmY2N2Ri
YTVkZjU2NDBkZGY5NmNlODBjNDUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJrx7vmrl8y0ptTjX8GUbDKBO2muJFoLVYdFG1XdKSfD9DhvYWCx5YOZRIBs
pyvCjB33a1PZ/2n10mHOyjXo4h6b/Tx2keG141lPTMSt1pLqXhl14Baupmalaoeo
4vxpUNcBZrmWIITfOEarcjeeCpZ0lLP3p5ihNqwdYQdfEAms1w3CBzUIglTX2Shv
8KFX1VG7N/mAy4rIGUBSLo1+ccVEwhImr24Mpkea6N9T3GZNfj0pkH2BJGlM0+lj
z17ch8MDFC0czQ0EkNdjVH0VS2SyyDJvt9ilqVP1yWJuQTHZc1iE9NG1H2f7w9km
1EMUIYDhM74xmCgDD3OPx5QZt9ECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQgM1H4
JOFpKy5JENupxUZ0HaonJDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWYzZTY5NDUtNTdiZi00MWZlLTllOTgtMmRiNmMyODAwNTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPQMA0G
CSqGSIb3DQEBCwUAA4IBAQCcJZSc+9ssjPBC93mkqNp1dEa18dSNmOPH6aRSAe8/
QZSIIMMHWMQ7u/GTAyqODc0g4qohZVRwUJKZodAWGqockBDtDMCYhVwG8O8F+2p1
xfEfBdNOfkoX7fWJ+QmNkC0oNeBbqTRdZbMl6R1G9BDOwCgQxwV1+++YhjLhw9Yv
oLrc2+QfBrgONFC7jkxLZzKKa2J1pUIrC5PTsTlwv3C/z5E5OT2co+DN6sjHpOT7
NnhaeaavKV7KhlZAKAJXj3nDrud4EarHK6MzqOe8pq9RCJ4QRQG1mXeq3t8/Yu1o
N46RUcOpM9mENGoZVC4wayLG/rdk3Nvks6gX1XDOIUge
-----END CERTIFICATE-----
Generated at Wed Nov 5 00:09:02 2025 by rpki-client