Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f060e190-89f7-4009-9831-b2d429343b80.roa
File: f060e190-89f7-4009-9831-b2d429343b80.roa (raw, json)
Hash identifier: j1SwQ8akNEr8koCZRHwyYo4x56TxFFoGxP8M4rUrfjU=
Subject key identifier: C4:9D:AA:D1:D0:FE:31:38:98:38:4A:A7:07:E6:7E:01:45:6F:37:21
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2CAAF9197D117A7D33662D0CB4059B24BB2E03E5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f060e190-89f7-4009-9831-b2d429343b80.roa
Signing time: Fri 24 Oct 2025 00:40:02 +0000
ROA not before: Fri 24 Oct 2025 00:40:02 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.0.0/15 maxlen: 15
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:aa:f9:19:7d:11:7a:7d:33:66:2d:0c:b4:05:9b:24:bb:2e:03:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 24 00:40:02 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=06a21812e5054b5a3eece2430e2afbda3017d6c73c7eac157ead3c4265e8def3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:fe:e2:15:19:bf:24:37:b7:cd:b7:0b:4a:cb:
28:82:b1:20:93:4a:83:58:fc:ec:4d:34:db:da:f2:
c8:48:dc:32:73:21:53:7e:66:2a:d1:e4:2c:b0:2a:
e3:71:58:c8:c7:fd:dc:75:70:17:f9:d3:95:ae:3b:
5f:a2:87:b4:97:c7:6a:04:18:f6:5b:a7:f5:5c:11:
da:7a:c3:14:ba:6d:e7:44:bb:64:40:4f:c3:f1:18:
9f:44:d0:dc:b7:c4:2d:00:13:88:d2:5b:f1:28:f7:
e5:8f:69:57:89:dd:76:f8:be:60:8a:39:66:1b:f0:
27:67:d5:b2:10:89:df:91:5f:30:37:3d:67:67:fc:
61:e4:7e:80:76:be:0f:be:8a:fd:9a:88:6d:ef:6c:
70:be:40:e6:9f:ea:a4:b2:c5:a5:9d:7c:57:76:55:
8e:c4:02:9c:60:fd:a5:3b:ad:a6:be:d6:b9:83:5e:
ad:6b:81:7b:84:80:1e:bb:7b:a0:1b:28:ef:0c:8c:
64:11:6c:17:ce:ab:a2:42:d2:5a:75:43:6b:50:c4:
7c:0c:d6:c3:01:a4:38:45:af:49:4d:74:ae:7f:7b:
64:42:19:ec:6b:b4:48:93:16:39:b9:ed:94:c6:57:
16:32:0f:50:64:a7:71:ab:2e:7c:6e:38:27:ec:92:
6a:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:9D:AA:D1:D0:FE:31:38:98:38:4A:A7:07:E6:7E:01:45:6F:37:21
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f060e190-89f7-4009-9831-b2d429343b80.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.0.0/15
Signature Algorithm: sha256WithRSAEncryption
21:72:2e:e5:d0:5d:33:a4:53:5d:75:58:98:4e:2c:ad:6d:e9:
b3:5c:9b:c9:51:e0:e7:63:8c:68:02:12:9b:88:7b:48:25:1b:
e7:00:be:aa:9c:80:4d:ce:ab:99:7b:c6:de:91:30:01:56:dc:
a8:c3:ca:c9:99:1d:b8:63:08:4b:4a:64:87:90:3f:0a:33:42:
c0:01:ff:dd:83:5c:a2:92:cf:94:03:62:c3:ee:d0:01:0c:6b:
a1:b0:bf:fc:7e:a6:6b:9a:d5:6c:17:3b:d5:b9:32:1e:d3:59:
be:73:e7:5e:3e:82:57:16:9a:12:07:d6:5b:87:b5:12:eb:93:
e4:22:09:09:d9:b0:c1:e1:59:9d:c3:5d:0f:73:ec:5f:31:2f:
dd:0d:1d:bf:14:63:2d:8c:1b:37:cc:42:2c:3c:36:ff:b0:1b:
26:98:85:77:0b:d9:ab:7b:b3:c3:39:75:14:e4:d3:02:8b:bc:
45:ba:6b:d8:40:b7:5b:00:73:bb:17:71:77:a6:fa:06:c3:e1:
d9:cd:7f:f2:47:ad:48:f6:0d:cc:15:6c:1c:87:dc:38:74:f4:
4a:88:f2:f5:4d:51:e7:af:a0:cc:6e:01:09:57:82:9b:1b:a6:
eb:37:ba:d0:45:fb:2f:60:1a:fc:da:04:c2:d3:c2:97:7c:54:
3c:3e:44:c5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULKr5GX0Ren0zZi0MtAWbJLsuA+UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjQwMDQwMDJaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDA2YTIxODEyZTUwNTRiNWEzZWVjZTI0MzBlMmFmYmRhMzAxN2Q2YzczYzdl
YWMxNTdlYWQzYzQyNjVlOGRlZjMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMf+4hUZvyQ3t823C0rLKIKxIJNKg1j87E0029ryyEjcMnMhU35mKtHkLLAq
43FYyMf93HVwF/nTla47X6KHtJfHagQY9lun9VwR2nrDFLpt50S7ZEBPw/EYn0TQ
3LfELQATiNJb8Sj35Y9pV4nddvi+YIo5ZhvwJ2fVshCJ35FfMDc9Z2f8YeR+gHa+
D76K/ZqIbe9scL5A5p/qpLLFpZ18V3ZVjsQCnGD9pTutpr7WuYNerWuBe4SAHrt7
oBso7wyMZBFsF86rokLSWnVDa1DEfAzWwwGkOEWvSU10rn97ZEIZ7Gu0SJMWObnt
lMZXFjIPUGSncasufG44J+ySaqkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTEnarR
0P4xOJg4SqcH5n4BRW83ITAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjA2MGUxOTAtODlmNy00MDA5LTk4MzEtYjJkNDI5MzQzYjgwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMQMA0G
CSqGSIb3DQEBCwUAA4IBAQAhci7l0F0zpFNddViYTiytbemzXJvJUeDnY4xoAhKb
iHtIJRvnAL6qnIBNzquZe8bekTABVtyow8rJmR24YwhLSmSHkD8KM0LAAf/dg1yi
ks+UA2LD7tABDGuhsL/8fqZrmtVsFzvVuTIe01m+c+dePoJXFpoSB9Zbh7US65Pk
IgkJ2bDB4Vmdw10Pc+xfMS/dDR2/FGMtjBs3zEIsPDb/sBsmmIV3C9mre7PDOXUU
5NMCi7xFumvYQLdbAHO7F3F3pvoGw+HZzX/yR61I9g3MFWwch9w4dPRKiPL1TVHn
r6DMbgEJV4KbG6brN7rQRfsvYBr82gTC08KXfFQ8PkTF
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:32:02 2025 by rpki-client