Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/faa5ec1e-61dd-4ddb-a08f-0b29cab481e1.roa
File: faa5ec1e-61dd-4ddb-a08f-0b29cab481e1.roa (raw, json)
Hash identifier: 6wuwmJNjEP86pnL3he0tpG4bHrr+puCMFDconQev30U=
Subject key identifier: D2:5D:F2:F7:26:C0:EC:66:AE:95:FA:37:A2:1F:D0:51:75:2F:03:56
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0AE6C1CB34270343C60E3F4DB24C329473990CFF
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/faa5ec1e-61dd-4ddb-a08f-0b29cab481e1.roa
Signing time: Fri 24 Oct 2025 00:40:04 +0000
ROA not before: Fri 24 Oct 2025 00:40:04 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.240.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:e6:c1:cb:34:27:03:43:c6:0e:3f:4d:b2:4c:32:94:73:99:0c:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 24 00:40:04 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=3067256dcf1ccae488ef43bc5394e92e0021a49b6a1d18b9f0ee78e7bb632542, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:86:be:d3:db:0b:73:3a:6b:2e:6f:56:28:df:
40:15:32:1b:b6:a4:c7:44:c9:50:97:12:08:df:40:
6f:68:b3:b8:67:02:d2:4f:64:7b:ca:8e:89:59:59:
b4:2b:9c:e6:be:44:dd:29:4b:2f:d6:57:c5:0c:b8:
19:bd:75:92:0a:bf:f9:51:5d:c2:58:6d:2f:e4:ff:
8a:6c:47:1a:a0:45:be:89:b2:c7:13:77:4f:ec:d7:
6a:07:df:0c:0e:12:2d:b5:24:c8:86:59:b6:d8:d6:
67:ae:0c:2d:e8:a0:0d:2f:04:00:96:31:a7:7b:56:
4a:0e:12:e4:9f:07:2e:61:56:2d:01:87:ab:24:34:
22:6d:42:02:8e:7c:19:40:46:36:a1:90:21:5f:e2:
af:ed:21:55:63:53:66:5c:75:20:bb:11:e1:ad:0a:
b6:a6:46:1c:3d:49:38:b9:ff:73:e8:42:73:5a:cb:
14:77:7b:73:59:d1:6a:19:f8:95:5b:48:16:7b:89:
d1:e1:db:02:43:8b:af:02:73:07:ee:b4:0c:4c:a2:
ac:fa:d4:80:70:1b:a9:db:14:8e:0b:10:3d:a8:eb:
b7:67:44:9f:d7:ac:dd:0d:3d:c4:d9:69:45:e2:82:
ce:3d:85:4e:e3:25:9a:8e:5c:02:4a:93:ce:cf:a3:
da:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:5D:F2:F7:26:C0:EC:66:AE:95:FA:37:A2:1F:D0:51:75:2F:03:56
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/faa5ec1e-61dd-4ddb-a08f-0b29cab481e1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.240.0/22
Signature Algorithm: sha256WithRSAEncryption
08:31:35:ae:38:5a:a9:d6:ea:1a:e9:55:f8:8d:5d:f1:a5:b9:
84:d2:84:72:a3:6d:aa:48:65:f8:93:de:0a:cf:51:e8:42:75:
66:ce:5b:65:5f:37:1a:02:b5:da:ca:b8:74:8b:a5:07:94:e6:
57:e0:e0:f2:19:30:2d:8e:33:b6:18:a5:ba:bf:23:30:78:2f:
89:a3:3a:30:f8:98:a0:20:c6:ac:75:70:fb:7d:46:1a:e3:2c:
c1:99:50:28:52:74:b1:20:90:eb:f7:d2:76:95:85:45:1e:45:
82:7c:60:8a:3b:20:56:5b:be:7c:c5:4e:10:6f:6d:73:64:bd:
20:48:5f:5e:fc:5e:c7:65:89:33:3a:66:7a:b6:b1:22:77:ff:
1c:83:3d:85:ce:d5:e3:36:7a:e0:ba:7c:d7:36:5d:8e:b3:0d:
96:3a:e2:94:9a:c9:a5:0c:aa:f6:0b:e3:51:74:e1:de:f1:94:
ff:2d:16:fe:04:bd:ca:78:ba:d2:0c:ba:d1:cc:b7:ff:8e:0e:
83:8e:34:e1:32:fb:74:1d:21:00:0a:9b:bf:87:a7:e4:26:26:
2a:1d:0a:f7:ec:7d:ab:41:0b:52:0b:03:a7:45:1a:21:09:f5:
14:f6:94:ad:05:01:4f:bc:5f:f7:31:1d:67:e1:c8:d3:71:3d:
2d:98:77:aa
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCubByzQnA0PGDj9NskwylHOZDP8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjQwMDQwMDRaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDMwNjcyNTZkY2YxY2NhZTQ4OGVmNDNiYzUzOTRlOTJlMDAyMWE0OWI2YTFk
MThiOWYwZWU3OGU3YmI2MzI1NDIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIeGvtPbC3M6ay5vVijfQBUyG7akx0TJUJcSCN9Ab2izuGcC0k9ke8qOiVlZ
tCuc5r5E3SlLL9ZXxQy4Gb11kgq/+VFdwlhtL+T/imxHGqBFvomyxxN3T+zXagff
DA4SLbUkyIZZttjWZ64MLeigDS8EAJYxp3tWSg4S5J8HLmFWLQGHqyQ0Im1CAo58
GUBGNqGQIV/ir+0hVWNTZlx1ILsR4a0KtqZGHD1JOLn/c+hCc1rLFHd7c1nRahn4
lVtIFnuJ0eHbAkOLrwJzB+60DEyirPrUgHAbqdsUjgsQPajrt2dEn9es3Q09xNlp
ReKCzj2FTuMlmo5cAkqTzs+j2nsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTSXfL3
JsDsZq6V+jeiH9BRdS8DVjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmFhNWVjMWUtNjFkZC00ZGRiLWEwOGYtMGIyOWNhYjQ4MWUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjMQ8DAN
BgkqhkiG9w0BAQsFAAOCAQEACDE1rjhaqdbqGulV+I1d8aW5hNKEcqNtqkhl+JPe
Cs9R6EJ1Zs5bZV83GgK12sq4dIulB5TmV+Dg8hkwLY4zthilur8jMHgviaM6MPiY
oCDGrHVw+31GGuMswZlQKFJ0sSCQ6/fSdpWFRR5FgnxgijsgVlu+fMVOEG9tc2S9
IEhfXvxex2WJMzpmeraxInf/HIM9hc7V4zZ64Lp81zZdjrMNljrilJrJpQyq9gvj
UXTh3vGU/y0W/gS9yni60gy60cy3/44Og4404TL7dB0hAAqbv4en5CYmKh0K9+x9
q0ELUgsDp0UaIQn1FPaUrQUBT7xf9zEdZ+HI03E9LZh3qg==
-----END CERTIFICATE-----
Generated at Wed Nov 5 02:58:14 2025 by rpki-client