Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fd04a54b-459a-491a-a013-59d0ed55825f.roa
File: fd04a54b-459a-491a-a013-59d0ed55825f.roa (raw, json)
Hash identifier: LHidXI8+hLSA8nMNXGw/j48hQrNlQGjj2er1AnU7TEI=
Subject key identifier: DF:39:71:C0:8F:BB:11:87:B5:5A:29:B1:7E:BC:3A:9E:31:8F:F8:A0
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0C809E5C4978833ECC97285F08A64801AE2BA70A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fd04a54b-459a-491a-a013-59d0ed55825f.roa
Signing time: Tue 21 Oct 2025 14:40:07 +0000
ROA not before: Tue 21 Oct 2025 14:40:07 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.131.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:80:9e:5c:49:78:83:3e:cc:97:28:5f:08:a6:48:01:ae:2b:a7:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:07 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=89b240d5254a7ec765f10cb2eadb00929f5a2bb57a4155ac08d09dbce5c53ef1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:61:f9:13:25:be:ee:e1:a7:22:df:35:cb:02:
c9:b0:57:f5:22:2a:dd:04:95:ba:82:36:33:88:e7:
bb:f7:8f:e7:96:c0:0f:ec:36:02:ca:ea:f8:d5:3e:
92:c0:50:65:52:3c:30:8c:c8:37:43:e5:4c:70:69:
07:14:94:00:b1:ac:25:d1:3d:55:c9:cf:2e:9e:c3:
40:a0:dc:23:73:d4:bd:3e:3c:86:b4:0b:5b:f1:cf:
96:28:b4:b5:d9:5a:1a:98:de:87:20:4f:d7:7d:00:
b2:f3:e6:a6:bd:55:73:43:49:fa:25:4e:89:21:f0:
97:fa:c0:a1:64:38:76:e8:79:50:08:dc:70:58:53:
a1:83:26:26:cf:65:c6:b9:f2:94:44:df:ae:a2:4b:
d2:2f:31:33:36:f4:da:5b:45:62:65:88:c7:f9:ff:
84:4d:c4:1d:65:74:b1:f1:fa:7e:c6:65:8e:01:a9:
c6:b6:f2:74:c8:a0:19:07:bc:79:a4:99:14:e0:c4:
93:ac:f9:da:35:d1:c0:0a:c7:5b:39:2f:a8:ae:c3:
83:ef:f5:c3:f2:67:ee:47:29:91:91:59:70:b0:89:
69:91:c9:76:9a:fd:c9:6d:08:cf:4d:7b:7d:a7:e3:
2b:42:25:40:84:d5:ce:1c:cb:37:fc:ce:51:c6:0b:
d4:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:39:71:C0:8F:BB:11:87:B5:5A:29:B1:7E:BC:3A:9E:31:8F:F8:A0
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fd04a54b-459a-491a-a013-59d0ed55825f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.131.0.0/16
Signature Algorithm: sha256WithRSAEncryption
cc:53:7c:a4:3e:97:4c:d1:ff:2b:bc:64:82:38:d0:dc:d0:9a:
32:ca:6c:7d:fd:21:97:ac:06:56:ac:f5:ff:0f:96:a0:cf:77:
59:e0:4a:ee:15:c6:34:f3:07:0e:dc:21:8d:65:56:72:95:e3:
50:2e:8d:f1:3b:ca:89:c0:bf:db:db:29:30:05:42:1d:25:ff:
b8:0b:3a:2c:c0:7f:39:58:73:71:2f:cd:98:d2:01:4d:5b:ac:
85:2c:37:39:f1:4f:f5:cc:1e:a6:f3:30:9c:42:4a:01:19:65:
5a:a0:80:39:23:85:17:91:c6:db:62:93:55:ce:d2:c6:34:a5:
81:8f:f6:35:b4:43:e0:c0:b9:20:b0:db:d2:17:ae:f7:44:03:
92:81:7e:99:bb:6a:35:2b:a4:bb:15:97:f2:0f:67:af:91:e9:
97:65:b1:c3:4e:90:a8:5d:78:ab:64:54:fc:24:43:29:81:29:
6f:11:33:80:67:2d:d3:b2:75:7a:e8:9b:f4:f1:63:8f:fb:34:
2c:eb:db:3c:27:ef:75:3c:6b:6a:07:0a:2d:35:c4:35:d5:75:
3e:4f:16:b7:eb:37:6a:8c:0e:d8:da:e0:45:f3:83:f1:02:e3:
37:eb:02:ad:96:90:63:23:0a:74:32:c6:95:f3:4f:f6:44:1e:
84:43:4e:8c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDICeXEl4gz7MlyhfCKZIAa4rpwowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMDdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg5YjI0MGQ1MjU0YTdlYzc2NWYxMGNiMmVhZGIwMDkyOWY1YTJiYjU3YTQx
NTVhYzA4ZDA5ZGJjZTVjNTNlZjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKNh+RMlvu7hpyLfNcsCybBX9SIq3QSVuoI2M4jnu/eP55bAD+w2Asrq+NU+
ksBQZVI8MIzIN0PlTHBpBxSUALGsJdE9VcnPLp7DQKDcI3PUvT48hrQLW/HPlii0
tdlaGpjehyBP130AsvPmpr1Vc0NJ+iVOiSHwl/rAoWQ4duh5UAjccFhToYMmJs9l
xrnylETfrqJL0i8xMzb02ltFYmWIx/n/hE3EHWV0sfH6fsZljgGpxrbydMigGQe8
eaSZFODEk6z52jXRwArHWzkvqK7Dg+/1w/Jn7kcpkZFZcLCJaZHJdpr9yW0Iz017
fafjK0IlQITVzhzLN/zOUcYL1HcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTfOXHA
j7sRh7VaKbF+vDqeMY/4oDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmQwNGE1NGItNDU5YS00OTFhLWEwMTMtNTlkMGVkNTU4MjVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADODMA0G
CSqGSIb3DQEBCwUAA4IBAQDMU3ykPpdM0f8rvGSCONDc0Joyymx9/SGXrAZWrPX/
D5agz3dZ4EruFcY08wcO3CGNZVZyleNQLo3xO8qJwL/b2ykwBUIdJf+4CzoswH85
WHNxL82Y0gFNW6yFLDc58U/1zB6m8zCcQkoBGWVaoIA5I4UXkcbbYpNVztLGNKWB
j/Y1tEPgwLkgsNvSF673RAOSgX6Zu2o1K6S7FZfyD2evkemXZbHDTpCoXXirZFT8
JEMpgSlvETOAZy3TsnV66Jv08WOP+zQs69s8J+91PGtqBwotNcQ11XU+Txa36zdq
jA7Y2uBF84PxAuM36wKtlpBjIwp0MsaV80/2RB6EQ06M
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:26:08 2025 by rpki-client