Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4264c9e7-8855-4a41-950f-ef8df4425790.roa
File: 4264c9e7-8855-4a41-950f-ef8df4425790.roa (raw, json)
Hash identifier: uXir18XHa4PJNh3ogZHv+NC3i+gqvQC4isiGOAzpAF4=
Subject key identifier: AC:3E:5C:77:AD:26:A2:D5:C1:33:66:26:00:BC:21:F4:5A:B8:3E:AA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4B310924B46DA9B71ED07BE34D9A9209D2A1C068
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4264c9e7-8855-4a41-950f-ef8df4425790.roa
Signing time: Fri 26 Sep 2025 20:20:37 +0000
ROA not before: Fri 26 Sep 2025 20:20:37 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.200.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 16:33:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:31:09:24:b4:6d:a9:b7:1e:d0:7b:e3:4d:9a:92:09:d2:a1:c0:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:20:37 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=43bd3a8a4ba59f8f3eeee3abe58c49a1d8454727df8c689b73239d01ea6e9792, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:f4:86:f3:cb:d0:54:60:64:0d:68:81:d0:42:
68:3a:5b:86:95:aa:2c:da:b4:5b:09:d9:7e:35:05:
9b:0f:e3:e3:36:b4:48:5f:67:5e:28:cb:b0:d2:a1:
77:c8:5e:5e:eb:64:f4:15:80:c4:ed:91:8f:79:6d:
0a:46:54:89:39:e1:da:4f:14:cc:cb:f4:a3:c2:c1:
a5:54:86:4a:a6:b1:08:81:60:86:6a:26:f3:04:6f:
6b:a0:83:56:47:05:d9:ab:ff:25:cc:5f:96:4f:4a:
b1:20:87:98:e7:74:89:b4:67:a2:7a:e9:c7:c0:96:
67:96:1b:62:5b:57:3f:f8:17:c4:d2:c7:63:b0:7b:
da:cd:94:d1:96:63:24:e7:c6:37:af:11:05:21:2a:
3a:c8:73:d6:a2:4a:10:66:ac:a9:bb:5a:0c:70:2f:
9c:aa:9a:47:5b:1a:f2:04:4a:61:56:53:52:02:1f:
12:1e:7f:91:6a:57:19:3f:ac:c7:73:58:9c:fc:ad:
1c:f4:29:5f:bf:84:e3:eb:01:30:c4:f1:d9:99:58:
5a:f4:f3:76:79:d8:0d:14:b2:b4:c0:b7:69:f0:f3:
92:81:44:4b:9d:99:cf:2f:62:87:68:59:72:96:42:
7d:c5:52:84:07:41:c4:ca:0b:58:df:de:79:ab:90:
20:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:3E:5C:77:AD:26:A2:D5:C1:33:66:26:00:BC:21:F4:5A:B8:3E:AA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4264c9e7-8855-4a41-950f-ef8df4425790.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.200.0.0/15
Signature Algorithm: sha256WithRSAEncryption
9d:bb:89:ae:03:a4:85:f8:87:36:06:6f:b7:27:b1:47:ff:93:
81:54:55:91:c2:bf:c2:05:82:01:02:55:fa:2b:8b:04:73:71:
f0:11:53:ab:78:54:a3:d5:a8:4c:38:14:df:af:11:01:1f:1e:
04:c5:de:00:c0:37:a8:25:34:f1:50:79:66:9e:dd:25:6c:eb:
67:3c:90:d3:15:68:32:38:e6:4f:02:56:b2:f5:90:53:17:6f:
3f:a6:a6:70:fe:f0:05:3c:e8:c4:16:7b:0c:50:06:53:59:10:
26:d9:e3:de:06:e4:aa:4a:98:44:ac:ad:2d:a9:26:48:81:5d:
f1:6e:66:c5:dc:ba:b0:d8:69:5a:81:e7:89:cb:1d:3e:e1:d0:
c7:45:7f:57:bc:f0:71:22:13:67:6c:1b:26:06:a5:44:81:c4:
33:56:43:77:5f:5b:39:2e:95:6b:9b:f2:b8:18:f1:ed:1c:39:
bd:04:08:51:6f:ed:cf:ac:64:b2:67:ec:69:40:2f:db:87:7f:
db:8f:ae:dc:ad:9b:4e:ec:c0:90:38:1f:c9:20:44:e1:37:cf:
0f:59:08:1b:2b:54:53:24:1f:31:23:f6:a3:a8:2d:27:1d:b2:
3a:06:a0:70:a2:85:21:c9:aa:35:d2:1f:ae:a0:49:95:d9:6c:
1d:aa:72:99
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSzEJJLRtqbce0HvjTZqSCdKhwGgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwMzdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQzYmQzYThhNGJhNTlmOGYzZWVlZTNhYmU1OGM0OWExZDg0NTQ3MjdkZjhj
Njg5YjczMjM5ZDAxZWE2ZTk3OTIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI70hvPL0FRgZA1ogdBCaDpbhpWqLNq0WwnZfjUFmw/j4za0SF9nXijLsNKh
d8heXutk9BWAxO2Rj3ltCkZUiTnh2k8UzMv0o8LBpVSGSqaxCIFghmom8wRva6CD
VkcF2av/Jcxflk9KsSCHmOd0ibRnonrpx8CWZ5YbYltXP/gXxNLHY7B72s2U0ZZj
JOfGN68RBSEqOshz1qJKEGasqbtaDHAvnKqaR1sa8gRKYVZTUgIfEh5/kWpXGT+s
x3NYnPytHPQpX7+E4+sBMMTx2ZlYWvTzdnnYDRSytMC3afDzkoFES52Zzy9ih2hZ
cpZCfcVShAdBxMoLWN/eeauQIHUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSsPlx3
rSai1cEzZiYAvCH0Wrg+qjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDI2NGM5ZTctODg1NS00YTQxLTk1MGYtZWY4ZGY0NDI1NzkwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPIMA0G
CSqGSIb3DQEBCwUAA4IBAQCdu4muA6SF+Ic2Bm+3J7FH/5OBVFWRwr/CBYIBAlX6
K4sEc3HwEVOreFSj1ahMOBTfrxEBHx4Exd4AwDeoJTTxUHlmnt0lbOtnPJDTFWgy
OOZPAlay9ZBTF28/pqZw/vAFPOjEFnsMUAZTWRAm2ePeBuSqSphErK0tqSZIgV3x
bmbF3Lqw2GlageeJyx0+4dDHRX9XvPBxIhNnbBsmBqVEgcQzVkN3X1s5LpVrm/K4
GPHtHDm9BAhRb+3PrGSyZ+xpQC/bh3/bj67crZtO7MCQOB/JIEThN88PWQgbK1RT
JB8xI/ajqC0nHbI6BqBwooUhyao10h+uoEmV2WwdqnKZ
-----END CERTIFICATE-----
Generated at Wed Oct 8 23:12:08 2025 by rpki-client