Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
File: bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa (raw, json)
Hash identifier: D5T7MQFpXRN/S9qU6oXul7TgL3bybeUe25SMUm27lfc=
Subject key identifier: 39:50:86:24:93:34:A4:BA:17:B7:70:72:D5:DA:2E:4A:A4:2A:73:A3
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2067907D4D0315A90F761D0D5F79951BFA774BF5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
Signing time: Fri 26 Sep 2025 20:21:16 +0000
ROA not before: Fri 26 Sep 2025 20:21:16 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.100.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 16:33:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:67:90:7d:4d:03:15:a9:0f:76:1d:0d:5f:79:95:1b:fa:77:4b:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:21:16 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=ea2936c36a669b3e1f530fcfaa7118b5e6bde653b40e77e47d21277e82370f2b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:aa:6d:53:48:f3:ba:d3:17:a7:c4:b7:39:d6:
fe:a5:d0:a9:bc:fe:b2:9d:b1:55:07:c2:99:bb:40:
c3:25:d5:a8:32:71:7d:66:bf:33:78:82:a9:d5:34:
64:c5:1c:39:4a:bc:b3:22:5d:84:64:be:c0:d2:bd:
52:18:81:5a:12:ad:06:c9:37:1d:c3:c5:b8:36:3d:
c4:f8:c3:55:7d:44:e0:4c:6f:ba:4c:a0:c7:18:c3:
85:82:d6:be:d4:04:25:08:8d:f3:49:b7:57:85:72:
f3:8f:1a:24:73:70:fb:50:ec:3e:e4:52:ce:1d:87:
94:28:43:5d:89:65:43:de:eb:bc:ad:b5:40:ce:47:
16:fe:10:f8:e4:44:55:c6:2c:56:c7:bc:12:4a:c1:
e1:bf:90:5e:1e:b6:da:75:6c:10:2d:ea:8e:6f:f0:
e0:5e:cf:75:99:67:ea:2b:2f:6b:38:7b:81:bd:f0:
9a:6d:b4:a6:db:fb:d5:1b:d1:a1:31:8b:8b:ff:e0:
99:f7:86:e4:0a:d5:79:d8:32:c6:f3:9e:62:51:11:
2d:0c:58:72:20:81:00:cd:2f:33:ef:f0:c7:69:0c:
52:15:a9:8c:91:9b:a8:b4:f2:d1:45:52:65:9d:45:
f7:ac:3c:1b:c6:31:bf:67:b7:a8:60:9b:95:06:e9:
5c:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:50:86:24:93:34:A4:BA:17:B7:70:72:D5:DA:2E:4A:A4:2A:73:A3
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.100.0.0/15
Signature Algorithm: sha256WithRSAEncryption
37:a9:2d:3d:23:a8:ce:a0:1f:dd:3a:38:a7:7b:1c:df:18:f3:
1d:50:eb:2f:a3:f0:4b:42:e8:5e:80:1e:22:54:70:71:fd:89:
32:0b:87:00:b1:78:19:e4:1c:36:a5:83:5b:f4:97:a8:a1:2b:
ac:63:88:e9:bb:3b:87:26:11:f0:ae:34:be:d4:45:73:4d:3b:
af:63:94:9c:29:1a:59:3a:e0:7d:6a:26:60:1c:b4:7c:9d:ac:
26:2c:43:08:0a:b2:5d:c4:e4:e3:21:80:4e:6c:3b:42:a8:08:
29:b1:8b:74:03:c3:c9:9f:9b:87:8b:34:13:3d:33:e1:a2:40:
9d:a9:de:f8:a6:38:dd:a1:ca:be:b5:8e:bc:34:34:35:73:39:
c1:50:c1:6c:e9:60:10:31:52:b3:2b:29:7e:a5:47:7c:48:ae:
ea:b1:7b:76:23:25:c4:00:d3:c3:cd:5b:be:3f:69:33:ab:f9:
ab:ca:1c:17:aa:00:da:5c:d8:76:66:65:9a:ce:5b:f2:92:21:
24:36:fa:07:1f:c2:a1:75:90:49:03:d1:ed:9a:c6:c7:80:6b:
9e:1f:cd:ba:a7:d5:53:99:f7:0f:6c:f5:07:e6:9d:0a:9d:61:
7b:c5:cd:45:66:dd:da:a4:24:ef:0a:ef:19:2b:d6:66:df:af:
1f:2b:41:40
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUIGeQfU0DFakPdh0NX3mVG/p3S/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIxMTZaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGVhMjkzNmMzNmE2NjliM2UxZjUzMGZjZmFhNzExOGI1ZTZiZGU2NTNiNDBl
NzdlNDdkMjEyNzdlODIzNzBmMmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMeqbVNI87rTF6fEtznW/qXQqbz+sp2xVQfCmbtAwyXVqDJxfWa/M3iCqdU0
ZMUcOUq8syJdhGS+wNK9UhiBWhKtBsk3HcPFuDY9xPjDVX1E4ExvukygxxjDhYLW
vtQEJQiN80m3V4Vy848aJHNw+1DsPuRSzh2HlChDXYllQ97rvK21QM5HFv4Q+ORE
VcYsVse8EkrB4b+QXh622nVsEC3qjm/w4F7PdZln6isvazh7gb3wmm20ptv71RvR
oTGLi//gmfeG5ArVedgyxvOeYlERLQxYciCBAM0vM+/wx2kMUhWpjJGbqLTy0UVS
ZZ1F96w8G8Yxv2e3qGCblQbpXFECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ5UIYk
kzSkuhe3cHLV2i5KpCpzozAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmFjZjg0M2EtMTdlZS00Y2ExLTllM2ItOGYzNzI4ODE0ZDIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNkMA0G
CSqGSIb3DQEBCwUAA4IBAQA3qS09I6jOoB/dOjinexzfGPMdUOsvo/BLQuhegB4i
VHBx/YkyC4cAsXgZ5Bw2pYNb9JeooSusY4jpuzuHJhHwrjS+1EVzTTuvY5ScKRpZ
OuB9aiZgHLR8nawmLEMICrJdxOTjIYBObDtCqAgpsYt0A8PJn5uHizQTPTPhokCd
qd74pjjdocq+tY68NDQ1cznBUMFs6WAQMVKzKyl+pUd8SK7qsXt2IyXEANPDzVu+
P2kzq/mryhwXqgDaXNh2ZmWazlvykiEkNvoHH8KhdZBJA9HtmsbHgGueH826p9VT
mfcPbPUH5p0KnWF7xc1FZt3apCTvCu8ZK9Zm368fK0FA
-----END CERTIFICATE-----
Generated at Wed Oct 8 23:10:11 2025 by rpki-client