Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e9b59cd2-43ef-4533-a5a5-5892471ab64c.roa
File: e9b59cd2-43ef-4533-a5a5-5892471ab64c.roa (raw, json)
Hash identifier: Bzydc8t0Wo2tLTyPBMvUdzTwJsl8IDDFC/n/AR3ByF4=
Subject key identifier: A1:1D:4A:AE:B9:72:51:C3:69:CD:B8:43:47:B2:06:2D:FE:F8:B4:CF
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 52CDFBB31D33E2EEC5C57B047AE35313B0EFB9D3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e9b59cd2-43ef-4533-a5a5-5892471ab64c.roa
Signing time: Fri 26 Sep 2025 20:20:40 +0000
ROA not before: Fri 26 Sep 2025 20:20:40 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.204.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 16:33:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:cd:fb:b3:1d:33:e2:ee:c5:c5:7b:04:7a:e3:53:13:b0:ef:b9:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 26 20:20:40 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=72c31e943e8c458bb1eb1aaa8805065e59b483ad8e9c58ad3d092a7417b2e0c4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:80:b4:e6:34:50:bb:3e:65:cb:24:16:6c:f0:
26:52:18:7d:30:cb:9b:9f:34:ab:d2:b3:14:a3:1c:
1f:7e:8f:36:77:d6:38:08:99:46:2e:d4:f9:82:8a:
76:59:c1:f9:45:dc:60:42:c7:ac:82:16:68:18:f0:
7a:7e:4a:79:8e:e1:78:87:68:a7:7c:73:d5:b8:7a:
49:8b:d7:12:0b:d0:ba:ee:4f:fe:62:64:bf:66:d1:
65:2f:df:24:05:df:b8:03:e6:81:a4:52:75:e2:24:
86:54:68:e3:e6:da:e6:26:d2:46:0b:2f:39:d8:e8:
ac:2b:9b:c0:33:f2:16:5d:ce:1b:b0:20:e5:bc:27:
3f:95:24:e1:e7:5c:31:a7:01:0c:15:5c:bc:fd:2a:
1a:c2:66:ea:f1:dc:6e:b9:4c:d5:81:dd:f5:ed:c7:
bf:ab:36:95:94:9f:83:e4:41:56:c0:c3:19:3a:ef:
97:0f:da:c8:8e:03:0c:3f:44:a8:d4:83:31:17:97:
49:94:da:11:23:d1:fd:ab:cd:57:53:27:f8:1a:19:
4b:34:1a:f8:4d:55:77:84:6f:f6:1f:d3:fe:4f:b9:
a5:01:36:a2:b5:42:5f:38:29:20:a9:53:20:3b:2b:
d4:66:4e:33:fa:95:84:fb:bd:39:1f:5d:6b:20:a0:
25:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:1D:4A:AE:B9:72:51:C3:69:CD:B8:43:47:B2:06:2D:FE:F8:B4:CF
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e9b59cd2-43ef-4533-a5a5-5892471ab64c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.204.0.0/15
Signature Algorithm: sha256WithRSAEncryption
cc:40:8d:9f:c9:e7:ba:95:b0:23:ae:07:d6:9e:6d:b9:37:48:
0f:e5:23:89:f2:af:cc:ec:f9:49:b6:85:98:cb:bd:9c:6d:3e:
84:79:2c:8d:eb:f0:5d:f0:74:69:54:82:cc:be:0a:fc:8c:e4:
bb:2b:a7:bb:dd:ee:83:a8:91:a9:6e:fe:d3:94:97:9d:49:5e:
c2:e9:0d:b8:c8:95:e8:0e:95:41:07:aa:8f:50:4a:aa:45:29:
03:c9:db:f4:f8:fc:d5:b5:f1:81:74:72:f2:97:0a:c0:51:5e:
16:7f:99:40:21:bc:53:a8:92:e3:f9:dd:8a:8a:2c:f4:92:7b:
33:55:36:06:08:b4:8b:69:29:06:3d:06:26:46:b1:7f:44:42:
24:46:2d:80:59:4a:f5:ae:09:02:5d:21:80:5d:6a:a2:57:89:
17:1d:50:20:e3:c6:3b:ed:06:d2:98:1f:99:38:05:59:8e:65:
32:dd:f6:d1:75:d4:20:fb:01:79:85:4e:88:d2:07:a3:8e:39:
b9:8a:b2:44:c7:c0:1a:2b:ce:5f:23:ec:44:f0:d4:82:af:af:
e7:06:b5:28:c5:28:1e:e2:59:35:be:5e:e9:69:b9:13:a6:27:
ed:15:10:5f:c0:5e:4c:b4:f5:47:32:33:bd:21:b6:a3:64:0f:
ea:0c:f4:55
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUs37sx0z4u7FxXsEeuNTE7DvudMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwNDBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyYzMxZTk0M2U4YzQ1OGJiMWViMWFhYTg4MDUwNjVlNTliNDgzYWQ4ZTlj
NThhZDNkMDkyYTc0MTdiMmUwYzQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJiAtOY0ULs+ZcskFmzwJlIYfTDLm580q9KzFKMcH36PNnfWOAiZRi7U+YKK
dlnB+UXcYELHrIIWaBjwen5KeY7heIdop3xz1bh6SYvXEgvQuu5P/mJkv2bRZS/f
JAXfuAPmgaRSdeIkhlRo4+ba5ibSRgsvOdjorCubwDPyFl3OG7Ag5bwnP5Uk4edc
MacBDBVcvP0qGsJm6vHcbrlM1YHd9e3Hv6s2lZSfg+RBVsDDGTrvlw/ayI4DDD9E
qNSDMReXSZTaESPR/avNV1Mn+BoZSzQa+E1Vd4Rv9h/T/k+5pQE2orVCXzgpIKlT
IDsr1GZOM/qVhPu9OR9dayCgJXMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBShHUqu
uXJRw2nNuENHsgYt/vi0zzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTliNTljZDItNDNlZi00NTMzLWE1YTUtNTg5MjQ3MWFiNjRjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPMMA0G
CSqGSIb3DQEBCwUAA4IBAQDMQI2fyee6lbAjrgfWnm25N0gP5SOJ8q/M7PlJtoWY
y72cbT6EeSyN6/Bd8HRpVILMvgr8jOS7K6e73e6DqJGpbv7TlJedSV7C6Q24yJXo
DpVBB6qPUEqqRSkDydv0+PzVtfGBdHLylwrAUV4Wf5lAIbxTqJLj+d2Kiiz0knsz
VTYGCLSLaSkGPQYmRrF/REIkRi2AWUr1rgkCXSGAXWqiV4kXHVAg48Y77QbSmB+Z
OAVZjmUy3fbRddQg+wF5hU6I0gejjjm5irJEx8AaK85fI+xE8NSCr6/nBrUoxSge
4lk1vl7pabkTpiftFRBfwF5MtPVHMjO9IbajZA/qDPRV
-----END CERTIFICATE-----
Generated at Wed Oct 8 23:10:21 2025 by rpki-client