Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0bfa25dd-319f-4f2d-b786-8ab19d58e811.roa
File: 0bfa25dd-319f-4f2d-b786-8ab19d58e811.roa (raw, json)
Hash identifier: dzvx3iSPk4apR+0pPd8XOea+aAgGNg9o+xi3aiT/Duc=
Subject key identifier: 13:1B:A4:5A:A7:7D:12:24:0E:18:89:2A:3A:62:BA:09:17:6E:85:4B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3786E05E7312D694F4EF3AD7EE2BF102405D6685
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0bfa25dd-319f-4f2d-b786-8ab19d58e811.roa
Signing time: Tue 21 Oct 2025 14:50:22 +0000
ROA not before: Tue 21 Oct 2025 14:50:22 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.100.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 31 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:86:e0:5e:73:12:d6:94:f4:ef:3a:d7:ee:2b:f1:02:40:5d:66:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:22 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=7cb77a5e1e799a6af33d65f665169b347c5a818698d2cf4b869a88f5e69514e2, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:6e:53:f2:1b:f1:eb:9d:40:09:d3:76:90:21:
16:e4:91:54:70:fa:c7:61:00:4b:e6:25:48:82:b9:
39:b2:32:0f:19:93:fe:17:03:06:5b:8c:0c:d6:ca:
7f:49:ed:45:bc:1e:3a:fd:cb:4e:14:8b:ca:d5:a1:
f2:d8:9a:41:62:46:4f:fb:6f:1e:ed:b2:81:d3:c1:
44:0e:30:4b:cd:36:04:df:30:27:c0:94:3f:56:c7:
b8:9a:a7:16:af:42:f0:8a:a5:f1:08:80:d0:8d:43:
1b:dc:9b:0e:f6:ba:a5:4f:7c:b0:da:e0:67:1f:d0:
4d:88:b0:66:b5:db:32:ac:be:05:45:0b:be:fc:7e:
93:0b:1a:d8:21:40:a5:ab:ad:2e:52:05:e6:6a:7a:
35:81:35:a5:1c:f5:02:4b:ad:93:e4:71:fd:68:cb:
64:84:db:8f:de:4e:37:a1:e8:31:a5:84:53:d3:33:
53:68:1a:a2:24:8a:83:08:4f:49:81:ab:ce:15:87:
04:50:19:36:6c:12:99:3e:a1:81:dd:e4:1b:8f:39:
f7:63:e3:67:1f:cb:5d:a5:e8:89:11:4f:a3:6e:39:
2e:67:99:6c:7f:fe:eb:20:07:18:08:63:de:4c:e7:
f3:60:31:b3:3b:c1:a1:32:77:5b:9d:5c:7a:e4:a4:
71:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:1B:A4:5A:A7:7D:12:24:0E:18:89:2A:3A:62:BA:09:17:6E:85:4B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0bfa25dd-319f-4f2d-b786-8ab19d58e811.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.100.0.0/15
Signature Algorithm: sha256WithRSAEncryption
69:1d:d1:11:11:99:56:7e:15:67:55:e4:50:08:12:6d:59:54:
4b:8b:3d:7a:9a:0b:7c:1e:91:c8:45:10:41:79:50:17:cf:54:
7b:a6:19:14:85:92:f4:38:2a:59:e5:9f:ba:83:6b:b2:ba:7a:
72:c7:53:69:a5:88:ce:5c:b7:8e:74:a3:19:66:cc:a1:7c:d9:
5f:cb:08:1b:4b:38:48:0f:bc:f2:78:45:df:b6:35:99:0a:59:
5c:75:4c:fb:45:19:3e:3c:eb:5a:90:b5:08:b2:9f:2a:f2:b6:
da:e7:f0:b8:01:d2:25:38:9b:2b:e7:77:7b:9b:19:92:d3:dd:
7d:fe:70:48:38:02:f5:71:bc:78:95:1b:10:9f:48:56:09:a5:
25:2e:da:02:2f:65:a2:96:ef:89:eb:ab:7e:9e:07:af:0a:b8:
97:3d:fc:73:8a:d2:f5:f8:f6:5d:e5:80:16:67:0f:3d:db:f4:
47:4b:87:f7:0f:bd:2e:f3:f2:12:3b:17:7c:8a:7e:d7:13:43:
b1:44:76:56:1b:5d:e7:0f:77:e5:55:6c:12:a5:3e:35:1e:87:
23:3b:fd:9a:ea:d4:5f:0c:8c:c8:b8:d4:11:bb:76:d1:50:75:
e7:7e:a1:93:10:ea:d5:80:d5:51:f3:cd:74:69:1b:1a:95:74:
2c:03:0c:66
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUN4bgXnMS1pT07zrX7ivxAkBdZoUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdjYjc3YTVlMWU3OTlhNmFmMzNkNjVmNjY1MTY5YjM0N2M1YTgxODY5OGQy
Y2Y0Yjg2OWE4OGY1ZTY5NTE0ZTIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJuU/Ib8eudQAnTdpAhFuSRVHD6x2EAS+YlSIK5ObIyDxmT/hcDBluMDNbK
f0ntRbweOv3LThSLytWh8tiaQWJGT/tvHu2ygdPBRA4wS802BN8wJ8CUP1bHuJqn
Fq9C8Iql8QiA0I1DG9ybDva6pU98sNrgZx/QTYiwZrXbMqy+BUULvvx+kwsa2CFA
pautLlIF5mp6NYE1pRz1Akutk+Rx/WjLZITbj95ON6HoMaWEU9MzU2gaoiSKgwhP
SYGrzhWHBFAZNmwSmT6hgd3kG48592PjZx/LXaXoiRFPo245LmeZbH/+6yAHGAhj
3kzn82AxszvBoTJ3W51ceuSkcakCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQTG6Ra
p30SJA4YiSo6YroJF26FSzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGJmYTI1ZGQtMzE5Zi00ZjJkLWI3ODYtOGFiMTlkNThlODExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNkMA0G
CSqGSIb3DQEBCwUAA4IBAQBpHdEREZlWfhVnVeRQCBJtWVRLiz16mgt8HpHIRRBB
eVAXz1R7phkUhZL0OCpZ5Z+6g2uyunpyx1NppYjOXLeOdKMZZsyhfNlfywgbSzhI
D7zyeEXftjWZCllcdUz7RRk+POtakLUIsp8q8rba5/C4AdIlOJsr53d7mxmS0919
/nBIOAL1cbx4lRsQn0hWCaUlLtoCL2Wilu+J66t+ngevCriXPfxzitL1+PZd5YAW
Zw892/RHS4f3D70u8/ISOxd8in7XE0OxRHZWG13nD3flVWwSpT41HocjO/2a6tRf
DIzIuNQRu3bRUHXnfqGTEOrVgNVR8810aRsalXQsAwxm
-----END CERTIFICATE-----
Generated at Thu Oct 30 14:43:04 2025 by rpki-client