Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
File: 123b20eb-4142-4c18-96e0-d1871de66fd3.roa (raw, json)
Hash identifier: u++2p213xiT9tSOt1qATD5du1ncgnkjXcZntoLAnsSI=
Subject key identifier: 1D:E1:C0:4F:DD:9D:60:72:44:76:30:5A:CE:84:6B:90:80:7D:78:3C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7E1D83A5F848711830FEA62FB316FD4A8B1B89E4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
Signing time: Tue 21 Oct 2025 14:50:24 +0000
ROA not before: Tue 21 Oct 2025 14:50:24 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.214.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 Oct 2025 08:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:1d:83:a5:f8:48:71:18:30:fe:a6:2f:b3:16:fd:4a:8b:1b:89:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:24 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=42ba39f203cceb3353edd352974596eccb9490ef12aa9b976e5ad7b7f015144b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:0d:4f:27:ac:5a:ba:0a:a0:91:1d:de:ce:9e:
54:2d:3b:cf:71:4d:a2:aa:66:76:f8:02:11:12:92:
80:76:e5:6b:81:92:27:0f:9c:57:b5:1f:6b:df:04:
75:01:0d:dc:ad:d0:d4:ce:5e:54:5a:60:55:d3:f0:
66:14:55:d8:f2:1d:de:f8:07:e1:5b:6b:a4:a2:40:
82:d3:99:e2:b4:f7:c6:47:d2:c3:ec:58:20:4d:3b:
3b:5a:3d:e6:e6:e8:1e:41:55:66:8b:9f:a7:74:37:
71:5c:91:70:e1:24:7b:37:64:14:61:e8:6d:02:3f:
3f:ce:58:bc:1b:57:04:ae:b7:e5:e9:56:a4:18:21:
26:ef:e1:9e:dc:b2:f6:eb:1e:a7:7e:22:04:07:7b:
f2:dc:cc:71:d2:89:ff:ae:f6:6f:49:dc:89:18:68:
ff:ac:dd:e1:a9:57:3e:4e:ff:d7:d9:19:c0:ac:68:
09:85:7d:29:22:57:3f:d8:4b:c5:16:bc:35:37:b9:
c2:dd:5d:7f:05:7d:99:7b:1a:01:81:46:13:56:e7:
34:db:32:4e:33:48:b8:cd:21:44:b4:96:ba:65:73:
4e:75:39:6f:28:dd:91:50:5e:8c:9b:07:df:ff:5b:
ed:33:87:66:0c:51:ea:75:3f:30:a7:0d:41:23:32:
ba:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:E1:C0:4F:DD:9D:60:72:44:76:30:5A:CE:84:6B:90:80:7D:78:3C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.214.0.0/15
Signature Algorithm: sha256WithRSAEncryption
15:ee:d8:f5:46:e4:cd:e4:45:52:a2:06:69:ec:45:4f:0c:f1:
53:4a:9e:f1:9f:07:a6:cf:56:7e:8b:16:52:05:b7:9b:50:6e:
76:fb:9c:5f:d3:b3:73:94:37:06:54:d3:30:5a:86:71:2e:4e:
b5:13:cc:61:99:f4:cc:1d:ad:62:c9:0c:a2:60:76:07:f6:2c:
ae:54:a5:d4:44:8c:6b:62:11:2a:4e:20:bd:85:d3:57:be:1f:
2a:0f:5c:30:0b:50:3c:5b:d0:68:3f:d7:6a:1e:b1:d3:fe:40:
2c:bc:16:a3:3b:86:a9:b2:e3:78:1e:e0:58:5d:d1:6e:b2:e3:
31:46:80:cb:90:89:f7:00:dd:d7:6c:5a:01:9b:3d:bc:51:15:
5f:1f:7c:58:4c:00:f1:65:5f:16:28:7e:f3:01:57:d0:2e:cd:
5a:77:c8:56:35:4d:7d:fe:14:89:7e:c7:f6:9a:9d:46:08:5c:
83:eb:8f:30:1e:b1:37:77:d8:40:fa:3e:b7:b2:3e:d4:13:ae:
2f:ec:31:c4:db:5f:d0:89:8c:76:63:06:4a:73:24:a7:4a:90:
81:4d:82:4e:0f:04:28:7b:8c:07:dd:12:1b:a0:e4:52:76:b5:
7c:2e:b6:d3:9f:98:03:02:ba:e0:03:3b:c6:3a:46:68:4a:7d:
e6:98:16:49
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUfh2DpfhIcRgw/qYvsxb9SosbieQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQyYmEzOWYyMDNjY2ViMzM1M2VkZDM1Mjk3NDU5NmVjY2I5NDkwZWYxMmFh
OWI5NzZlNWFkN2I3ZjAxNTE0NGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ8NTyesWroKoJEd3s6eVC07z3FNoqpmdvgCERKSgHbla4GSJw+cV7Ufa98E
dQEN3K3Q1M5eVFpgVdPwZhRV2PId3vgH4VtrpKJAgtOZ4rT3xkfSw+xYIE07O1o9
5uboHkFVZoufp3Q3cVyRcOEkezdkFGHobQI/P85YvBtXBK635elWpBghJu/hntyy
9usep34iBAd78tzMcdKJ/672b0nciRho/6zd4alXPk7/19kZwKxoCYV9KSJXP9hL
xRa8NTe5wt1dfwV9mXsaAYFGE1bnNNsyTjNIuM0hRLSWumVzTnU5byjdkVBejJsH
3/9b7TOHZgxR6nU/MKcNQSMyur8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQd4cBP
3Z1gckR2MFrOhGuQgH14PDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTIzYjIwZWItNDE0Mi00YzE4LTk2ZTAtZDE4NzFkZTY2ZmQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPWMA0G
CSqGSIb3DQEBCwUAA4IBAQAV7tj1RuTN5EVSogZp7EVPDPFTSp7xnwemz1Z+ixZS
BbebUG52+5xf07NzlDcGVNMwWoZxLk61E8xhmfTMHa1iyQyiYHYH9iyuVKXURIxr
YhEqTiC9hdNXvh8qD1wwC1A8W9BoP9dqHrHT/kAsvBajO4apsuN4HuBYXdFusuMx
RoDLkIn3AN3XbFoBmz28URVfH3xYTADxZV8WKH7zAVfQLs1ad8hWNU19/hSJfsf2
mp1GCFyD648wHrE3d9hA+j63sj7UE64v7DHE21/QiYx2YwZKcySnSpCBTYJODwQo
e4wH3RIboORSdrV8LrbTn5gDArrgAzvGOkZoSn3mmBZJ
-----END CERTIFICATE-----
Generated at Wed Oct 22 09:55:31 2025 by rpki-client