Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa
File: 2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa (raw, json)
Hash identifier: nNgkYI8heBa5D+NcrFy65nNUJUBkI6zP9F2Mo9m0ZqM=
Subject key identifier: 4B:04:B8:D9:6D:30:06:88:C9:D3:08:B0:CB:C2:F7:56:C6:1C:10:22
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5F88867B8632FCBAAE113EF66EDA99B548BEF95F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa
Signing time: Tue 21 Oct 2025 14:40:34 +0000
ROA not before: Tue 21 Oct 2025 14:40:34 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.127.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:88:86:7b:86:32:fc:ba:ae:11:3e:f6:6e:da:99:b5:48:be:f9:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:40:34 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=5e89f55467c6fddca4f45c5ca8b28dc6d35b478f39254111d681ba77ebfaae2a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:31:8b:1b:65:f7:55:e4:9c:c9:0a:a4:de:d1:
f5:14:0f:fc:20:3f:a8:07:aa:ca:a5:55:47:5e:ad:
54:89:9e:34:30:d9:54:b2:d9:50:e9:79:c4:05:15:
8e:45:9b:fd:d9:6f:ac:6e:44:58:a0:c5:33:3f:59:
72:fa:ff:a1:8f:dd:a3:f9:be:d4:38:e1:35:92:f6:
85:a8:f7:d6:39:0e:c2:c6:18:9c:ee:c6:74:1f:85:
a2:d1:83:9f:70:30:95:87:39:52:5b:64:95:73:f1:
89:bd:63:24:71:3f:72:8e:67:6f:9b:12:f3:bd:56:
d3:e5:d3:3b:f8:4d:d5:74:a3:d4:b3:e2:c0:70:72:
ec:11:66:05:bc:4c:27:10:20:ad:90:c6:1d:23:e6:
e5:08:f5:ec:68:21:24:d4:65:e1:5d:65:ac:04:54:
18:f1:fd:76:ac:47:a9:e6:d4:bb:1f:c9:ae:d0:d7:
ef:e0:da:00:bd:75:72:10:99:57:e6:31:93:22:60:
74:15:36:25:08:69:24:f5:57:0b:57:89:ed:92:05:
e9:8a:ad:de:69:c4:da:ce:6c:41:ae:04:c1:81:54:
46:20:c5:9f:26:fb:2d:19:fc:67:91:15:4b:fa:f8:
12:bb:10:59:81:fe:3b:30:73:c1:ce:15:82:40:70:
01:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:04:B8:D9:6D:30:06:88:C9:D3:08:B0:CB:C2:F7:56:C6:1C:10:22
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.127.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a3:31:ea:fe:90:e5:18:a4:4f:d5:ca:02:2e:e0:22:0b:99:74:
c6:44:a6:6e:70:66:45:4c:28:d2:55:3b:d2:2b:25:d1:03:d1:
6e:00:ca:29:9e:9e:59:2a:8e:13:d1:bf:fc:5b:9c:36:f9:81:
c8:86:c3:d6:da:50:5c:bd:87:d3:dd:f2:42:40:22:2f:51:f3:
6f:f0:24:c5:b2:91:c2:8c:1a:d5:76:8f:04:21:0c:31:4b:46:
ed:e3:50:0c:94:87:9d:d0:47:34:7d:b6:c2:68:46:91:27:6d:
65:33:3b:ab:10:28:46:3d:62:1e:85:ad:0a:32:af:85:5d:a5:
31:43:ff:cd:f5:01:ed:2c:d3:fc:c5:7a:4b:44:43:16:52:7e:
e5:4b:c5:f6:c1:68:35:fe:c8:22:0a:68:d7:22:6e:1b:cf:6e:
66:04:8d:e0:e1:5a:84:b6:d4:94:53:dd:4d:c6:30:78:07:fc:
79:05:0c:da:74:19:ce:b8:37:37:0e:20:f6:78:bf:9e:ee:1b:
a4:2d:54:7c:0e:95:ae:35:69:9b:2c:7e:0f:06:90:6a:da:a3:
48:2f:4f:43:8e:8b:35:38:56:8d:81:de:51:85:fb:fd:3e:33:
df:7e:0e:83:0e:69:08:e3:3f:fb:8e:b8:ba:cc:82:13:bb:0f:
db:e0:d2:44
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUX4iGe4Yy/LquET72btqZtUi++V8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDQwMzRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVlODlmNTU0NjdjNmZkZGNhNGY0NWM1Y2E4YjI4ZGM2ZDM1YjQ3OGYzOTI1
NDExMWQ2ODFiYTc3ZWJmYWFlMmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKIxixtl91XknMkKpN7R9RQP/CA/qAeqyqVVR16tVImeNDDZVLLZUOl5xAUV
jkWb/dlvrG5EWKDFMz9Zcvr/oY/do/m+1DjhNZL2haj31jkOwsYYnO7GdB+FotGD
n3AwlYc5UltklXPxib1jJHE/co5nb5sS871W0+XTO/hN1XSj1LPiwHBy7BFmBbxM
JxAgrZDGHSPm5Qj17GghJNRl4V1lrARUGPH9dqxHqebUux/JrtDX7+DaAL11chCZ
V+YxkyJgdBU2JQhpJPVXC1eJ7ZIF6Yqt3mnE2s5sQa4EwYFURiDFnyb7LRn8Z5EV
S/r4ErsQWYH+OzBzwc4VgkBwATECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRLBLjZ
bTAGiMnTCLDLwvdWxhwQIjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmZjNmEyNTMtZGM2MC00NjExLThiYzAtZjRiMTE4NTFjY2YxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN/MA0G
CSqGSIb3DQEBCwUAA4IBAQCjMer+kOUYpE/VygIu4CILmXTGRKZucGZFTCjSVTvS
KyXRA9FuAMopnp5ZKo4T0b/8W5w2+YHIhsPW2lBcvYfT3fJCQCIvUfNv8CTFspHC
jBrVdo8EIQwxS0bt41AMlIed0Ec0fbbCaEaRJ21lMzurEChGPWIeha0KMq+FXaUx
Q//N9QHtLNP8xXpLREMWUn7lS8X2wWg1/sgiCmjXIm4bz25mBI3g4VqEttSUU91N
xjB4B/x5BQzadBnOuDc3DiD2eL+e7hukLVR8DpWuNWmbLH4PBpBq2qNIL09Djos1
OFaNgd5Rhfv9PjPffg6DDmkI4z/7jri6zIITuw/b4NJE
-----END CERTIFICATE-----
Generated at Sat Nov 1 18:58:36 2025 by rpki-client