Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/444db014-8d2a-4c59-af9c-399bacab4f3f.roa
File: 444db014-8d2a-4c59-af9c-399bacab4f3f.roa (raw, json)
Hash identifier: HgONKEYbSOfVjxpGHdP4lxdsQYeF6s7p8UPcOYYh6v8=
Subject key identifier: 3A:77:72:BD:A1:7C:A7:0B:8F:C4:30:12:46:77:80:F7:F0:F9:20:74
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3BA33C40B80C26243E6AFCBF6FA4D6B58747564A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/444db014-8d2a-4c59-af9c-399bacab4f3f.roa
Signing time: Mon 01 Sep 2025 21:31:23 +0000
ROA not before: Mon 01 Sep 2025 21:31:23 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.156.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 17 Sep 2025 22:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:a3:3c:40:b8:0c:26:24:3e:6a:fc:bf:6f:a4:d6:b5:87:47:56:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:31:23 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=f50761b7cadf2b95ad438657d90908cef7dd6b5784284651e2bb91463210b590, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:aa:50:e9:c4:b2:43:bf:00:2b:56:ff:de:50:
13:fc:e7:71:26:5d:1c:72:fb:f4:f6:2f:a3:cb:d4:
7d:81:a7:81:ed:aa:88:55:dc:af:1a:c0:7d:1d:11:
d5:ae:02:7f:6c:52:5f:ec:d7:40:aa:a6:ba:8d:7f:
1d:ea:46:83:10:6d:2b:81:54:b1:ef:b2:2d:9b:74:
0e:b4:5b:45:a5:a9:7c:22:9a:00:2f:fd:da:7a:37:
9a:b7:67:7e:7e:d5:d1:9d:2b:78:08:99:f7:59:d7:
8a:8d:4b:49:a6:39:84:60:1b:53:2b:ce:e2:bb:e1:
dd:78:af:65:90:fc:db:94:b6:d9:80:42:d9:a1:df:
5c:48:6d:89:28:fc:00:0f:0e:66:0e:c7:cd:fb:4c:
54:56:a1:32:0c:90:51:cd:15:10:60:ab:92:e2:1e:
42:9c:eb:6a:10:c3:44:10:ae:3b:1c:4f:bf:b5:86:
e0:16:a4:fe:36:bf:63:64:03:7d:e8:ae:fe:75:6f:
cc:8c:7a:ed:48:fe:de:39:8a:fb:ed:f4:12:df:24:
19:6f:de:a4:83:d0:4b:f5:48:48:ce:f9:6d:92:fa:
5a:62:27:12:d2:4b:a1:2c:65:6d:15:67:a4:3c:28:
b1:2d:04:fd:47:8f:55:99:1f:29:b2:be:46:4b:50:
e8:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:77:72:BD:A1:7C:A7:0B:8F:C4:30:12:46:77:80:F7:F0:F9:20:74
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/444db014-8d2a-4c59-af9c-399bacab4f3f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.156.0.0/15
Signature Algorithm: sha256WithRSAEncryption
12:d6:a3:99:5b:f7:09:4e:51:3c:3c:d4:7e:f9:97:25:2d:f3:
8d:e8:73:43:14:17:e0:bb:63:07:06:22:c4:99:3a:45:cb:cf:
91:fc:da:9d:8e:10:a7:f0:e7:f1:30:fe:67:2f:14:96:ec:cc:
d3:ae:65:97:79:14:e4:ee:c2:7c:ac:57:25:5d:34:17:37:4f:
13:1b:46:1a:16:0f:eb:86:8a:35:5a:d7:96:9b:98:97:d0:93:
6d:e6:51:af:21:47:c1:0f:4f:d9:75:ae:10:62:21:93:ff:83:
34:86:9e:13:34:84:b0:7c:e7:d0:ba:d0:5e:e9:74:30:18:21:
4a:12:4f:06:0c:33:5d:a6:bf:94:7b:07:79:3e:24:4e:70:4f:
87:33:b3:c5:fb:06:07:a0:69:92:5d:80:c1:08:5b:1f:53:45:
a2:9b:c9:d9:ff:ec:69:8b:32:54:6b:94:59:d5:17:16:d9:e8:
96:6a:36:7b:fb:34:02:50:90:8e:57:06:ed:f0:7f:53:0f:ba:
41:44:f0:15:fd:2d:9b:68:5f:21:1e:98:6f:e8:69:b6:ce:8a:
b5:66:81:ba:a4:3f:60:22:28:51:1b:7d:a8:b8:5a:10:32:dd:
4e:3b:6e:4c:4e:61:f9:c7:0d:b0:8f:7a:43:c2:f1:0e:c5:20:
09:54:7f:22
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUO6M8QLgMJiQ+avy/b6TWtYdHVkowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTMxMjNaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGY1MDc2MWI3Y2FkZjJiOTVhZDQzODY1N2Q5MDkwOGNlZjdkZDZiNTc4NDI4
NDY1MWUyYmI5MTQ2MzIxMGI1OTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJiqUOnEskO/ACtW/95QE/zncSZdHHL79PYvo8vUfYGnge2qiFXcrxrAfR0R
1a4Cf2xSX+zXQKqmuo1/HepGgxBtK4FUse+yLZt0DrRbRaWpfCKaAC/92no3mrdn
fn7V0Z0reAiZ91nXio1LSaY5hGAbUyvO4rvh3XivZZD825S22YBC2aHfXEhtiSj8
AA8OZg7HzftMVFahMgyQUc0VEGCrkuIeQpzrahDDRBCuOxxPv7WG4Bak/ja/Y2QD
feiu/nVvzIx67Uj+3jmK++30Et8kGW/epIPQS/VISM75bZL6WmInEtJLoSxlbRVn
pDwosS0E/UePVZkfKbK+RktQ6AUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ6d3K9
oXynC4/EMBJGd4D38PkgdDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDQ0ZGIwMTQtOGQyYS00YzU5LWFmOWMtMzk5YmFjYWI0ZjNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOcMA0G
CSqGSIb3DQEBCwUAA4IBAQAS1qOZW/cJTlE8PNR++ZclLfON6HNDFBfgu2MHBiLE
mTpFy8+R/NqdjhCn8OfxMP5nLxSW7MzTrmWXeRTk7sJ8rFclXTQXN08TG0YaFg/r
hoo1WteWm5iX0JNt5lGvIUfBD0/Zda4QYiGT/4M0hp4TNISwfOfQutBe6XQwGCFK
Ek8GDDNdpr+Uewd5PiROcE+HM7PF+wYHoGmSXYDBCFsfU0Wim8nZ/+xpizJUa5RZ
1RcW2eiWajZ7+zQCUJCOVwbt8H9TD7pBRPAV/S2baF8hHphv6Gm2zoq1ZoG6pD9g
IihRG32ouFoQMt1OO25MTmH5xw2wj3pDwvEOxSAJVH8i
-----END CERTIFICATE-----
Generated at Wed Sep 17 04:09:20 2025 by rpki-client