Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/444db014-8d2a-4c59-af9c-399bacab4f3f.roa
File: 444db014-8d2a-4c59-af9c-399bacab4f3f.roa (raw, json)
Hash identifier: HWGrfOPDtQoDbbNbJIA/F3VUNuZF/+QEc3T61J8k+nM=
Subject key identifier: 49:80:6C:6F:EF:AD:8A:70:5E:13:5E:EC:A9:97:52:C1:80:8A:FB:2B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 304678A6C09DBC8728BC0B0C55A30AAA141878DA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/444db014-8d2a-4c59-af9c-399bacab4f3f.roa
Signing time: Tue 21 Oct 2025 15:00:33 +0000
ROA not before: Tue 21 Oct 2025 15:00:33 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.156.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 04 Nov 2025 20:30:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:46:78:a6:c0:9d:bc:87:28:bc:0b:0c:55:a3:0a:aa:14:18:78:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 15:00:33 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=0e546ac714c32807937fa3e8962656f219f71c41a1026b2301955cc2409c26d6, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:a0:bf:5b:8e:87:4f:9f:7b:a7:3f:5b:61:ec:
77:36:16:9d:52:8e:2d:c5:cf:dd:bb:6c:eb:f4:da:
72:a6:ad:78:8e:e2:69:3c:3c:ee:7f:44:fe:11:b3:
c9:35:93:7a:d1:13:8f:67:35:85:8b:17:f0:ee:d5:
de:81:48:b3:b2:30:23:9a:65:c1:6c:ec:7e:f6:15:
1a:e6:76:1c:12:e9:50:a9:4c:82:a5:02:94:5a:9f:
f4:f9:b9:45:b3:d3:b4:0f:40:ff:4c:e7:73:3d:7f:
de:fc:7b:c1:f4:4d:ab:01:87:3d:f3:b2:d1:ff:70:
a6:7d:75:03:9e:94:de:a0:b3:c6:38:4d:87:64:ca:
75:70:76:3a:8b:3a:d7:fa:fd:20:fa:f6:ca:d0:54:
a6:8a:e9:f1:9a:e4:bc:c4:0e:ba:81:f5:eb:73:a5:
a6:91:90:f1:71:47:92:ad:04:5d:62:75:82:f6:69:
45:a5:bf:73:e1:ab:11:c5:c0:a5:63:d1:8e:81:d6:
ac:08:9d:4e:f9:16:79:f2:2a:b1:51:a8:06:07:3f:
46:09:04:f3:95:83:d6:41:7d:80:51:af:25:64:e2:
d2:1f:5b:07:1e:cc:5d:1c:c9:75:9b:c5:67:54:d5:
85:26:c7:98:a6:82:5d:b3:cd:c7:39:b3:93:84:89:
3f:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:80:6C:6F:EF:AD:8A:70:5E:13:5E:EC:A9:97:52:C1:80:8A:FB:2B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/444db014-8d2a-4c59-af9c-399bacab4f3f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.156.0.0/15
Signature Algorithm: sha256WithRSAEncryption
ac:d1:55:d6:a8:8c:7a:ad:fa:35:fa:b5:23:cc:07:2a:20:e0:
cf:f5:ab:79:fe:56:34:00:3e:82:eb:8a:5b:80:fb:7e:2f:3d:
cf:33:4b:21:35:d4:d8:f9:7c:6d:85:1f:4a:f5:19:31:0d:51:
a1:69:7f:a1:5e:e4:c8:9e:3b:f0:e7:77:0e:5b:f7:5d:ac:16:
66:60:54:a0:fe:0b:74:be:21:9a:2b:08:a0:79:a7:e5:f7:6e:
95:94:fb:40:3d:13:fc:36:97:11:c5:68:0e:6d:6f:b8:15:53:
70:a8:5d:6b:a7:19:0b:61:4f:b0:e4:06:42:29:03:56:f3:0c:
f2:b8:f7:ff:73:16:1d:63:c0:2e:ca:01:57:08:64:cf:6b:42:
07:c1:64:57:76:5d:17:23:9e:d7:6f:de:16:ae:62:1d:d1:1f:
43:72:eb:ab:65:15:cb:e3:89:9a:fd:c2:4b:1d:2c:9a:c5:4b:
b7:7e:49:d2:fb:bf:24:7b:36:4f:f3:63:82:5b:a9:05:15:7c:
95:fc:7b:b3:9d:6a:de:af:6f:9b:7c:8f:19:f5:ea:89:be:1e:
8c:a7:c5:40:dd:b1:f3:63:02:53:32:45:5f:c6:f1:8b:12:69:
d2:3c:f8:95:84:ec:18:da:d4:f3:9e:9e:9c:1b:18:03:be:5b:
75:29:b6:ca
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUMEZ4psCdvIcovAsMVaMKqhQYeNowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNTAwMzNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlNTQ2YWM3MTRjMzI4MDc5MzdmYTNlODk2MjY1NmYyMTlmNzFjNDFhMTAy
NmIyMzAxOTU1Y2MyNDA5YzI2ZDYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOCgv1uOh0+fe6c/W2HsdzYWnVKOLcXP3bts6/TacqateI7iaTw87n9E/hGz
yTWTetETj2c1hYsX8O7V3oFIs7IwI5plwWzsfvYVGuZ2HBLpUKlMgqUClFqf9Pm5
RbPTtA9A/0zncz1/3vx7wfRNqwGHPfOy0f9wpn11A56U3qCzxjhNh2TKdXB2Oos6
1/r9IPr2ytBUporp8ZrkvMQOuoH163OlppGQ8XFHkq0EXWJ1gvZpRaW/c+GrEcXA
pWPRjoHWrAidTvkWefIqsVGoBgc/RgkE85WD1kF9gFGvJWTi0h9bBx7MXRzJdZvF
Z1TVhSbHmKaCXbPNxzmzk4SJP1UCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRJgGxv
762KcF4TXuypl1LBgIr7KzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDQ0ZGIwMTQtOGQyYS00YzU5LWFmOWMtMzk5YmFjYWI0ZjNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOcMA0G
CSqGSIb3DQEBCwUAA4IBAQCs0VXWqIx6rfo1+rUjzAcqIODP9at5/lY0AD6C64pb
gPt+Lz3PM0shNdTY+XxthR9K9RkxDVGhaX+hXuTInjvw53cOW/ddrBZmYFSg/gt0
viGaKwigeafl926VlPtAPRP8NpcRxWgObW+4FVNwqF1rpxkLYU+w5AZCKQNW8wzy
uPf/cxYdY8AuygFXCGTPa0IHwWRXdl0XI57Xb94WrmId0R9DcuurZRXL44ma/cJL
HSyaxUu3fknS+78kezZP82OCW6kFFXyV/HuznWrer2+bfI8Z9eqJvh6Mp8VA3bHz
YwJTMkVfxvGLEmnSPPiVhOwY2tTznp6cGxgDvlt1KbbK
-----END CERTIFICATE-----
Generated at Tue Nov 4 05:43:18 2025 by rpki-client