Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/620d46e8-bb13-40cd-8918-677590eaf682.roa
File: 620d46e8-bb13-40cd-8918-677590eaf682.roa (raw, json)
Hash identifier: Yu7/rRsLOG45R1Gh+szNaxVjM8/DDINMpzyECx1h+Ko=
Subject key identifier: F9:14:F7:C1:E8:E8:C9:41:9B:9E:47:ED:92:B1:62:63:15:B9:09:EA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1E856FF0BB081E422E7EDE7585DE0BFD1E712406
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/620d46e8-bb13-40cd-8918-677590eaf682.roa
Signing time: Wed 06 Aug 2025 08:22:00 +0000
ROA not before: Wed 06 Aug 2025 08:22:00 +0000
ROA not after: Wed 10 Sep 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.226.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 15:34:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:85:6f:f0:bb:08:1e:42:2e:7e:de:75:85:de:0b:fd:1e:71:24:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 6 08:22:00 2025 GMT
Not After : Sep 10 23:59:59 2025 GMT
Subject: serialNumber=092c396ae89272d0fb153d9efc30fea9c1de7553ee6a66b81ab7b9a6d06523cf, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:70:5b:83:ad:36:f1:7a:88:dd:69:67:10:02:
dc:55:7f:fb:19:df:5f:b7:21:bb:88:22:f2:fd:53:
4d:94:e7:63:5c:cf:5f:26:0e:21:04:ae:52:5b:df:
fd:fe:1a:5c:3b:53:32:c4:63:70:ef:f9:36:8f:28:
49:d0:0d:17:5a:b3:0d:17:c0:98:0d:37:90:4b:2c:
3a:dd:4f:e4:af:cc:b2:ac:1d:74:6c:ca:b6:8e:a5:
d3:f5:ae:24:d9:e3:67:18:8b:1a:c6:79:46:af:52:
15:cf:1c:55:3f:df:c3:16:cd:02:f8:5c:c2:80:16:
57:a4:5d:c6:0c:83:30:b1:ea:01:a6:ff:af:2b:b2:
d4:10:ad:bd:af:a4:d0:db:43:87:c6:55:6a:15:04:
6c:92:24:82:15:74:a9:55:cf:9d:45:ed:dd:dc:05:
7a:50:fc:65:b3:e9:43:b8:08:6b:35:92:33:a9:c8:
f4:bb:21:30:24:07:68:ea:11:4b:78:88:7c:69:47:
f1:ce:98:94:b7:c5:a3:ee:2d:f2:86:43:7a:13:ac:
4f:e1:2e:22:e9:68:a2:30:54:41:b1:37:5c:04:a3:
ee:b9:69:87:8c:d8:65:f3:0d:e5:fb:95:d8:ec:16:
33:8f:bf:66:79:01:dc:cf:30:81:91:33:95:19:ce:
6a:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:14:F7:C1:E8:E8:C9:41:9B:9E:47:ED:92:B1:62:63:15:B9:09:EA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/620d46e8-bb13-40cd-8918-677590eaf682.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.226.0.0/15
Signature Algorithm: sha256WithRSAEncryption
bd:58:0b:3c:01:d2:79:75:fc:7c:4d:05:c3:7b:de:d5:e2:8e:
32:91:de:0c:3d:5e:82:82:89:96:15:96:5b:03:d4:cb:a7:f0:
f3:a2:e1:79:95:5f:61:a4:11:4e:21:22:ee:b4:98:08:16:50:
2d:d6:be:5c:5c:7a:68:40:49:53:43:ee:a5:5e:c1:27:61:de:
b1:16:c8:14:fa:b9:53:8f:b6:2e:b8:6b:ec:21:8a:11:80:84:
7c:eb:0b:0e:a4:de:66:e0:6b:40:de:bc:82:cd:35:95:aa:f1:
30:d3:f5:9e:49:f4:2a:8c:f5:21:aa:cc:8a:0c:8b:93:35:f6:
3f:4e:b9:fb:b4:6f:73:4b:ee:2e:64:f5:25:e9:f0:42:77:9c:
a8:7d:0c:e8:cd:97:9a:56:76:0b:35:b4:f5:b1:f4:da:3e:c1:
4d:02:c7:79:7b:aa:e4:23:a5:94:83:32:94:f4:54:2f:f1:4b:
48:09:66:f4:26:86:b4:f6:6f:3e:59:f1:7d:03:64:73:22:1b:
38:15:92:4e:24:65:f9:c4:4b:b2:d7:62:f3:5c:3c:56:0b:07:
08:e7:ef:6a:4c:40:18:90:d9:a4:a8:71:9c:b6:5e:80:01:f4:
ff:1c:21:88:7b:a8:bb:21:f6:a8:3d:b1:77:70:77:68:3e:51:
c7:7e:b7:8a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHoVv8LsIHkIuft51hd4L/R5xJAYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDYwODIyMDBaFw0yNTA5MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA5MmMzOTZhZTg5MjcyZDBmYjE1M2Q5ZWZjMzBmZWE5YzFkZTc1NTNlZTZh
NjZiODFhYjdiOWE2ZDA2NTIzY2YxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMhwW4OtNvF6iN1pZxAC3FV/+xnfX7chu4gi8v1TTZTnY1zPXyYOIQSuUlvf
/f4aXDtTMsRjcO/5No8oSdANF1qzDRfAmA03kEssOt1P5K/MsqwddGzKto6l0/Wu
JNnjZxiLGsZ5Rq9SFc8cVT/fwxbNAvhcwoAWV6RdxgyDMLHqAab/ryuy1BCtva+k
0NtDh8ZVahUEbJIkghV0qVXPnUXt3dwFelD8ZbPpQ7gIazWSM6nI9LshMCQHaOoR
S3iIfGlH8c6YlLfFo+4t8oZDehOsT+EuIuloojBUQbE3XASj7rlph4zYZfMN5fuV
2OwWM4+/ZnkB3M8wgZEzlRnOao0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT5FPfB
6OjJQZueR+2SsWJjFbkJ6jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjIwZDQ2ZTgtYmIxMy00MGNkLTg5MTgtNjc3NTkwZWFmNjgyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPiMA0G
CSqGSIb3DQEBCwUAA4IBAQC9WAs8AdJ5dfx8TQXDe97V4o4ykd4MPV6CgomWFZZb
A9TLp/DzouF5lV9hpBFOISLutJgIFlAt1r5cXHpoQElTQ+6lXsEnYd6xFsgU+rlT
j7YuuGvsIYoRgIR86wsOpN5m4GtA3ryCzTWVqvEw0/WeSfQqjPUhqsyKDIuTNfY/
Trn7tG9zS+4uZPUl6fBCd5yofQzozZeaVnYLNbT1sfTaPsFNAsd5e6rkI6WUgzKU
9FQv8UtICWb0Joa09m8+WfF9A2RzIhs4FZJOJGX5xEuy12LzXDxWCwcI5+9qTEAY
kNmkqHGctl6AAfT/HCGIe6i7IfaoPbF3cHdoPlHHfreK
-----END CERTIFICATE-----
Generated at Thu Aug 21 18:54:05 2025 by rpki-client