Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
File: 63e023f1-83fd-412f-8365-33afe1ac80af.roa (raw, json)
Hash identifier: L+t169gAXQrhVaVbn0e+3VxXyHdM13ZrWXhBy/KpGHA=
Subject key identifier: B0:94:A9:AC:FF:E0:8C:F4:8B:31:03:44:9C:5B:7C:53:37:09:29:BC
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1B45EF97A2EA23C26EE8CCB92A0F2802BC94B47B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
Signing time: Mon 01 Sep 2025 21:31:25 +0000
ROA not before: Mon 01 Sep 2025 21:31:25 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.160.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 16 Sep 2025 08:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:45:ef:97:a2:ea:23:c2:6e:e8:cc:b9:2a:0f:28:02:bc:94:b4:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:31:25 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=87f11308f2c7be73b1c6e6c904598c745efd0393874fb7efc9af0afb9d71add7, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:c2:7e:29:50:75:4a:dd:5c:8d:d9:b5:5c:9d:
2c:74:58:44:66:53:27:41:00:f6:c4:e5:3b:52:9b:
12:da:2a:53:7c:2e:8d:ba:16:dd:20:13:79:52:1e:
51:02:ab:27:98:4a:2a:75:18:50:a9:03:25:5a:7c:
2e:b6:0a:61:c2:71:0e:2f:c8:34:ea:b8:9b:d3:f7:
c7:a9:71:2c:d0:95:dd:3a:df:2e:2a:de:ba:0d:10:
38:91:16:35:fb:7f:e9:53:ba:71:6b:f2:e5:cd:d9:
40:51:27:02:21:19:10:ef:58:de:e4:c9:3d:b5:03:
29:f0:3a:5b:b1:10:c2:d8:c1:be:8a:1c:77:f9:c2:
ba:85:12:74:0c:ae:1f:f0:44:3a:76:db:bd:12:b3:
2d:80:0e:3e:24:74:51:be:c7:3f:5a:f6:da:f5:1a:
3a:c1:2f:f4:6f:3a:f1:9e:c1:6d:b3:b1:07:0c:3a:
8c:d0:36:94:8d:e0:0e:28:58:2f:ca:48:bf:c6:34:
68:f1:e6:ff:08:43:53:51:fe:26:c9:74:93:10:27:
00:87:1f:36:75:d5:a7:32:14:ea:99:50:6f:08:6a:
5c:48:49:dc:16:7b:e0:3c:64:ed:3d:2c:99:8f:3c:
ce:d4:3d:62:f1:d4:c5:44:83:56:b4:5a:76:64:39:
33:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:94:A9:AC:FF:E0:8C:F4:8B:31:03:44:9C:5B:7C:53:37:09:29:BC
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.160.0.0/16
Signature Algorithm: sha256WithRSAEncryption
cb:04:7e:c9:2a:5d:00:5e:b9:09:13:be:96:eb:bc:07:d3:4c:
36:c9:9f:38:8b:6b:a0:f3:6b:42:d0:be:2a:53:bd:b9:c5:21:
fb:86:5d:15:da:b9:51:38:5e:e2:15:d5:5d:2c:1b:db:6b:22:
0e:67:b9:be:d1:a7:4f:33:41:af:82:1d:3d:46:26:55:09:66:
b5:bb:e8:46:62:d3:8b:7e:74:8f:5a:5a:ce:02:3e:e2:74:85:
e1:d0:3f:41:0a:8f:ac:ff:4d:cb:5e:1c:39:40:68:1a:6e:55:
e8:29:31:d7:0f:f4:75:09:db:0b:39:11:85:cb:4f:48:71:e5:
5b:5f:44:08:72:6a:c6:3e:e8:12:9a:4d:cb:20:54:66:eb:43:
8b:10:8f:2c:5b:22:5c:dc:33:6e:8d:5e:5e:d4:b5:53:4e:9f:
3b:2c:5f:fb:b8:d3:ff:4d:f6:ba:5a:03:98:59:a8:64:97:61:
43:5f:90:13:99:84:b7:ba:2f:94:ee:0e:4e:d4:96:76:a5:52:
a8:4a:3d:dc:c5:9b:b1:0a:b5:4d:3d:6d:90:53:04:46:db:05:
ff:c4:09:4f:47:d8:e0:ed:60:0c:5f:be:7d:9d:01:71:0e:12:
f5:c0:07:7e:e4:4b:bd:88:dc:ef:63:f9:0b:e1:cc:cf:b1:23:
a2:d8:40:10
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUG0Xvl6LqI8Ju6My5Kg8oAryUtHswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTMxMjVaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDg3ZjExMzA4ZjJjN2JlNzNiMWM2ZTZjOTA0NTk4Yzc0NWVmZDAzOTM4NzRm
YjdlZmM5YWYwYWZiOWQ3MWFkZDcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKHCfilQdUrdXI3ZtVydLHRYRGZTJ0EA9sTlO1KbEtoqU3wujboW3SATeVIe
UQKrJ5hKKnUYUKkDJVp8LrYKYcJxDi/INOq4m9P3x6lxLNCV3TrfLireug0QOJEW
Nft/6VO6cWvy5c3ZQFEnAiEZEO9Y3uTJPbUDKfA6W7EQwtjBvoocd/nCuoUSdAyu
H/BEOnbbvRKzLYAOPiR0Ub7HP1r22vUaOsEv9G868Z7BbbOxBww6jNA2lI3gDihY
L8pIv8Y0aPHm/whDU1H+Jsl0kxAnAIcfNnXVpzIU6plQbwhqXEhJ3BZ74Dxk7T0s
mY88ztQ9YvHUxUSDVrRadmQ5M38CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSwlKms
/+CM9IsxA0ScW3xTNwkpvDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjNlMDIzZjEtODNmZC00MTJmLTgzNjUtMzNhZmUxYWM4MGFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOgMA0G
CSqGSIb3DQEBCwUAA4IBAQDLBH7JKl0AXrkJE76W67wH00w2yZ84i2ug82tC0L4q
U725xSH7hl0V2rlROF7iFdVdLBvbayIOZ7m+0adPM0Gvgh09RiZVCWa1u+hGYtOL
fnSPWlrOAj7idIXh0D9BCo+s/03LXhw5QGgablXoKTHXD/R1CdsLORGFy09IceVb
X0QIcmrGPugSmk3LIFRm60OLEI8sWyJc3DNujV5e1LVTTp87LF/7uNP/Tfa6WgOY
Wahkl2FDX5ATmYS3ui+U7g5O1JZ2pVKoSj3cxZuxCrVNPW2QUwRG2wX/xAlPR9jg
7WAMX759nQFxDhL1wAd+5Eu9iNzvY/kL4czPsSOi2EAQ
-----END CERTIFICATE-----
Generated at Mon Sep 15 13:15:33 2025 by rpki-client