Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
File: 676cc479-c956-49aa-8372-560fd674c62c.roa (raw, json)
Hash identifier: RTTz7jjqsua23mf5ZY4O9dxBAbPWn2KR/GAm/g/8O4Q=
Subject key identifier: 85:3A:7B:04:7F:9A:AE:36:80:70:B1:95:C6:7D:5E:AB:B9:57:28:F7
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3B94A3EC73D576F331636AA0B4125009CFACACA5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
Signing time: Mon 29 Sep 2025 15:40:08 +0000
ROA not before: Mon 29 Sep 2025 15:40:08 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.20.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:94:a3:ec:73:d5:76:f3:31:63:6a:a0:b4:12:50:09:cf:ac:ac:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 29 15:40:08 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=f7b6532d9e1d3dc9217596bdc874bf5d88412aba299410630e9f5e994d95640c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:9b:f1:9b:bc:4c:18:22:16:2b:2d:f9:fd:7c:
2c:7a:40:26:7a:89:1c:8e:e2:e1:75:e3:45:d0:fe:
44:29:01:45:3b:d8:19:94:e2:59:94:3d:0d:39:3c:
77:cd:f6:8c:fa:a0:fa:1f:75:57:2d:ac:fb:2f:97:
8c:fd:c9:b2:d4:c1:f1:83:33:fb:1a:05:1a:c4:d5:
74:9f:7d:64:79:34:ed:99:47:65:14:da:b0:d2:c7:
89:0a:9e:df:72:bf:cd:a6:0b:7d:55:5e:a6:a8:5b:
53:0a:3b:a7:06:e7:b5:c3:5a:dd:d4:e6:c3:27:09:
cf:f7:5d:0d:97:b3:af:8f:a0:92:ce:c3:57:80:48:
76:e7:1b:c5:6a:a8:25:33:07:a8:65:08:09:37:82:
73:b7:94:e4:4f:ea:61:3b:22:b1:7d:fa:0e:fa:fb:
f8:a8:db:fb:9b:30:48:48:b2:5f:97:02:8c:9e:ab:
b6:46:06:b1:cd:7d:8d:8b:ca:68:c8:80:60:32:97:
bf:98:48:f9:ba:e2:55:84:88:8a:b7:a3:11:23:c1:
f3:e8:bb:4c:97:fd:36:7e:f4:1c:99:61:4e:1e:e1:
0b:49:75:50:e9:a3:57:30:11:66:eb:7f:5c:27:3f:
84:35:35:fd:c2:c4:c8:50:df:f4:28:46:3c:a5:a1:
3b:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:3A:7B:04:7F:9A:AE:36:80:70:B1:95:C6:7D:5E:AB:B9:57:28:F7
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.20.0.0/16
Signature Algorithm: sha256WithRSAEncryption
79:12:2b:1a:e4:a2:10:aa:67:3d:5e:6b:cd:c0:90:c1:94:94:
c2:63:18:0b:67:0c:60:9f:7e:0e:8c:3e:cd:38:88:83:81:c0:
cc:e0:e5:ab:be:53:48:b8:ed:8b:a8:e6:bb:10:15:e0:4c:da:
96:f0:c2:88:c6:36:20:3f:89:bd:66:af:42:04:04:d9:21:2c:
7b:a1:33:da:07:71:f6:0a:60:97:9f:36:86:aa:e7:82:c8:54:
f1:2f:33:d9:f0:9d:10:fd:48:d2:dc:33:a3:30:d2:1a:98:c0:
12:2a:58:23:d1:e9:58:79:27:da:2d:ad:48:f5:6a:0d:fc:bf:
41:5a:ae:9d:f8:84:a5:ca:15:7f:31:41:cd:06:f4:f5:9f:13:
de:d3:8b:da:49:80:d3:1c:1b:4a:cd:be:9e:57:05:ce:0e:a9:
00:ac:14:20:88:ec:1d:00:b8:6f:2e:d8:7b:fc:ee:40:da:21:
41:c8:a3:77:01:92:b5:34:15:ee:64:24:62:8d:46:c1:26:a8:
38:b9:d5:49:53:a9:fa:94:5e:21:e9:6a:d8:33:85:49:aa:49:
c4:da:7c:01:d0:51:fe:71:7b:d6:96:8e:c7:a5:fb:fb:4a:11:
32:4c:68:33:61:d3:c1:0d:4e:71:f1:cd:a6:8f:6f:9a:dc:7d:
d3:1c:36:a2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUO5Sj7HPVdvMxY2qgtBJQCc+srKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjkxNTQwMDhaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3YjY1MzJkOWUxZDNkYzkyMTc1OTZiZGM4NzRiZjVkODg0MTJhYmEyOTk0
MTA2MzBlOWY1ZTk5NGQ5NTY0MGMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI6b8Zu8TBgiFist+f18LHpAJnqJHI7i4XXjRdD+RCkBRTvYGZTiWZQ9DTk8
d832jPqg+h91Vy2s+y+XjP3JstTB8YMz+xoFGsTVdJ99ZHk07ZlHZRTasNLHiQqe
33K/zaYLfVVepqhbUwo7pwbntcNa3dTmwycJz/ddDZezr4+gks7DV4BIducbxWqo
JTMHqGUICTeCc7eU5E/qYTsisX36Dvr7+Kjb+5swSEiyX5cCjJ6rtkYGsc19jYvK
aMiAYDKXv5hI+briVYSIirejESPB8+i7TJf9Nn70HJlhTh7hC0l1UOmjVzARZut/
XCc/hDU1/cLEyFDf9ChGPKWhO0MCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSFOnsE
f5quNoBwsZXGfV6ruVco9zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc2Y2M0NzktYzk1Ni00OWFhLTgzNzItNTYwZmQ2NzRjNjJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMUMA0G
CSqGSIb3DQEBCwUAA4IBAQB5Eisa5KIQqmc9XmvNwJDBlJTCYxgLZwxgn34OjD7N
OIiDgcDM4OWrvlNIuO2LqOa7EBXgTNqW8MKIxjYgP4m9Zq9CBATZISx7oTPaB3H2
CmCXnzaGqueCyFTxLzPZ8J0Q/UjS3DOjMNIamMASKlgj0elYeSfaLa1I9WoN/L9B
Wq6d+ISlyhV/MUHNBvT1nxPe04vaSYDTHBtKzb6eVwXODqkArBQgiOwdALhvLth7
/O5A2iFByKN3AZK1NBXuZCRijUbBJqg4udVJU6n6lF4h6WrYM4VJqknE2nwB0FH+
cXvWlo7Hpfv7ShEyTGgzYdPBDU5x8c2mj2+a3H3THDai
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:52:41 2025 by rpki-client