Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
File: 9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa (raw, json)
Hash identifier: SsKGTDqp4t2VdKlESUoCZA+hAysrVBHwEBe62hzK4vo=
Subject key identifier: 5E:AC:BB:12:18:73:63:1A:ED:22:A5:9D:9C:E8:AE:7C:F0:08:BD:81
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 659A6F5BF9EBF53087B05707EA0E1C29A8598FCE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
Signing time: Mon 01 Sep 2025 21:31:19 +0000
ROA not before: Mon 01 Sep 2025 21:31:19 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.139.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 17 Sep 2025 22:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:9a:6f:5b:f9:eb:f5:30:87:b0:57:07:ea:0e:1c:29:a8:59:8f:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:31:19 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=c717fada78e886aa20ccc4684f4ccca0e064ab6c5edc7c25bd5e5fffe91cc161, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:6e:32:d4:41:49:60:15:c0:95:bb:36:70:14:
cf:46:fb:38:2c:3e:39:a0:c8:f1:8b:2d:ce:b5:89:
1b:cd:97:68:77:82:2a:b6:7a:7b:7f:83:6c:14:23:
a8:55:e4:1a:45:e8:67:d9:53:41:b2:e4:d2:be:be:
82:13:25:72:1d:47:60:3a:2f:a4:18:f4:76:10:f5:
f3:a3:d1:29:da:df:2b:fb:f1:f7:c3:87:46:b3:17:
89:cf:4f:50:16:14:92:16:1c:b7:03:91:23:68:da:
1e:76:d5:68:f7:1d:09:cc:ea:17:b2:43:00:b2:78:
ef:01:ff:73:d5:46:18:0b:87:6b:b5:97:90:e7:17:
c8:7e:28:dd:09:c8:9f:51:41:9e:24:ce:e6:33:ff:
6c:2b:a0:5c:3c:e9:07:a0:95:da:47:cc:ef:cf:75:
f2:98:6d:12:f4:5a:03:b2:24:ba:9b:d8:02:4f:a8:
f0:4e:56:ce:e4:91:94:39:ad:7f:71:39:5f:89:45:
fe:c1:59:53:48:6a:ea:32:ec:96:f6:97:b5:f6:31:
f6:a6:60:92:00:23:88:c7:ea:6c:89:da:ea:2b:f9:
7b:74:bf:8c:3a:8b:9f:7d:40:e6:41:4b:02:a8:0f:
eb:f6:41:d3:d6:d6:dd:5a:bd:bc:cd:c9:f5:ca:57:
4b:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:AC:BB:12:18:73:63:1A:ED:22:A5:9D:9C:E8:AE:7C:F0:08:BD:81
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.139.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1c:df:a6:20:ab:6e:e7:07:6c:ed:05:7c:bf:a9:f7:8e:71:75:
34:f4:83:7e:eb:dd:6f:2e:1a:d1:c9:27:86:cc:5a:7d:39:ee:
91:bd:a0:c5:ad:db:fb:ce:d9:97:7d:0c:ed:f5:87:b1:4b:5f:
ad:4e:14:16:1c:f4:76:94:4a:bc:b4:fe:f2:85:08:9d:61:e0:
f6:73:df:22:29:72:b0:ba:62:0c:c4:50:dc:31:04:41:bf:b6:
6b:d5:91:54:ed:42:92:b1:d7:32:b9:59:e7:e8:49:5c:3c:49:
b6:75:33:c9:96:e7:01:3f:7f:06:58:9a:5c:88:89:73:7d:4b:
d5:76:a5:14:cd:05:5a:02:61:35:1b:59:8a:a7:ed:90:1f:2c:
9c:a5:ba:17:8f:ba:5b:19:3f:41:eb:f8:55:9e:18:ef:55:76:
48:d4:d7:66:cf:00:0a:0f:7a:77:da:66:ee:35:31:99:ee:e1:
8d:8e:ce:f0:92:d2:73:c7:a9:55:03:e7:0f:b1:bb:7b:04:8a:
0a:2c:3e:a4:de:bb:b7:98:1b:0b:01:cf:9e:40:db:e8:d2:d6:
86:98:c2:f5:2c:9d:e5:ca:b7:0d:e7:a9:92:cc:c5:fc:07:89:
72:a6:80:16:dc:77:93:70:5e:fc:85:9d:a4:d7:a7:a2:82:94:
bf:43:d6:e6
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZZpvW/nr9TCHsFcH6g4cKahZj84wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTMxMTlaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGM3MTdmYWRhNzhlODg2YWEyMGNjYzQ2ODRmNGNjY2EwZTA2NGFiNmM1ZWRj
N2MyNWJkNWU1ZmZmZTkxY2MxNjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANBuMtRBSWAVwJW7NnAUz0b7OCw+OaDI8YstzrWJG82XaHeCKrZ6e3+DbBQj
qFXkGkXoZ9lTQbLk0r6+ghMlch1HYDovpBj0dhD186PRKdrfK/vx98OHRrMXic9P
UBYUkhYctwORI2jaHnbVaPcdCczqF7JDALJ47wH/c9VGGAuHa7WXkOcXyH4o3QnI
n1FBniTO5jP/bCugXDzpB6CV2kfM78918phtEvRaA7IkupvYAk+o8E5WzuSRlDmt
f3E5X4lF/sFZU0hq6jLslvaXtfYx9qZgkgAjiMfqbIna6iv5e3S/jDqLn31A5kFL
AqgP6/ZB09bW3Vq9vM3J9cpXS8kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRerLsS
GHNjGu0ipZ2c6K588Ai9gTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWEzZWFlNWMtMDI3ZS00YzM4LWFiOGUtMzMwYjNlNWJhZDk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOLMA0G
CSqGSIb3DQEBCwUAA4IBAQAc36Ygq27nB2ztBXy/qfeOcXU09IN+691vLhrRySeG
zFp9Oe6RvaDFrdv7ztmXfQzt9YexS1+tThQWHPR2lEq8tP7yhQidYeD2c98iKXKw
umIMxFDcMQRBv7Zr1ZFU7UKSsdcyuVnn6ElcPEm2dTPJlucBP38GWJpciIlzfUvV
dqUUzQVaAmE1G1mKp+2QHyycpboXj7pbGT9B6/hVnhjvVXZI1NdmzwAKD3p32mbu
NTGZ7uGNjs7wktJzx6lVA+cPsbt7BIoKLD6k3ru3mBsLAc+eQNvo0taGmML1LJ3l
yrcN56mSzMX8B4lypoAW3HeTcF78hZ2k16eigpS/Q9bm
-----END CERTIFICATE-----
Generated at Wed Sep 17 04:48:46 2025 by rpki-client