Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
File: a02f9994-3943-4a2f-8467-87935bf3bf9e.roa (raw, json)
Hash identifier: Yj2TV2VUuNVFAuKs1B9okPjI+l/K9QxLLLNFZBLEe3c=
Subject key identifier: 71:A5:8F:B4:79:36:33:52:16:20:A6:40:9C:4F:89:EA:1E:E7:D1:18
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 567AFA6F9C1469489EB9A42F7E36FAF3092AD3F8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
Signing time: Tue 21 Oct 2025 14:50:26 +0000
ROA not before: Tue 21 Oct 2025 14:50:26 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.69.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Nov 2025 01:29:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:7a:fa:6f:9c:14:69:48:9e:b9:a4:2f:7e:36:fa:f3:09:2a:d3:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:26 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=a95d1ae841fa62b2ac66cae5e39ddfee40bcb68a942738c0afb1b6653fab08d6, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:05:5b:95:41:89:11:bd:d3:a7:8f:fc:8f:e9:
da:41:15:43:b5:7d:9f:e9:d6:7f:18:ce:9c:ee:cd:
e0:80:8f:85:f0:79:72:3d:53:dd:ae:ad:ed:81:37:
fd:34:d8:4f:ce:85:96:7b:4b:08:58:1f:9f:9b:3d:
4e:da:60:92:5a:e7:78:af:6c:28:03:25:24:94:2c:
95:f8:2f:7a:62:29:b1:c0:87:8d:b2:4c:2b:e3:bc:
e0:70:79:ec:1f:ee:41:2e:d6:fa:dc:e2:96:53:10:
f2:d8:66:07:da:a8:82:ea:40:66:94:6c:28:6f:ca:
94:19:1f:40:f9:8f:91:4e:6a:e4:32:a1:86:b4:00:
b6:b6:85:14:42:7f:d6:e1:43:f1:28:06:fd:38:be:
dd:ab:4e:1c:5e:c3:1e:9d:94:b4:6c:2a:da:12:44:
30:61:77:ab:55:5d:a0:20:ca:1a:d3:21:3c:92:38:
80:ba:0d:87:15:d3:0c:9e:26:71:26:20:b4:51:c1:
5d:b5:b8:9e:e2:a5:91:8c:16:83:42:ca:cc:de:77:
87:e8:e4:e1:3d:5d:28:46:f4:35:9b:c0:f2:37:8c:
48:77:ce:b0:4d:e6:2a:6a:fc:e2:b4:5e:0f:17:63:
e2:99:2d:ca:4a:4c:33:7e:9b:41:97:36:71:8b:5c:
fa:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:A5:8F:B4:79:36:33:52:16:20:A6:40:9C:4F:89:EA:1E:E7:D1:18
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.69.0.0/16
Signature Algorithm: sha256WithRSAEncryption
d5:65:1d:af:0f:61:8b:6d:d8:80:9f:da:71:98:fd:7d:7e:a7:
67:1c:36:96:95:9e:d3:7c:d6:37:ba:fd:60:32:df:87:85:71:
0a:ff:df:74:71:31:48:02:52:91:1a:dd:f2:7a:54:9b:fb:00:
0d:55:1c:f6:30:f0:8b:7d:29:2a:d3:22:eb:0e:e9:ca:d3:ac:
cc:83:4c:36:e3:16:22:41:31:2b:a1:2c:7d:e4:f9:b2:b7:56:
ff:bb:7c:3d:37:43:ed:29:52:0a:db:f0:82:e0:82:f9:33:2a:
22:12:26:09:03:87:f1:ba:a8:12:f6:52:fe:30:a5:6f:41:26:
2c:ac:ff:4b:19:e6:20:da:9e:99:07:96:3d:9c:b1:c2:26:98:
ed:53:53:96:9c:53:75:0c:f6:68:e6:4a:53:d4:fe:0c:b7:a7:
b6:c1:a3:ab:a5:3b:a1:5d:7f:2f:2b:49:e4:e6:5c:b9:4e:20:
2b:5f:7f:69:23:4e:8e:80:47:3c:d0:d0:22:7d:c0:6e:64:ef:
d7:f6:06:40:62:f3:2b:2e:b0:1b:06:55:e6:46:fa:00:0f:43:
7b:f3:f4:4f:ef:95:17:9f:d9:da:65:0d:62:c6:28:3d:a9:b3:
bc:1a:b5:03:61:04:dc:d6:e1:5b:4a:e4:5a:1a:e1:69:5d:29:
46:84:39:f4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVnr6b5wUaUieuaQvfjb68wkq0/gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5NWQxYWU4NDFmYTYyYjJhYzY2Y2FlNWUzOWRkZmVlNDBiY2I2OGE5NDI3
MzhjMGFmYjFiNjY1M2ZhYjA4ZDYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOAFW5VBiRG906eP/I/p2kEVQ7V9n+nWfxjOnO7N4ICPhfB5cj1T3a6t7YE3
/TTYT86FlntLCFgfn5s9TtpgklrneK9sKAMlJJQslfgvemIpscCHjbJMK+O84HB5
7B/uQS7W+tzillMQ8thmB9qogupAZpRsKG/KlBkfQPmPkU5q5DKhhrQAtraFFEJ/
1uFD8SgG/Ti+3atOHF7DHp2UtGwq2hJEMGF3q1VdoCDKGtMhPJI4gLoNhxXTDJ4m
cSYgtFHBXbW4nuKlkYwWg0LKzN53h+jk4T1dKEb0NZvA8jeMSHfOsE3mKmr84rRe
Dxdj4pktykpMM36bQZc2cYtc+jcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRxpY+0
eTYzUhYgpkCcT4nqHufRGDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTAyZjk5OTQtMzk0My00YTJmLTg0NjctODc5MzViZjNiZjllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNFMA0G
CSqGSIb3DQEBCwUAA4IBAQDVZR2vD2GLbdiAn9pxmP19fqdnHDaWlZ7TfNY3uv1g
Mt+HhXEK/990cTFIAlKRGt3yelSb+wANVRz2MPCLfSkq0yLrDunK06zMg0w24xYi
QTEroSx95Pmyt1b/u3w9N0PtKVIK2/CC4IL5MyoiEiYJA4fxuqgS9lL+MKVvQSYs
rP9LGeYg2p6ZB5Y9nLHCJpjtU1OWnFN1DPZo5kpT1P4Mt6e2waOrpTuhXX8vK0nk
5ly5TiArX39pI06OgEc80NAifcBuZO/X9gZAYvMrLrAbBlXmRvoAD0N78/RP75UX
n9naZQ1ixig9qbO8GrUDYQTc1uFbSuRaGuFpXSlGhDn0
-----END CERTIFICATE-----
Generated at Sun Nov 2 08:46:58 2025 by rpki-client