Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa
File: de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa (raw, json)
Hash identifier: qlxOGQfv9MN8IOHV2S2/Q+eP3A9WWUfR6VDHi3/s/00=
Subject key identifier: 4E:55:8E:74:EE:99:B7:C1:FD:0B:1C:88:B1:AA:BB:22:44:25:7E:0B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 523264D0DC35CA1C786C007C3E6D5953FAF68199
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa
Signing time: Tue 21 Oct 2025 14:50:25 +0000
ROA not before: Tue 21 Oct 2025 14:50:25 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.40.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 08:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:32:64:d0:dc:35:ca:1c:78:6c:00:7c:3e:6d:59:53:fa:f6:81:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:25 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=e829fc7302e0aaf62b3857a53782d3075e7d059cbe02997a549dafd2091a77bb, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:09:df:09:dd:3d:ee:5d:aa:b3:1a:a9:13:89:
10:0a:a5:da:fd:7f:25:d4:6d:6e:7b:e9:c6:21:e8:
56:5e:0c:48:95:7a:75:84:19:30:de:f6:34:bf:fe:
91:9e:52:ac:ce:3b:ca:6d:f3:31:1d:01:7f:69:51:
78:dc:59:b7:b1:55:d3:fb:b7:d2:aa:e8:dd:f3:54:
60:22:e6:e9:9f:bf:bc:5b:69:f3:94:74:76:36:2b:
ed:cf:75:f5:f3:d7:72:a8:d5:04:13:5a:cf:15:45:
8f:3c:cc:6e:30:b8:cb:e0:ca:0b:21:fc:07:2d:70:
39:5b:4f:cb:2c:49:b8:6d:60:c8:2c:39:d7:d1:a2:
e2:b6:3b:bf:e5:00:c7:e6:f2:af:e3:56:d0:52:12:
f4:03:03:c4:66:d7:15:08:ab:33:02:5a:fa:a2:5d:
90:9c:ec:5f:14:03:9f:0a:11:77:d0:d7:66:dc:32:
f2:93:2d:4d:46:5c:05:7d:6b:4f:cd:73:4a:09:c0:
f4:03:3a:ef:60:ec:d4:b6:99:f3:fe:58:38:51:56:
65:d5:b9:ab:61:f4:6d:ea:dd:dc:5c:f8:0b:69:5b:
73:3e:6b:64:89:ca:d1:86:ac:f3:79:23:ad:73:ef:
23:0c:e5:d9:03:7c:21:9c:fe:69:56:0a:fd:d2:6f:
78:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:55:8E:74:EE:99:B7:C1:FD:0B:1C:88:B1:AA:BB:22:44:25:7E:0B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.40.0.0/16
Signature Algorithm: sha256WithRSAEncryption
64:8c:4c:74:55:47:13:64:84:5a:f3:6b:3f:e4:c2:a6:37:7f:
5c:e4:40:d1:51:5e:47:da:85:06:58:16:f1:4a:93:7f:66:20:
16:fd:e3:d9:df:ce:53:60:52:2e:6d:60:9f:53:1c:4e:8b:5d:
8c:2d:ac:25:31:11:59:95:74:77:fe:42:d4:09:28:b8:b4:f9:
f8:d4:86:b4:c8:0e:fa:c1:30:04:d2:0a:38:6e:77:0f:19:1d:
88:f7:6d:06:52:74:1f:23:4a:48:1b:9e:1a:c0:27:d0:e8:c2:
03:df:b8:6c:cb:4b:4d:c0:84:df:eb:5a:04:c2:49:9d:2c:a3:
20:41:cb:fc:c1:ff:97:63:aa:72:a3:27:39:74:fc:33:6c:98:
a4:ff:d2:65:a6:4e:c6:e5:16:c4:9b:3c:7f:de:47:72:57:24:
dd:b9:f5:6f:09:d7:d6:08:3c:6e:28:d9:be:a2:65:3f:c0:0a:
f8:e9:31:f1:ba:ac:55:a1:6a:77:4c:fb:3d:2a:d7:fb:1f:88:
c0:5c:d5:cb:7c:8f:51:08:28:b7:7c:4f:ff:b5:30:b9:25:32:
3e:06:78:e8:b5:74:28:4d:14:02:5b:a5:6c:43:b9:49:4e:bd:
b5:f6:45:7a:01:3a:b5:6e:fd:ca:4f:0f:18:a9:47:d5:1a:12:
af:eb:ca:9a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUjJk0Nw1yhx4bAB8Pm1ZU/r2gZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMjVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU4MjlmYzczMDJlMGFhZjYyYjM4NTdhNTM3ODJkMzA3NWU3ZDA1OWNiZTAy
OTk3YTU0OWRhZmQyMDkxYTc3YmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIQJ3wndPe5dqrMaqROJEAql2v1/JdRtbnvpxiHoVl4MSJV6dYQZMN72NL/+
kZ5SrM47ym3zMR0Bf2lReNxZt7FV0/u30qro3fNUYCLm6Z+/vFtp85R0djYr7c91
9fPXcqjVBBNazxVFjzzMbjC4y+DKCyH8By1wOVtPyyxJuG1gyCw519Gi4rY7v+UA
x+byr+NW0FIS9AMDxGbXFQirMwJa+qJdkJzsXxQDnwoRd9DXZtwy8pMtTUZcBX1r
T81zSgnA9AM672Ds1LaZ8/5YOFFWZdW5q2H0berd3Fz4C2lbcz5rZInK0Yas83kj
rXPvIwzl2QN8IZz+aVYK/dJveKUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBROVY50
7pm3wf0LHIixqrsiRCV+CzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGU4M2FiMGQtNzMwZS00YmEwLTlkMjItYWYyYzhiN2ZkOGY3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMoMA0G
CSqGSIb3DQEBCwUAA4IBAQBkjEx0VUcTZIRa82s/5MKmN39c5EDRUV5H2oUGWBbx
SpN/ZiAW/ePZ385TYFIubWCfUxxOi12MLawlMRFZlXR3/kLUCSi4tPn41Ia0yA76
wTAE0go4bncPGR2I920GUnQfI0pIG54awCfQ6MID37hsy0tNwITf61oEwkmdLKMg
Qcv8wf+XY6pyoyc5dPwzbJik/9Jlpk7G5RbEmzx/3kdyVyTdufVvCdfWCDxuKNm+
omU/wAr46THxuqxVoWp3TPs9Ktf7H4jAXNXLfI9RCCi3fE//tTC5JTI+BnjotXQo
TRQCW6VsQ7lJTr219kV6ATq1bv3KTw8YqUfVGhKv68qa
-----END CERTIFICATE-----
Generated at Mon Oct 27 14:55:17 2025 by rpki-client