Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
File: ef3e6945-57bf-41fe-9e98-2db6c2800547.roa (raw, json)
Hash identifier: 0WlTrW9Bmdhrq+s+EH+crXzdY2gA9tDYn8jLrRcG/as=
Subject key identifier: 5C:8A:22:30:46:22:EC:1C:CB:8D:85:2E:44:75:05:EB:AB:7D:6E:03
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5B42269E48ADEC53D82A932AD1AE613B4783B40C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
Signing time: Sat 15 Nov 2025 06:40:51 +0000
ROA not before: Sat 15 Nov 2025 06:40:51 +0000
ROA not after: Sat 20 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.208.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 16 Nov 2025 12:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:42:26:9e:48:ad:ec:53:d8:2a:93:2a:d1:ae:61:3b:47:83:b4:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Nov 15 06:40:51 2025 GMT
Not After : Dec 20 23:59:59 2025 GMT
Subject: serialNumber=69f1afd9fd44c62bee521be9f0051e7c3eb671c053a6e100623f3441ff925633, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:4c:4c:c3:9c:c2:42:eb:10:0f:64:b8:65:3a:
5d:0f:27:09:83:fe:98:f5:74:11:77:6b:98:49:3d:
ba:44:6e:3c:6e:ac:db:e2:88:34:0f:4b:66:77:f8:
a6:f3:a3:f5:18:05:e9:f7:11:dd:ab:57:9b:12:e6:
05:a7:2c:1b:54:6f:aa:36:73:0f:64:83:d6:23:7f:
a7:b7:c0:a8:3d:79:15:25:9f:5b:96:ad:97:4f:cb:
bc:47:36:4a:7e:ef:fa:9e:c5:46:bd:f7:35:87:0f:
3e:65:4f:0f:63:5c:79:65:91:00:a8:8e:75:61:6e:
a7:77:f4:c1:fc:8a:8d:f4:fb:7e:4c:4e:45:13:41:
cb:60:40:f7:d3:31:30:e2:89:70:2b:62:44:d5:4a:
e9:53:21:70:aa:e3:ec:e6:8a:4d:6a:93:8a:b6:e1:
92:3a:33:62:4a:35:45:4f:70:b5:e6:75:65:36:c9:
29:bb:0c:87:d3:7a:e5:0e:e3:b3:e4:6c:92:d0:63:
c9:d4:26:14:43:23:fb:03:1e:90:38:e7:92:46:87:
ec:96:00:7a:79:7c:67:08:39:c2:35:a1:cf:a9:bd:
d6:e8:f3:c2:d0:e9:a2:87:f8:a0:43:fa:88:76:06:
63:4c:ad:d7:67:69:d5:bd:7b:6b:a1:bc:63:c1:dc:
69:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:8A:22:30:46:22:EC:1C:CB:8D:85:2E:44:75:05:EB:AB:7D:6E:03
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.208.0.0/15
Signature Algorithm: sha256WithRSAEncryption
78:7c:05:13:98:a7:c2:a9:b8:bb:76:73:d4:60:46:a5:71:d9:
3a:d7:4d:08:85:5a:bb:94:a9:cd:15:80:52:96:b8:8c:6d:7a:
aa:54:37:90:58:34:c1:f5:9c:81:a6:d5:e0:eb:b0:57:0b:06:
e3:a6:4a:13:50:b3:e4:5f:85:e7:9a:75:e1:ee:90:a5:a0:80:
d1:13:dd:73:7a:f6:14:fd:7e:d1:96:24:18:97:42:1d:a6:73:
7d:70:94:0f:4e:42:03:15:19:a1:e1:06:1f:5d:49:00:42:12:
3c:80:57:78:88:0d:ae:11:db:9d:bd:65:7b:c9:db:2a:ec:ab:
ce:ea:87:a6:fc:2f:c3:6f:00:7e:c4:3c:eb:20:b1:52:d7:25:
01:fb:19:ca:95:28:da:40:b6:a8:3c:15:6a:ae:85:d4:99:6b:
40:03:8a:31:ce:2d:d9:41:05:0e:60:f3:3d:6d:17:a6:dc:67:
63:23:c4:28:81:1e:f9:bf:ce:9d:84:c3:fb:36:ee:cc:07:81:
81:20:ac:04:0e:c0:0c:7b:61:21:ae:b5:fd:d3:24:e3:8c:f3:
39:61:93:fa:b3:2a:0e:d6:9c:9f:fb:b3:70:52:87:b2:e1:4a:
f0:be:b9:80:50:d4:17:18:50:45:eb:81:29:35:a4:bd:8b:8e:
b4:a0:35:a7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUW0Imnkit7FPYKpMq0a5hO0eDtAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTExMTUwNjQwNTFaFw0yNTEyMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDY5ZjFhZmQ5ZmQ0NGM2MmJlZTUyMWJlOWYwMDUxZTdjM2ViNjcxYzA1M2E2
ZTEwMDYyM2YzNDQxZmY5MjU2MzMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMRMTMOcwkLrEA9kuGU6XQ8nCYP+mPV0EXdrmEk9ukRuPG6s2+KINA9LZnf4
pvOj9RgF6fcR3atXmxLmBacsG1RvqjZzD2SD1iN/p7fAqD15FSWfW5atl0/LvEc2
Sn7v+p7FRr33NYcPPmVPD2NceWWRAKiOdWFup3f0wfyKjfT7fkxORRNBy2BA99Mx
MOKJcCtiRNVK6VMhcKrj7OaKTWqTirbhkjozYko1RU9wteZ1ZTbJKbsMh9N65Q7j
s+RsktBjydQmFEMj+wMekDjnkkaH7JYAenl8Zwg5wjWhz6m91ujzwtDpoof4oEP6
iHYGY0yt12dp1b17a6G8Y8HcaZMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRciiIw
RiLsHMuNhS5EdQXrq31uAzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWYzZTY5NDUtNTdiZi00MWZlLTllOTgtMmRiNmMyODAwNTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPQMA0G
CSqGSIb3DQEBCwUAA4IBAQB4fAUTmKfCqbi7dnPUYEalcdk6100IhVq7lKnNFYBS
lriMbXqqVDeQWDTB9ZyBptXg67BXCwbjpkoTULPkX4XnmnXh7pCloIDRE91zevYU
/X7RliQYl0IdpnN9cJQPTkIDFRmh4QYfXUkAQhI8gFd4iA2uEdudvWV7ydsq7KvO
6oem/C/DbwB+xDzrILFS1yUB+xnKlSjaQLaoPBVqroXUmWtAA4oxzi3ZQQUOYPM9
bRem3GdjI8QogR75v86dhMP7Nu7MB4GBIKwEDsAMe2EhrrX90yTjjPM5YZP6syoO
1pyf+7NwUoey4UrwvrmAUNQXGFBF64EpNaS9i460oDWn
-----END CERTIFICATE-----
Generated at Sat Nov 15 18:27:51 2025 by rpki-client