Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa
File: 39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa (raw, json)
Hash identifier: w3iPf5j977wSnUQqSI5CnWgiCliu14QBaV33ucM4xhw=
Subject key identifier: D2:3B:93:21:36:A7:49:DC:42:B0:F6:36:F3:09:9A:A0:B9:52:F6:64
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 27472C0790B88AB88311D18379A0086D7003B546
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa
Signing time: Mon 28 Apr 2025 15:50:13 +0000
ROA not before: Mon 28 Apr 2025 15:50:13 +0000
ROA not after: Mon 02 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.80.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 01:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:47:2c:07:90:b8:8a:b8:83:11:d1:83:79:a0:08:6d:70:03:b5:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 28 15:50:13 2025 GMT
Not After : Jun 2 23:59:59 2025 GMT
Subject: serialNumber=0dc10d3aa2d11fea531f9051f3e7b34c7218af644e036c554c8300569c564327, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:f8:22:0a:32:03:25:97:29:5e:12:9a:6b:bd:
85:99:12:dc:21:4f:a7:33:3c:37:32:02:9c:1b:e4:
f3:e0:dc:65:52:18:33:45:c3:c5:f8:ca:72:85:68:
36:45:d4:f9:6c:46:17:8e:16:7e:34:06:68:67:40:
ef:b3:31:e5:37:1d:38:e7:f4:34:d0:1e:0a:bb:4f:
2c:79:a9:0e:33:9c:0e:a5:ec:f4:22:0a:64:8f:3c:
70:65:81:e9:9b:12:ba:7a:e3:e4:94:ed:6a:0a:29:
33:85:56:8b:fc:87:03:98:6d:8c:5f:6d:d5:7d:ed:
78:1f:5a:09:5f:f4:bd:28:6d:89:41:1f:ab:4d:dc:
8e:e9:d6:48:b0:92:f7:06:2a:d9:87:c6:11:a8:cc:
51:22:9a:5b:2f:61:7d:2d:86:95:79:79:06:f7:bc:
fd:63:6a:ba:ec:b1:3d:b7:65:a8:71:d5:7c:91:57:
ee:84:66:06:a0:41:f8:4b:e3:14:77:eb:38:20:d9:
5d:36:d6:51:fe:47:74:42:0e:9e:75:27:3c:bc:d0:
a4:e6:90:19:28:ba:21:ef:29:88:cf:db:b7:54:d3:
4d:ae:3c:fa:30:fe:01:84:98:9a:6f:49:26:ab:4f:
2d:23:f9:7e:15:14:16:9d:86:d9:aa:87:cf:37:9d:
08:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:3B:93:21:36:A7:49:DC:42:B0:F6:36:F3:09:9A:A0:B9:52:F6:64
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.80.0/21
Signature Algorithm: sha256WithRSAEncryption
26:fb:a3:f7:e1:79:a3:9c:18:06:ac:63:2e:20:8c:63:e3:6d:
fd:d4:b8:b2:0b:7b:8a:ae:63:c1:4e:b7:a7:3a:24:4b:be:33:
a7:11:86:11:e9:1a:8b:4b:d8:e5:ca:a4:0f:49:b9:69:fe:67:
76:d3:23:eb:c9:9a:83:a0:78:a6:91:49:47:63:ec:31:c4:39:
d8:e4:04:11:d5:2d:39:e1:23:90:31:12:86:d7:7a:6b:b5:1a:
9a:cd:0e:ba:0f:b0:11:2c:a5:74:42:f1:bd:f1:00:ec:de:91:
03:73:02:6c:a0:f0:c4:4d:c7:c4:ce:01:a2:71:2d:08:49:c6:
26:37:af:cf:18:7a:40:04:e8:69:d1:1d:ae:e1:df:01:37:96:
4d:ef:7f:00:ce:2a:bd:61:04:6f:ab:4b:3a:d2:63:87:1d:d6:
87:ee:f4:fc:51:82:65:07:c3:3c:38:a5:c3:bb:0c:e0:d7:a7:
67:99:50:3c:fd:33:44:ed:d6:d8:bd:92:29:33:00:06:67:2d:
a5:f4:f7:d4:68:65:c1:6a:4a:17:1d:75:48:af:75:e5:0e:aa:
fd:9e:44:30:e6:49:36:ff:2e:19:12:99:3b:c1:96:82:ee:7e:
c7:cb:d9:45:e4:f6:e8:9e:ef:80:68:de:46:f5:64:2d:75:99:
f7:5b:5a:01
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUJ0csB5C4iriDEdGDeaAIbXADtUYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjgxNTUwMTNaFw0yNTA2MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQDBkYzEwZDNhYTJkMTFmZWE1MzFmOTA1MWYzZTdiMzRjNzIxOGFmNjQ0ZTAz
NmM1NTRjODMwMDU2OWM1NjQzMjcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL/4IgoyAyWXKV4Smmu9hZkS3CFPpzM8NzICnBvk8+DcZVIYM0XDxfjKcoVo
NkXU+WxGF44WfjQGaGdA77Mx5TcdOOf0NNAeCrtPLHmpDjOcDqXs9CIKZI88cGWB
6ZsSunrj5JTtagopM4VWi/yHA5htjF9t1X3teB9aCV/0vShtiUEfq03cjunWSLCS
9wYq2YfGEajMUSKaWy9hfS2GlXl5Bve8/WNquuyxPbdlqHHVfJFX7oRmBqBB+Evj
FHfrOCDZXTbWUf5HdEIOnnUnPLzQpOaQGSi6Ie8piM/bt1TTTa48+jD+AYSYmm9J
JqtPLSP5fhUUFp2G2aqHzzedCM8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTSO5Mh
NqdJ3EKw9jbzCZqguVL2ZDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzkwMzJhMDUtMDhhYS00MmYyLTk4ZmMtOGFhNmFlZWUxZGMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAUDAN
BgkqhkiG9w0BAQsFAAOCAQEAJvuj9+F5o5wYBqxjLiCMY+Nt/dS4sgt7iq5jwU63
pzokS74zpxGGEekai0vY5cqkD0m5af5ndtMj68mag6B4ppFJR2PsMcQ52OQEEdUt
OeEjkDEShtd6a7Uams0Oug+wESyldELxvfEA7N6RA3MCbKDwxE3HxM4BonEtCEnG
Jjevzxh6QAToadEdruHfATeWTe9/AM4qvWEEb6tLOtJjhx3Wh+70/FGCZQfDPDil
w7sM4NenZ5lQPP0zRO3W2L2SKTMABmctpfT31GhlwWpKFx11SK915Q6q/Z5EMOZJ
Nv8uGRKZO8GWgu5+x8vZReT26J7vgGjeRvVkLXWZ91taAQ==
-----END CERTIFICATE-----
Generated at Mon May 5 10:46:19 2025 by rpki-client