Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
File: 397b5a86-52b0-4a8c-87de-e6da77812b46.roa (raw, json)
Hash identifier: 4PEOSihxo5gDJQ4RDKL3OzS7hmnx8Fu+jYbLxqjPl5Q=
Subject key identifier: 42:D2:68:7B:34:4D:2D:3E:B0:E9:EE:1C:D4:D0:F6:01:68:29:DE:B2
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 68ECCC186FE076580DBC32732AEDAD581AE15D39
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
Signing time: Mon 16 Jun 2025 22:00:15 +0000
ROA not before: Mon 16 Jun 2025 22:00:15 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.248.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:ec:cc:18:6f:e0:76:58:0d:bc:32:73:2a:ed:ad:58:1a:e1:5d:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jun 16 22:00:15 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=29f687ea549e59ddc441744a4a906dcf6cf663b06befa67ff178b6538feb1ed0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:ff:98:0e:c6:6e:6b:40:0c:32:3b:6d:fa:54:
36:f6:ba:94:70:a2:b7:85:ed:7d:06:e7:e7:0d:d0:
14:77:0f:98:48:9a:7b:5b:b1:4f:1e:2d:58:af:74:
e5:ef:72:9a:b3:b0:8a:18:1f:1e:02:89:05:0b:18:
d5:bc:ee:0b:a5:b0:62:bf:e1:29:18:4e:4a:8c:ca:
22:f6:c5:62:d6:cf:22:d8:15:8a:60:ce:bc:6d:7b:
e1:8a:af:f4:75:e8:48:e4:e1:d6:8f:24:8a:6f:73:
53:ff:30:74:47:3b:dd:a8:a5:cc:23:7d:68:14:17:
d7:af:34:a0:09:a3:7e:1d:14:ee:8f:2c:29:12:03:
2d:27:8c:75:e5:52:ff:b1:3c:f3:7e:c0:b1:9d:ea:
1f:21:14:58:79:8b:39:86:1a:5b:bd:82:84:31:06:
e3:8a:9f:3e:24:a6:18:e5:66:0b:8b:8c:4f:7f:f8:
2f:43:3b:1c:38:bf:5c:42:23:a6:c8:62:99:e3:b5:
bc:37:11:d3:14:51:44:89:09:19:0b:39:7b:fd:44:
d7:0e:d9:1c:83:e9:eb:da:14:cd:94:70:3f:d4:bb:
31:4b:b6:33:87:2d:5f:8c:6d:92:0d:d6:22:7f:b7:
d7:ff:7c:40:e8:b5:35:07:8b:b9:ac:f8:8e:53:5f:
55:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:D2:68:7B:34:4D:2D:3E:B0:E9:EE:1C:D4:D0:F6:01:68:29:DE:B2
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.248.0.0/15
Signature Algorithm: sha256WithRSAEncryption
2e:7f:8e:4f:b8:39:67:24:b4:5b:9c:21:88:3f:49:e2:2c:a7:
23:63:5f:17:d5:e8:b3:29:5e:8d:5e:03:c6:c4:88:2c:fe:1b:
4d:0e:d0:c2:7b:a5:6e:06:f6:6e:56:d3:2f:9c:99:c1:9d:06:
75:d1:2a:0f:ff:ac:e8:4e:3a:16:cb:87:d7:7e:e3:c9:c5:9d:
bf:1f:02:48:64:a1:85:c2:fb:fc:72:91:e5:bf:3e:25:ae:cf:
a9:10:f7:15:0b:94:44:90:c6:5a:75:d4:24:c4:0f:ff:42:ce:
be:3b:6c:76:b3:73:98:eb:3a:1e:1d:74:5b:18:cb:7c:4d:1f:
af:7d:57:14:44:db:8f:7c:38:1d:1c:73:b0:2a:8f:99:bb:40:
bf:0a:ca:30:6b:ae:b8:1a:f3:1b:14:fc:b2:96:7f:f7:fa:68:
74:30:5e:53:2e:5c:fa:64:7a:15:4b:57:81:67:a2:9a:98:ed:
2e:4e:de:36:50:65:99:54:2d:2c:6c:c2:3d:d1:df:ec:9e:47:
d1:32:dc:83:b5:6f:02:1c:4e:68:f1:05:3e:f8:f1:0f:4f:a4:
ff:40:0e:d8:8f:d4:de:08:5a:b7:6a:32:c2:df:cb:1e:12:cc:
dc:ea:42:8f:7d:18:21:16:34:a8:3a:0f:1e:05:5b:75:8e:ab:
9f:c3:20:24
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUaOzMGG/gdlgNvDJzKu2tWBrhXTkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTYyMjAwMTVaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDI5ZjY4N2VhNTQ5ZTU5ZGRjNDQxNzQ0YTRhOTA2ZGNmNmNmNjYzYjA2YmVm
YTY3ZmYxNzhiNjUzOGZlYjFlZDAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ//mA7GbmtADDI7bfpUNva6lHCit4XtfQbn5w3QFHcPmEiae1uxTx4tWK90
5e9ymrOwihgfHgKJBQsY1bzuC6WwYr/hKRhOSozKIvbFYtbPItgVimDOvG174Yqv
9HXoSOTh1o8kim9zU/8wdEc73ailzCN9aBQX1680oAmjfh0U7o8sKRIDLSeMdeVS
/7E8837AsZ3qHyEUWHmLOYYaW72ChDEG44qfPiSmGOVmC4uMT3/4L0M7HDi/XEIj
pshimeO1vDcR0xRRRIkJGQs5e/1E1w7ZHIPp69oUzZRwP9S7MUu2M4ctX4xtkg3W
In+31/98QOi1NQeLuaz4jlNfVWsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRC0mh7
NE0tPrDp7hzU0PYBaCnesjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mzk3YjVhODYtNTJiMC00YThjLTg3ZGUtZTZkYTc3ODEyYjQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP4MA0G
CSqGSIb3DQEBCwUAA4IBAQAuf45PuDlnJLRbnCGIP0niLKcjY18X1eizKV6NXgPG
xIgs/htNDtDCe6VuBvZuVtMvnJnBnQZ10SoP/6zoTjoWy4fXfuPJxZ2/HwJIZKGF
wvv8cpHlvz4lrs+pEPcVC5REkMZaddQkxA//Qs6+O2x2s3OY6zoeHXRbGMt8TR+v
fVcURNuPfDgdHHOwKo+Zu0C/Csowa664GvMbFPyyln/3+mh0MF5TLlz6ZHoVS1eB
Z6KamO0uTt42UGWZVC0sbMI90d/snkfRMtyDtW8CHE5o8QU++PEPT6T/QA7Yj9Te
CFq3ajLC38seEszc6kKPfRghFjSoOg8eBVt1jqufwyAk
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:52:35 2025 by rpki-client