Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
File: 42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa (raw, json)
Hash identifier: bbj5jh9Fx3YpI5pzsL/mOuVQPJh+kZKdw/aEeZaEwyg=
Subject key identifier: FD:5D:23:FE:F3:B4:84:0A:D1:C7:1F:28:9B:2A:93:5A:53:64:5F:72
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 48FDC3DE3A57184E1D5DE974E013E1AE38F897B4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
Signing time: Mon 28 Apr 2025 15:50:48 +0000
ROA not before: Mon 28 Apr 2025 15:50:48 +0000
ROA not after: Mon 02 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.24.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 08:37:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
48:fd:c3:de:3a:57:18:4e:1d:5d:e9:74:e0:13:e1:ae:38:f8:97:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 28 15:50:48 2025 GMT
Not After : Jun 2 23:59:59 2025 GMT
Subject: serialNumber=9bb9f48693da0327c1b5428c603a7ae649b1fccec69047c206f288101d616292, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:f0:34:54:d5:8e:61:be:d2:7e:49:8a:29:29:
76:d3:80:c6:18:6b:27:c0:fc:09:a8:b0:f2:46:5c:
76:9b:4e:ae:a5:33:e1:0a:3d:0f:c2:7f:29:54:f7:
4b:a4:27:fb:70:9c:b2:3a:02:5e:78:ac:4a:2f:07:
2a:20:9a:98:76:10:35:a2:2c:d8:92:ba:2b:2b:0f:
d7:0e:f7:7b:5d:a8:29:b2:b1:bf:51:30:8b:5f:dc:
85:3f:e5:cc:98:58:ef:95:99:05:cf:af:0d:e7:33:
44:2f:f6:9e:30:9d:71:a0:72:82:1e:25:57:eb:89:
ec:d3:18:ea:8c:04:25:81:89:ab:88:04:5a:75:e0:
5e:0f:b0:0c:3f:bc:c8:0c:a5:97:0e:90:af:b3:c8:
cc:7b:2e:61:bf:99:c7:62:f4:98:12:a7:a6:58:cf:
ff:22:a4:ff:cf:89:ad:ac:c9:82:5f:65:02:31:ac:
2f:b4:89:37:e6:5d:62:7a:ec:e1:8d:f0:76:60:75:
b1:87:63:0a:cf:30:f5:aa:f8:47:95:60:10:47:64:
87:c2:8c:23:06:cb:29:05:6e:1d:ca:40:61:62:75:
24:bc:81:ac:4c:86:ed:ed:ee:d6:83:43:57:57:f5:
33:3c:60:da:1c:7c:b1:42:0e:f8:9b:bc:3e:76:60:
c2:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:5D:23:FE:F3:B4:84:0A:D1:C7:1F:28:9B:2A:93:5A:53:64:5F:72
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.24.0.0/16
Signature Algorithm: sha256WithRSAEncryption
aa:59:da:59:9c:fa:df:0d:ba:70:36:0d:f8:f5:1a:72:a1:4b:
93:92:47:4c:10:a3:c2:33:80:d8:e4:07:1a:bd:d9:30:df:2d:
83:45:af:7a:5d:79:9f:4b:38:43:3b:9b:84:3f:8a:39:83:90:
61:4d:8a:b7:ed:59:b4:19:66:b0:95:b1:54:97:cf:8d:bd:f0:
99:e1:40:54:a9:7c:df:5f:66:84:1b:fa:15:b1:19:5a:29:12:
f2:40:f1:67:35:50:28:c6:f5:39:01:fc:df:e5:a5:a6:13:c2:
11:93:06:40:f4:85:f3:6c:9a:91:65:22:84:12:3a:80:0b:cc:
c2:bd:a1:17:0d:3d:59:ef:51:dd:23:c1:fb:d6:b6:4f:39:02:
22:10:ca:ae:f0:cd:61:5e:f2:ec:95:51:76:d3:e6:72:67:1e:
d7:21:3a:d5:99:2d:aa:ef:8e:73:9f:c7:90:b6:df:f0:04:ee:
71:e7:2e:72:00:fd:99:d2:e0:d9:ae:26:41:07:37:c8:1f:7f:
85:5e:b5:86:aa:3c:0f:31:64:7a:69:b0:b5:9a:5e:2c:03:d2:
95:7a:f4:ca:90:f1:ed:c5:70:d5:cb:1e:0f:a3:a8:46:76:8f:
9f:7c:db:a4:16:1e:72:df:9c:35:1e:6e:66:1d:b1:28:34:3f:
ee:6e:5d:61
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSP3D3jpXGE4dXel04BPhrjj4l7QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjgxNTUwNDhaFw0yNTA2MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQDliYjlmNDg2OTNkYTAzMjdjMWI1NDI4YzYwM2E3YWU2NDliMWZjY2VjNjkw
NDdjMjA2ZjI4ODEwMWQ2MTYyOTIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIvwNFTVjmG+0n5JiikpdtOAxhhrJ8D8Caiw8kZcdptOrqUz4Qo9D8J/KVT3
S6Qn+3CcsjoCXnisSi8HKiCamHYQNaIs2JK6KysP1w73e12oKbKxv1Ewi1/chT/l
zJhY75WZBc+vDeczRC/2njCdcaBygh4lV+uJ7NMY6owEJYGJq4gEWnXgXg+wDD+8
yAyllw6Qr7PIzHsuYb+Zx2L0mBKnpljP/yKk/8+JrazJgl9lAjGsL7SJN+ZdYnrs
4Y3wdmB1sYdjCs8w9ar4R5VgEEdkh8KMIwbLKQVuHcpAYWJ1JLyBrEyG7e3u1oND
V1f1Mzxg2hx8sUIO+Ju8PnZgwjUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT9XSP+
87SECtHHHyibKpNaU2RfcjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDJmNDdjODUtZTlmZS00MGY5LWFlMWMtNTdlYTFiODA1NDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMYMA0G
CSqGSIb3DQEBCwUAA4IBAQCqWdpZnPrfDbpwNg349RpyoUuTkkdMEKPCM4DY5Aca
vdkw3y2DRa96XXmfSzhDO5uEP4o5g5BhTYq37Vm0GWawlbFUl8+NvfCZ4UBUqXzf
X2aEG/oVsRlaKRLyQPFnNVAoxvU5Afzf5aWmE8IRkwZA9IXzbJqRZSKEEjqAC8zC
vaEXDT1Z71HdI8H71rZPOQIiEMqu8M1hXvLslVF20+ZyZx7XITrVmS2q745zn8eQ
tt/wBO5x5y5yAP2Z0uDZriZBBzfIH3+FXrWGqjwPMWR6abC1ml4sA9KVevTKkPHt
xXDVyx4Po6hGdo+ffNukFh5y35w1Hm5mHbEoND/ubl1h
-----END CERTIFICATE-----
Generated at Mon May 5 13:28:20 2025 by rpki-client