Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
File: 57870f13-82ea-4955-953f-742413b6a651.roa (raw, json)
Hash identifier: UBh0fHzUNBJFD0jgo7mroPrHl6UjDdKscocdS2mzbd0=
Subject key identifier: 43:3D:65:08:3A:CF:5A:6E:60:2D:D3:60:E8:37:09:79:0C:05:C0:9F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7C02A6121E28B3F2941E1478B5D16AEB863A013D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
Signing time: Mon 28 Apr 2025 15:50:07 +0000
ROA not before: Mon 28 Apr 2025 15:50:07 +0000
ROA not after: Mon 02 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7c:02:a6:12:1e:28:b3:f2:94:1e:14:78:b5:d1:6a:eb:86:3a:01:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 28 15:50:07 2025 GMT
Not After : Jun 2 23:59:59 2025 GMT
Subject: serialNumber=9fea12ec86bf4e62be0e158bd36ccbe1f25eda5fabf72618c9f8019ed04a95c4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:7e:ea:63:a1:57:e6:0c:aa:be:97:41:34:38:
fd:cd:ff:70:08:23:6c:8b:33:c5:34:b6:f6:c1:87:
76:b8:b3:fe:2a:ed:88:01:6d:23:85:be:7b:08:16:
54:04:4b:55:e9:dc:d1:36:56:c7:5f:d4:03:61:d7:
d1:b2:97:e2:63:ea:14:ac:f5:d0:15:b9:f0:11:93:
ac:05:c0:bb:02:34:2b:72:de:61:8d:1d:43:44:f1:
75:bd:49:bf:16:b8:2c:a7:10:73:d5:de:d6:84:10:
6c:70:be:7a:dc:89:31:94:bd:f4:ca:d6:d9:31:81:
dd:0e:57:a0:6c:fd:8b:33:fc:18:7e:51:c7:54:61:
80:11:f5:b1:d8:5a:d7:6f:4c:5c:eb:14:2f:c0:1e:
c4:c7:cb:a6:e1:2e:66:38:3b:a1:fc:55:4b:22:63:
ff:47:eb:d4:36:65:89:6b:31:12:be:03:ab:b0:79:
66:6d:d8:b7:69:00:51:65:18:f4:4b:32:46:93:06:
ba:1e:09:f2:1c:0f:3e:91:ca:e0:2f:2a:92:a8:69:
40:1b:a6:37:7c:32:a8:91:bd:ba:6e:57:33:38:47:
4e:0c:26:9a:d0:11:a6:a7:53:5c:22:7b:69:df:dc:
d7:8b:60:6f:a2:9e:a2:da:51:67:4f:3f:0d:1e:e8:
13:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:3D:65:08:3A:CF:5A:6E:60:2D:D3:60:E8:37:09:79:0C:05:C0:9F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578::/48
Signature Algorithm: sha256WithRSAEncryption
4b:97:c6:02:6f:93:21:e9:e7:e9:80:a9:6b:d3:00:52:36:55:
28:e1:d8:43:74:6d:e5:a0:4c:1c:d1:d5:51:05:43:99:e2:fc:
0f:ba:e4:b2:90:1d:f4:2c:04:27:6a:ca:23:be:80:72:87:1e:
28:fa:ca:b3:46:9c:21:86:8f:5a:bf:a5:8c:70:50:81:06:d0:
24:88:15:c6:82:62:60:cf:91:41:e8:49:5e:33:f0:70:bc:69:
7d:23:a1:95:82:be:ae:2d:dd:62:05:21:17:3e:06:fd:dd:84:
4c:f3:c9:59:96:77:0b:be:b0:23:18:1a:5a:20:aa:59:c6:06:
7d:c4:e0:0d:5d:33:20:91:82:f4:4d:25:0a:68:c5:47:c4:da:
78:0a:eb:1d:f3:b9:c5:58:05:43:6e:1a:04:b0:a7:52:49:5c:
a9:ad:5c:a5:78:44:b4:72:da:2b:b5:2c:40:df:d8:e9:a3:fa:
d2:7f:3d:03:c4:09:99:d1:e0:53:40:8f:26:e0:8b:b1:a7:00:
fe:0c:7c:84:70:e7:ed:a4:04:84:ad:f8:82:2d:39:78:c1:af:
f8:63:0e:84:85:e2:80:e0:b4:3e:4f:cd:df:7e:3c:d2:ed:6e:
c1:e7:ce:7c:54:2e:40:77:55:c1:45:1c:df:40:3b:27:9c:d1:
2e:28:c7:8b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUfAKmEh4os/KUHhR4tdFq64Y6AT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjgxNTUwMDdaFw0yNTA2MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQDlmZWExMmVjODZiZjRlNjJiZTBlMTU4YmQzNmNjYmUxZjI1ZWRhNWZhYmY3
MjYxOGM5ZjgwMTllZDA0YTk1YzQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKh+6mOhV+YMqr6XQTQ4/c3/cAgjbIszxTS29sGHdriz/irtiAFtI4W+ewgW
VARLVenc0TZWx1/UA2HX0bKX4mPqFKz10BW58BGTrAXAuwI0K3LeYY0dQ0Txdb1J
vxa4LKcQc9Xe1oQQbHC+etyJMZS99MrW2TGB3Q5XoGz9izP8GH5Rx1RhgBH1sdha
129MXOsUL8AexMfLpuEuZjg7ofxVSyJj/0fr1DZliWsxEr4Dq7B5Zm3Yt2kAUWUY
9EsyRpMGuh4J8hwPPpHK4C8qkqhpQBumN3wyqJG9um5XMzhHTgwmmtARpqdTXCJ7
ad/c14tgb6KeotpRZ08/DR7oExECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRDPWUI
Os9abmAt02DoNwl5DAXAnzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTc4NzBmMTMtODJlYS00OTU1LTk1M2YtNzQyNDEzYjZhNjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
ADANBgkqhkiG9w0BAQsFAAOCAQEAS5fGAm+TIenn6YCpa9MAUjZVKOHYQ3Rt5aBM
HNHVUQVDmeL8D7rkspAd9CwEJ2rKI76AcoceKPrKs0acIYaPWr+ljHBQgQbQJIgV
xoJiYM+RQehJXjPwcLxpfSOhlYK+ri3dYgUhFz4G/d2ETPPJWZZ3C76wIxgaWiCq
WcYGfcTgDV0zIJGC9E0lCmjFR8TaeArrHfO5xVgFQ24aBLCnUklcqa1cpXhEtHLa
K7UsQN/Y6aP60n89A8QJmdHgU0CPJuCLsacA/gx8hHDn7aQEhK34gi05eMGv+GMO
hIXigOC0Pk/N33480u1uwefOfFQuQHdVwUUc30A7J5zRLijHiw==
-----END CERTIFICATE-----
Generated at Mon May 5 14:46:35 2025 by rpki-client