Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c12693-1526-46ae-aa45-d5276a0c0f79.roa
File: 60c12693-1526-46ae-aa45-d5276a0c0f79.roa (raw, json)
Hash identifier: BslX62xkOcU1I46b3bDdJQ+pLuBpNp9KvDiNEQ6LbLM=
Subject key identifier: 3B:A3:74:6D:A3:CD:A9:C4:2B:5B:04:52:5A:55:1A:3A:40:CB:5A:8B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5EF18A4903AC3B96963214F90AD914409FAE5805
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c12693-1526-46ae-aa45-d5276a0c0f79.roa
Signing time: Mon 28 Apr 2025 15:50:55 +0000
ROA not before: Mon 28 Apr 2025 15:50:55 +0000
ROA not after: Mon 02 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.86.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:f1:8a:49:03:ac:3b:96:96:32:14:f9:0a:d9:14:40:9f:ae:58:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 28 15:50:55 2025 GMT
Not After : Jun 2 23:59:59 2025 GMT
Subject: serialNumber=9f2a0c0f76b694b1475aa3e9ecddd9e7a72b6a59a94ebffd45617df1d099fe3b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fa:19:6d:a3:72:ff:6c:f3:58:f8:3e:94:1a:8c:
c3:e8:01:35:b5:20:b9:dd:ef:6f:c3:65:b7:23:1a:
65:6f:9c:53:42:23:f7:90:50:8f:7d:81:5c:5f:67:
22:dc:04:ca:6b:65:88:2f:63:2e:5a:b4:86:d7:19:
03:78:de:44:d6:f2:71:76:76:91:bf:94:d3:9c:71:
70:f0:f5:09:1c:59:00:ee:5b:bd:fb:3c:71:3d:91:
d4:2b:38:44:64:1a:e0:91:34:89:62:c1:c1:53:af:
11:a7:2e:a1:6d:40:13:75:1d:2b:dd:e4:69:bb:21:
7a:40:5c:06:73:3f:57:d6:e1:af:23:0c:a9:96:9a:
ad:37:1f:a0:92:43:91:10:5f:a1:ff:f7:92:3b:62:
ae:74:09:72:e6:58:ca:c8:68:49:09:7e:86:61:4c:
17:90:08:83:e3:cb:43:2f:b0:f5:88:1e:e8:cf:5a:
39:05:f5:fa:35:5d:14:17:24:0f:02:7d:4e:1f:6a:
56:1c:2a:b5:2a:e6:94:66:9a:6b:3a:38:bc:22:03:
de:6b:c8:64:5c:b3:b9:26:db:05:04:4d:93:50:33:
a7:02:21:9f:25:ed:0c:0f:fa:02:9f:d1:62:f3:65:
ca:48:85:55:f9:c3:07:6b:07:7e:9f:b6:ae:2d:b5:
1a:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:A3:74:6D:A3:CD:A9:C4:2B:5B:04:52:5A:55:1A:3A:40:CB:5A:8B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c12693-1526-46ae-aa45-d5276a0c0f79.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.86.0.0/15
Signature Algorithm: sha256WithRSAEncryption
10:7a:7f:94:1f:59:da:cb:2d:7f:b3:8a:4f:3d:8e:64:51:c2:
e3:c7:91:fa:20:ca:41:a5:60:3f:64:65:70:42:12:af:58:95:
25:1f:f4:a7:89:18:9e:7d:fa:d4:ac:55:3c:f9:5c:ff:a3:d5:
67:71:21:74:fa:10:e2:dd:82:0c:25:15:a1:b9:4c:d2:3a:b2:
25:87:14:95:7e:3f:6e:c4:e3:b2:b3:47:ac:77:9f:04:b1:84:
6c:ea:64:b7:1f:15:d6:cd:68:d3:52:25:7c:2b:c3:98:96:a9:
bf:e4:52:61:53:f6:f6:0f:18:9f:93:ee:e5:37:5e:d8:4a:26:
54:34:85:10:e9:a8:be:7e:09:9a:da:02:1c:91:6c:45:7a:2c:
ff:51:fc:90:8a:5e:bf:96:c8:35:ab:f1:8a:e6:75:d8:97:58:
66:8d:46:6f:f9:d1:92:0b:a7:a7:6f:5e:e5:da:90:7b:e5:32:
97:19:17:82:e0:85:a7:ec:b2:c9:59:43:b5:9f:7d:b9:f0:d7:
12:02:98:14:91:12:71:7d:21:b1:f9:7c:9a:29:29:73:77:84:
4a:21:56:2a:4f:35:13:6d:37:cc:83:9b:a3:21:ef:4e:02:cf:
45:20:e8:03:d7:54:7a:49:34:1f:a1:2f:2f:74:57:bb:1c:b6:
18:57:28:00
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXvGKSQOsO5aWMhT5CtkUQJ+uWAUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjgxNTUwNTVaFw0yNTA2MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQDlmMmEwYzBmNzZiNjk0YjE0NzVhYTNlOWVjZGRkOWU3YTcyYjZhNTlhOTRl
YmZmZDQ1NjE3ZGYxZDA5OWZlM2IxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPoZbaNy/2zzWPg+lBqMw+gBNbUgud3vb8NltyMaZW+cU0Ij95BQj32BXF9n
ItwEymtliC9jLlq0htcZA3jeRNbycXZ2kb+U05xxcPD1CRxZAO5bvfs8cT2R1Cs4
RGQa4JE0iWLBwVOvEacuoW1AE3UdK93kabshekBcBnM/V9bhryMMqZaarTcfoJJD
kRBfof/3kjtirnQJcuZYyshoSQl+hmFMF5AIg+PLQy+w9Yge6M9aOQX1+jVdFBck
DwJ9Th9qVhwqtSrmlGaaazo4vCID3mvIZFyzuSbbBQRNk1AzpwIhnyXtDA/6Ap/R
YvNlykiFVfnDB2sHfp+2ri21GvECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ7o3Rt
o82pxCtbBFJaVRo6QMtaizAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjBjMTI2OTMtMTUyNi00NmFlLWFhNDUtZDUyNzZhMGMwZjc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNWMA0G
CSqGSIb3DQEBCwUAA4IBAQAQen+UH1nayy1/s4pPPY5kUcLjx5H6IMpBpWA/ZGVw
QhKvWJUlH/SniRieffrUrFU8+Vz/o9VncSF0+hDi3YIMJRWhuUzSOrIlhxSVfj9u
xOOys0esd58EsYRs6mS3HxXWzWjTUiV8K8OYlqm/5FJhU/b2Dxifk+7lN17YSiZU
NIUQ6ai+fgma2gIckWxFeiz/UfyQil6/lsg1q/GK5nXYl1hmjUZv+dGSC6enb17l
2pB75TKXGReC4IWn7LLJWUO1n3258NcSApgUkRJxfSGx+XyaKSlzd4RKIVYqTzUT
bTfMg5ujIe9OAs9FIOgD11R6STQfoS8vdFe7HLYYVygA
-----END CERTIFICATE-----
Generated at Mon May 5 14:27:50 2025 by rpki-client