Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
File: 67568c6a-cd1a-4586-a397-580b374dbdb0.roa (raw, json)
Hash identifier: K48eRIDxlydZryogG4jJeMtK4AWCRmbzpfKdVMVgP1g=
Subject key identifier: 40:6A:D6:1B:7D:63:52:C4:60:11:13:5D:2F:D6:24:05:58:93:33:6B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5891CE936E832EAAEAB65E8067A5D3575C55BE3A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
Signing time: Mon 16 Jun 2025 22:00:40 +0000
ROA not before: Mon 16 Jun 2025 22:00:40 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.60.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
58:91:ce:93:6e:83:2e:aa:ea:b6:5e:80:67:a5:d3:57:5c:55:be:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jun 16 22:00:40 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=e25a0f69df01f87b4692582ffeca4282d44b3246668aae2dc15b62c18ca47e7c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:cd:7b:fd:db:de:37:e2:98:41:1f:b5:a2:82:
70:3e:72:27:a1:cc:2e:7a:a8:37:06:d2:44:7d:ee:
71:30:29:31:89:72:45:eb:ae:29:0b:4e:bc:ae:c0:
8c:22:f6:5d:c5:0d:73:10:b2:39:5d:e3:1e:88:2e:
66:58:38:b3:f3:97:79:90:4e:af:25:a7:96:7f:3f:
3d:12:ca:b6:b8:06:32:5e:75:c8:45:63:cd:8a:24:
e7:36:f2:20:2b:8f:35:4c:fb:b1:cb:b7:3a:ee:1c:
c2:be:d3:72:d7:5e:1f:ea:c5:a1:6e:09:14:59:a5:
a7:b0:d6:a3:5f:6f:dd:f7:b5:70:94:c7:4b:ae:8c:
c8:5f:d8:c1:39:1e:1c:bc:95:25:c8:4d:ec:a7:d1:
7a:c3:f0:80:8b:83:9e:6f:a0:de:fc:cf:99:6e:67:
37:6a:89:85:c1:09:10:58:b4:15:9c:0e:65:c1:5e:
8f:8a:02:91:1e:4c:22:59:81:14:84:d2:26:92:df:
24:1b:af:f8:bb:dc:4e:2f:86:46:b8:f0:a0:ac:cf:
39:53:ed:1f:99:a0:1a:6f:3c:77:52:68:06:55:d8:
12:37:b5:f2:c1:e8:bb:19:7e:fc:19:fa:52:97:b8:
71:eb:ea:a3:05:37:04:2f:ee:6b:42:91:f6:57:05:
3c:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:6A:D6:1B:7D:63:52:C4:60:11:13:5D:2F:D6:24:05:58:93:33:6B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.60.0.0/16
Signature Algorithm: sha256WithRSAEncryption
11:6e:f7:f0:49:a9:59:e3:88:3d:de:49:8a:7d:4c:94:4c:34:
50:48:d4:68:ab:a3:44:0e:c5:87:57:5f:30:f1:c8:b3:38:d2:
52:8c:9a:a4:19:21:43:f6:3f:2f:01:88:b8:bb:13:d0:ca:37:
cf:f7:c0:ea:06:f9:b5:96:6b:e8:a6:1f:e1:21:3a:cf:c3:4a:
21:41:37:7f:6c:d2:6f:82:ed:45:f3:19:ce:b1:07:6c:19:16:
f3:02:44:3a:fc:4f:83:2e:b5:74:b3:3f:ec:3a:a3:95:5b:a0:
d4:ec:e7:cc:e3:16:b3:50:63:72:92:56:a8:94:96:88:ea:90:
d9:31:6f:29:b3:e3:02:0f:0d:38:45:4e:4c:da:55:c3:28:51:
00:19:21:55:1f:74:cc:16:5a:aa:d3:3a:23:9c:f4:5c:c6:ee:
b0:61:6a:15:1f:01:6d:54:66:ec:a3:4a:3f:71:54:4d:c9:04:
86:a4:34:de:c7:aa:20:d6:3b:3c:29:94:22:3d:96:8b:80:29:
6a:86:2d:17:f1:5a:d5:c1:1b:44:26:34:81:c5:af:9d:ea:4a:
6e:4e:e8:bc:3f:24:a5:a7:53:7c:13:0c:95:90:64:cc:60:e6:
25:af:0a:d3:e5:e9:63:47:36:2f:43:be:c6:03:c4:8e:c9:6f:
c6:47:7a:8c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWJHOk26DLqrqtl6AZ6XTV1xVvjowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTYyMjAwNDBaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyNWEwZjY5ZGYwMWY4N2I0NjkyNTgyZmZlY2E0MjgyZDQ0YjMyNDY2Njhh
YWUyZGMxNWI2MmMxOGNhNDdlN2MxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvNe/3b3jfimEEftaKCcD5yJ6HMLnqoNwbSRH3ucTApMYlyReuuKQtOvK7A
jCL2XcUNcxCyOV3jHoguZlg4s/OXeZBOryWnln8/PRLKtrgGMl51yEVjzYok5zby
ICuPNUz7scu3Ou4cwr7TctdeH+rFoW4JFFmlp7DWo19v3fe1cJTHS66MyF/YwTke
HLyVJchN7KfResPwgIuDnm+g3vzPmW5nN2qJhcEJEFi0FZwOZcFej4oCkR5MIlmB
FITSJpLfJBuv+LvcTi+GRrjwoKzPOVPtH5mgGm88d1JoBlXYEje18sHouxl+/Bn6
Upe4cevqowU3BC/ua0KR9lcFPP8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRAatYb
fWNSxGARE10v1iQFWJMzazAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc1NjhjNmEtY2QxYS00NTg2LWEzOTctNTgwYjM3NGRiZGIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQARbvfwSalZ44g93kmKfUyUTDRQSNRoq6NEDsWHV18w
8cizONJSjJqkGSFD9j8vAYi4uxPQyjfP98DqBvm1lmvoph/hITrPw0ohQTd/bNJv
gu1F8xnOsQdsGRbzAkQ6/E+DLrV0sz/sOqOVW6DU7OfM4xazUGNyklaolJaI6pDZ
MW8ps+MCDw04RU5M2lXDKFEAGSFVH3TMFlqq0zojnPRcxu6wYWoVHwFtVGbso0o/
cVRNyQSGpDTex6og1js8KZQiPZaLgClqhi0X8VrVwRtEJjSBxa+d6kpuTui8PySl
p1N8EwyVkGTMYOYlrwrT5eljRzYvQ77GA8SOyW/GR3qM
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:26:16 2025 by rpki-client