Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
File: 676cc479-c956-49aa-8372-560fd674c62c.roa (raw, json)
Hash identifier: sWGgaa9DepYt5hUhdvbod9K6P45ypcN4lImX/6X/dUI=
Subject key identifier: 08:8B:03:59:96:F3:46:F5:53:EF:EF:B7:BA:A6:D5:64:9A:51:D2:19
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7E385BEA8F966EF7B2E36EB6E70C0AB3AAC21BAE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
Signing time: Tue 17 Jun 2025 00:50:25 +0000
ROA not before: Tue 17 Jun 2025 00:50:25 +0000
ROA not after: Tue 22 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.20.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:38:5b:ea:8f:96:6e:f7:b2:e3:6e:b6:e7:0c:0a:b3:aa:c2:1b:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jun 17 00:50:25 2025 GMT
Not After : Jul 22 23:59:59 2025 GMT
Subject: serialNumber=9ec011aa36921fb91150a9122440c1a999fdf3b0c19d00d6d6ccf26e825431a4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:38:34:1e:04:70:4c:01:ae:bb:ea:d7:eb:91:
8a:b9:6f:35:29:de:7c:51:62:a2:f0:00:4a:01:e6:
2b:55:a8:46:25:8b:5e:2c:46:32:95:16:40:8d:a7:
e2:16:35:3a:22:5e:c7:0c:21:7a:13:a7:0f:c9:a7:
08:02:5d:02:68:5d:5a:33:db:96:74:3b:ff:87:77:
95:07:04:87:e5:d7:60:c5:06:2a:44:0a:c9:33:90:
93:5b:fe:09:91:0c:c0:67:d7:71:1c:e3:b2:5e:a8:
2f:e0:14:5c:f1:ba:49:bc:31:23:fb:8a:73:d2:13:
64:fa:35:a9:50:a8:4d:fd:92:e7:c8:0b:08:6f:71:
f2:5d:56:b6:d7:28:bc:2f:bf:cc:a1:18:f5:22:b5:
1b:46:3d:a7:0b:da:6c:06:7a:90:ef:9b:0e:8b:6f:
f8:ea:04:71:43:d7:54:cb:41:2b:3b:11:ac:4e:69:
b9:19:08:f5:fc:56:bb:5c:54:a4:f1:ee:42:a5:21:
7d:e7:7d:bd:7c:4b:61:c1:23:4c:c7:25:aa:f9:5f:
ee:b5:fe:ba:0b:2c:ae:77:dc:6f:32:8b:06:83:25:
38:a2:d9:36:90:ba:3f:13:31:7c:69:73:9d:f4:c2:
27:08:d5:d2:63:4e:31:c2:38:d4:5d:e5:2d:67:85:
24:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:8B:03:59:96:F3:46:F5:53:EF:EF:B7:BA:A6:D5:64:9A:51:D2:19
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.20.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2e:1b:93:56:6e:e3:76:31:6b:2b:74:3d:d5:77:08:d8:f2:90:
4d:31:1d:fe:28:f9:1f:a5:17:a0:cf:a7:e9:15:b0:25:4f:fa:
72:14:b1:1d:f9:e3:56:bb:bf:c4:01:80:a8:9a:eb:7b:2c:46:
8e:ea:91:d4:df:c5:6c:ad:55:1b:01:86:f0:46:da:47:a1:f4:
e5:1f:6f:37:ce:d8:94:9a:a8:46:50:67:27:49:d3:f0:7c:e9:
43:9f:db:1d:f2:3b:8d:d1:b2:25:5a:38:e6:6a:df:a0:6c:58:
df:47:22:fa:b4:c7:7a:94:29:d0:6d:28:1b:41:6a:4e:7c:13:
0d:2a:8b:ac:0a:b0:f7:5f:b8:26:fd:6f:3e:a9:49:ac:d8:19:
fa:bd:1e:a1:7e:a7:72:3b:17:24:ec:9f:9d:3f:4d:0e:5e:cb:
e6:d5:d2:1a:f8:77:79:71:90:e4:01:9a:f7:f2:75:b5:dc:d9:
ac:22:4b:7e:d4:8a:74:8d:30:c7:75:aa:19:59:62:7f:8d:e9:
c9:9c:5c:d4:21:fc:81:36:4c:93:a4:d9:ab:8f:5d:44:f5:31:
6e:15:53:87:8f:d6:5a:ae:cc:27:8f:fa:d7:ba:83:23:60:cf:
e8:92:1c:8a:0e:78:02:a5:39:7c:79:56:44:4e:7c:4c:9f:a0:
4f:78:22:3d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUfjhb6o+Wbvey42625wwKs6rCG64wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTcwMDUwMjVaFw0yNTA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDllYzAxMWFhMzY5MjFmYjkxMTUwYTkxMjI0NDBjMWE5OTlmZGYzYjBjMTlk
MDBkNmQ2Y2NmMjZlODI1NDMxYTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMo4NB4EcEwBrrvq1+uRirlvNSnefFFiovAASgHmK1WoRiWLXixGMpUWQI2n
4hY1OiJexwwhehOnD8mnCAJdAmhdWjPblnQ7/4d3lQcEh+XXYMUGKkQKyTOQk1v+
CZEMwGfXcRzjsl6oL+AUXPG6SbwxI/uKc9ITZPo1qVCoTf2S58gLCG9x8l1Wttco
vC+/zKEY9SK1G0Y9pwvabAZ6kO+bDotv+OoEcUPXVMtBKzsRrE5puRkI9fxWu1xU
pPHuQqUhfed9vXxLYcEjTMclqvlf7rX+ugssrnfcbzKLBoMlOKLZNpC6PxMxfGlz
nfTCJwjV0mNOMcI41F3lLWeFJL0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQIiwNZ
lvNG9VPv77e6ptVkmlHSGTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc2Y2M0NzktYzk1Ni00OWFhLTgzNzItNTYwZmQ2NzRjNjJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMUMA0G
CSqGSIb3DQEBCwUAA4IBAQAuG5NWbuN2MWsrdD3VdwjY8pBNMR3+KPkfpRegz6fp
FbAlT/pyFLEd+eNWu7/EAYComut7LEaO6pHU38VsrVUbAYbwRtpHofTlH283ztiU
mqhGUGcnSdPwfOlDn9sd8juN0bIlWjjmat+gbFjfRyL6tMd6lCnQbSgbQWpOfBMN
KousCrD3X7gm/W8+qUms2Bn6vR6hfqdyOxck7J+dP00OXsvm1dIa+Hd5cZDkAZr3
8nW13NmsIkt+1Ip0jTDHdaoZWWJ/jenJnFzUIfyBNkyTpNmrj11E9TFuFVOHj9Za
rswnj/rXuoMjYM/okhyKDngCpTl8eVZETnxMn6BPeCI9
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:44:00 2025 by rpki-client