Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
File: 676cc479-c956-49aa-8372-560fd674c62c.roa (raw, json)
Hash identifier: hYBAO5dljvBpUbXJvis/GX2WNAnwki9QMDnMrvslndI=
Subject key identifier: CD:3A:3E:38:0F:1F:59:36:4C:E0:18:8E:39:D6:A2:1F:EC:2F:02:26
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4C3D97F62028297E0B10A6936023C32CB4D20DA6
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
Signing time: Mon 28 Apr 2025 15:50:46 +0000
ROA not before: Mon 28 Apr 2025 15:50:46 +0000
ROA not after: Mon 02 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.20.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 10 May 2025 17:53:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:3d:97:f6:20:28:29:7e:0b:10:a6:93:60:23:c3:2c:b4:d2:0d:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 28 15:50:46 2025 GMT
Not After : Jun 2 23:59:59 2025 GMT
Subject: serialNumber=f01aee7509debc1ee910abab4f15937d15088df0c71eea738bfa3d6e918a7b06, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:7b:eb:e9:f4:1c:7e:e6:53:f4:41:d3:9f:7b:
d1:d2:17:56:32:14:f2:4c:03:9a:b0:d8:5c:86:4c:
b7:4f:1b:bb:9b:b2:c3:8f:40:89:ee:98:c2:88:89:
9c:88:2e:f7:bd:00:50:a6:fa:13:59:6e:fc:6f:14:
ef:45:da:10:e4:10:eb:a2:e3:16:65:3b:60:f2:f0:
c0:91:db:0e:bd:fa:53:97:51:86:25:e5:8f:36:8a:
d1:fc:a0:d0:af:cb:35:bd:b3:41:2e:df:5b:54:52:
33:f4:73:2b:37:e4:68:e4:55:3b:95:03:38:a1:9a:
98:56:11:e1:68:f9:ef:1b:30:81:38:b5:f2:1e:e8:
d6:11:39:4b:8d:e7:17:dd:d0:e6:78:fd:19:22:bf:
24:da:ef:19:5d:2d:f7:c4:d2:83:d5:2d:94:28:84:
18:25:f7:de:d1:bb:c2:7d:a8:20:1f:fa:82:14:73:
db:c1:d7:7b:5b:c1:e5:74:fc:de:4c:23:f8:0c:3a:
96:47:aa:e9:16:40:8f:72:76:5b:f1:5a:34:fd:f9:
bb:99:9b:75:1b:a1:f1:59:b8:61:f3:6e:10:c2:59:
fa:e6:4b:19:e0:3a:d8:26:42:0d:e7:c6:93:47:25:
d3:0c:b2:95:3a:6a:28:a6:55:ec:c4:47:4b:49:75:
a7:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:3A:3E:38:0F:1F:59:36:4C:E0:18:8E:39:D6:A2:1F:EC:2F:02:26
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.20.0.0/16
Signature Algorithm: sha256WithRSAEncryption
48:4a:7b:08:8d:b7:36:9e:a3:a6:85:8f:0d:c1:b8:f5:0f:35:
85:46:1a:96:25:1b:96:4a:40:59:50:76:63:14:b9:fa:ce:ac:
bc:48:93:10:ce:e4:66:46:c7:9e:fd:2c:2e:93:24:2d:06:91:
fc:39:5c:b3:bc:6d:ce:c3:f9:81:4a:bc:e2:45:b8:79:53:94:
90:e1:d2:10:5b:05:4d:b5:4c:8e:c3:f6:c9:a4:92:b5:05:28:
eb:b3:42:23:6f:55:2e:a0:e8:4b:67:7e:3c:54:2e:00:e9:40:
a2:e1:85:44:82:73:ac:fe:eb:b0:f3:e2:e0:c8:ed:42:73:f4:
37:c8:73:9d:ca:e2:4e:f7:59:98:c5:71:ec:04:81:a8:da:50:
33:f8:2a:cd:85:09:c2:0b:aa:3c:25:49:40:0a:d6:42:1c:e4:
69:55:9c:85:6b:be:30:ac:a0:fa:e0:01:20:e5:34:13:49:73:
19:b2:d8:7c:59:b7:09:31:c7:25:35:3d:4b:37:74:d5:f3:1a:
61:77:8c:9f:ce:25:c2:4c:d3:70:ec:1c:f3:78:88:ad:cd:42:
fb:a7:29:37:f6:97:c7:64:e8:6d:a5:b8:a9:00:26:c1:ec:c4:
c5:b8:a4:33:53:66:54:8a:3b:6a:f7:db:8c:37:fc:35:26:87:
a7:b6:7f:3b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUTD2X9iAoKX4LEKaTYCPDLLTSDaYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjgxNTUwNDZaFw0yNTA2MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQGYwMWFlZTc1MDlkZWJjMWVlOTEwYWJhYjRmMTU5MzdkMTUwODhkZjBjNzFl
ZWE3MzhiZmEzZDZlOTE4YTdiMDYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANp76+n0HH7mU/RB05970dIXVjIU8kwDmrDYXIZMt08bu5uyw49Aie6YwoiJ
nIgu970AUKb6E1lu/G8U70XaEOQQ66LjFmU7YPLwwJHbDr36U5dRhiXljzaK0fyg
0K/LNb2zQS7fW1RSM/RzKzfkaORVO5UDOKGamFYR4Wj57xswgTi18h7o1hE5S43n
F93Q5nj9GSK/JNrvGV0t98TSg9UtlCiEGCX33tG7wn2oIB/6ghRz28HXe1vB5XT8
3kwj+Aw6lkeq6RZAj3J2W/FaNP35u5mbdRuh8Vm4YfNuEMJZ+uZLGeA62CZCDefG
k0cl0wyylTpqKKZV7MRHS0l1p7sCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTNOj44
Dx9ZNkzgGI451qIf7C8CJjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc2Y2M0NzktYzk1Ni00OWFhLTgzNzItNTYwZmQ2NzRjNjJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMUMA0G
CSqGSIb3DQEBCwUAA4IBAQBISnsIjbc2nqOmhY8Nwbj1DzWFRhqWJRuWSkBZUHZj
FLn6zqy8SJMQzuRmRsee/SwukyQtBpH8OVyzvG3Ow/mBSrziRbh5U5SQ4dIQWwVN
tUyOw/bJpJK1BSjrs0Ijb1UuoOhLZ348VC4A6UCi4YVEgnOs/uuw8+LgyO1Cc/Q3
yHOdyuJO91mYxXHsBIGo2lAz+CrNhQnCC6o8JUlACtZCHORpVZyFa74wrKD64AEg
5TQTSXMZsth8WbcJMcclNT1LN3TV8xphd4yfziXCTNNw7BzzeIitzUL7pyk39pfH
ZOhtpbipACbB7MTFuKQzU2ZUijtq99uMN/w1Joentn87
-----END CERTIFICATE-----
Generated at Sat May 10 01:02:35 2025 by rpki-client