Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
File: 69988e45-d4fb-4896-be53-951c20d12c48.roa (raw, json)
Hash identifier: fXj/kn2L9gKTwv/+be/DLd/pDpJl8ZjSrqcbrrDLrVs=
Subject key identifier: C5:B3:D6:D2:1F:DC:BD:BF:F8:01:23:37:9A:C7:A8:93:B0:C0:8B:E5
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 32EA32DE34642234FD3AFF9D4B38AD21510BDAA6
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
Signing time: Mon 16 Jun 2025 21:50:54 +0000
ROA not before: Mon 16 Jun 2025 21:50:54 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a11:47c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:ea:32:de:34:64:22:34:fd:3a:ff:9d:4b:38:ad:21:51:0b:da:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jun 16 21:50:54 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=789bd0e908a946e4337c6d96a040af1e80e2e98e95639ef9bf6d4bc0b7773c64, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:c6:de:5f:ba:0e:d8:e1:f7:6b:49:1a:60:d6:
7b:86:95:59:a3:d0:4a:ec:bf:a2:d7:55:05:60:ac:
2f:e5:f6:24:87:aa:d1:cb:44:b8:2f:4f:87:94:e5:
8b:b9:b1:8d:d6:84:86:ee:2e:19:99:cb:00:39:98:
02:3c:f3:38:21:b6:6f:dc:32:70:cb:19:bc:1a:0e:
26:af:8a:e7:67:31:7b:3f:ed:0f:02:67:a5:32:97:
8d:b1:b2:73:43:84:8a:7e:5c:6d:ff:43:d5:28:a8:
c0:ed:47:c1:d7:a9:37:cf:c2:00:99:65:4f:c2:89:
8e:cc:0a:ef:49:f4:d2:60:17:20:0b:d8:8b:f5:97:
3e:f6:c5:e6:68:ce:ed:51:6f:2f:16:fb:01:66:d9:
cb:be:51:94:2f:31:be:d7:d5:bb:d4:66:d3:2c:4a:
e7:f1:b9:26:4f:71:35:cf:67:21:bb:0b:02:e1:5e:
c2:61:3f:89:c8:39:2c:d4:e3:1d:d7:d9:7c:5a:34:
28:82:94:e9:ef:79:ef:ac:6a:8e:49:b1:0e:88:0a:
26:31:99:09:b6:03:0e:9e:5a:00:27:6c:71:86:45:
29:01:e5:13:0c:74:95:bf:a2:86:82:42:ad:dc:83:
b6:95:89:79:65:96:4a:63:ba:a2:e0:9f:8f:9c:f5:
30:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:B3:D6:D2:1F:DC:BD:BF:F8:01:23:37:9A:C7:A8:93:B0:C0:8B:E5
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:47c0::/29
Signature Algorithm: sha256WithRSAEncryption
94:bf:1b:42:e6:f7:9c:01:3c:bb:35:ef:dc:9b:0d:48:ff:22:
1f:c6:5e:2c:1f:5e:75:7c:b7:fa:61:26:23:18:88:f9:95:85:
3e:8f:8e:c1:60:ad:ed:ba:ce:13:99:64:44:11:65:ff:07:ed:
7a:6c:9d:ca:6e:8e:84:91:ad:19:b3:5a:38:40:93:67:df:ed:
49:d2:53:5e:e2:51:33:58:3a:e6:b8:2c:fa:1c:9d:36:7d:ab:
23:ff:b7:8b:99:d6:a3:ee:58:be:08:f7:26:11:a2:27:8a:f8:
f2:ed:8a:10:08:31:d1:bb:81:78:9d:73:91:d5:8d:6a:1a:5d:
0f:f6:17:d5:df:42:23:ff:41:f2:46:0f:53:10:f4:78:11:65:
29:b3:85:7a:d6:a5:46:70:7e:99:fd:0d:c6:14:37:77:cd:de:
01:98:f9:5f:39:d1:ba:f7:a3:fc:48:42:01:d5:95:2f:99:ba:
7e:c0:2e:3a:ca:05:cf:0c:c1:65:36:f3:c0:29:4b:25:04:23:
88:c3:91:35:30:0b:8d:c6:87:98:e6:e4:0a:3e:1f:4a:f7:5a:
a9:66:29:9d:c8:8a:b8:2c:9d:57:41:10:1a:d3:09:74:a4:13:
d9:e6:f7:c7:8e:96:2f:73:e2:90:aa:9c:2c:e6:6a:de:be:3e:
bb:d8:09:b1
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUMuoy3jRkIjT9Ov+dSzitIVEL2qYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTYyMTUwNTRaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDc4OWJkMGU5MDhhOTQ2ZTQzMzdjNmQ5NmEwNDBhZjFlODBlMmU5OGU5NTYz
OWVmOWJmNmQ0YmMwYjc3NzNjNjQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMDG3l+6Dtjh92tJGmDWe4aVWaPQSuy/otdVBWCsL+X2JIeq0ctEuC9Ph5Tl
i7mxjdaEhu4uGZnLADmYAjzzOCG2b9wycMsZvBoOJq+K52cxez/tDwJnpTKXjbGy
c0OEin5cbf9D1SiowO1HwdepN8/CAJllT8KJjswK70n00mAXIAvYi/WXPvbF5mjO
7VFvLxb7AWbZy75RlC8xvtfVu9Rm0yxK5/G5Jk9xNc9nIbsLAuFewmE/icg5LNTj
HdfZfFo0KIKU6e9576xqjkmxDogKJjGZCbYDDp5aACdscYZFKQHlEwx0lb+ihoJC
rdyDtpWJeWWWSmO6ouCfj5z1MH8CAwEAAaOCAiIwggIeMB0GA1UdDgQWBBTFs9bS
H9y9v/gBIzeax6iTsMCL5TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njk5ODhlNDUtZDRmYi00ODk2LWJlNTMtOTUxYzIwZDEyYzQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoRR8Aw
DQYJKoZIhvcNAQELBQADggEBAJS/G0Lm95wBPLs179ybDUj/Ih/GXiwfXnV8t/ph
JiMYiPmVhT6PjsFgre26zhOZZEQRZf8H7XpsncpujoSRrRmzWjhAk2ff7UnSU17i
UTNYOua4LPocnTZ9qyP/t4uZ1qPuWL4I9yYRoieK+PLtihAIMdG7gXidc5HVjWoa
XQ/2F9XfQiP/QfJGD1MQ9HgRZSmzhXrWpUZwfpn9DcYUN3fN3gGY+V850br3o/xI
QgHVlS+Zun7ALjrKBc8MwWU288ApSyUEI4jDkTUwC43Gh5jm5Ao+H0r3WqlmKZ3I
irgsnVdBEBrTCXSkE9nm98eOli9z4pCqnCzmat6+PrvYCbE=
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:58:58 2025 by rpki-client