Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
File: 6df8accc-a525-49ec-ad13-7401de62f775.roa (raw, json)
Hash identifier: EEz942u1OgSJ2efUa80a9OCAW5+GA3fakBozi/FwQJ4=
Subject key identifier: C9:9C:AD:91:75:18:E9:3B:2D:FA:34:B0:FE:71:25:F8:36:4E:17:BD
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1E69438C8D72BA34A7768C306E061BAFAE548211
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
Signing time: Mon 16 Jun 2025 21:50:09 +0000
ROA not before: Mon 16 Jun 2025 21:50:09 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.109.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 00:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:69:43:8c:8d:72:ba:34:a7:76:8c:30:6e:06:1b:af:ae:54:82:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jun 16 21:50:09 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=96fe548501949af5cf9815e9feb321bcddd9524fa289d037991816c1bd71a74a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:28:a1:86:18:29:7d:42:a4:81:03:73:46:34:
af:97:d1:f5:79:19:97:6c:9b:43:c4:a5:76:6c:7f:
f1:39:32:73:af:f6:8e:58:ba:1a:a2:ff:9e:59:12:
59:21:be:f0:34:bf:82:1e:a8:81:be:13:40:1a:4d:
5a:02:35:e5:75:57:2d:5c:38:8b:f3:32:6d:57:39:
22:79:34:d8:00:05:a2:d5:bd:e9:e4:b2:8c:86:7c:
79:a1:7e:a2:6e:85:2f:42:24:84:c1:ed:1c:e6:52:
2f:f2:4a:76:be:29:7f:cd:51:f5:55:82:03:7f:09:
31:28:0a:82:a1:90:7a:97:c6:7c:ea:9a:a3:e1:92:
5a:ef:54:49:2f:73:a9:23:53:e0:6b:fb:68:fa:30:
aa:dc:45:53:36:58:47:a0:d5:93:c6:27:c5:f4:5f:
ef:57:1d:99:23:e2:28:ec:ee:1a:95:1d:be:77:0f:
42:9a:d6:57:e8:4f:3d:da:9c:5b:d9:db:28:a0:ba:
9f:af:8d:a7:21:a9:93:8a:58:3a:e1:f3:ca:99:ab:
f1:1c:1e:e4:d8:75:93:84:e8:d7:d4:00:4c:f6:a6:
82:40:27:d4:fa:b4:b9:57:ed:96:a6:7a:4b:25:40:
e8:57:70:06:d6:7e:7f:a7:fe:c6:0d:01:64:41:36:
d0:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:9C:AD:91:75:18:E9:3B:2D:FA:34:B0:FE:71:25:F8:36:4E:17:BD
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.109.0.0/16
Signature Algorithm: sha256WithRSAEncryption
56:b8:1c:4c:a2:a1:21:b3:c8:bc:51:1a:b0:d8:4f:1c:ac:9d:
c5:3a:c6:35:29:52:aa:21:31:8b:44:3d:ea:01:bc:a2:4a:a5:
53:e7:77:43:d4:fa:b0:20:09:f7:05:dc:57:73:bb:74:f3:fd:
70:f4:0f:11:40:b1:fb:60:36:38:05:e4:e8:34:7a:53:00:9f:
60:ee:cd:f0:75:13:2f:70:34:4d:85:13:01:15:f8:95:72:bf:
aa:f7:87:85:fc:59:30:03:02:59:38:95:28:f7:86:e8:aa:83:
d8:b1:a8:62:7e:5a:de:5c:10:bb:c0:65:3d:45:4b:df:91:bb:
5c:70:7c:e7:d8:3a:6e:a1:e7:65:c1:11:cb:a8:64:8b:1f:cb:
73:b5:d4:b8:ab:85:56:c4:04:25:84:d4:5e:2e:6d:77:d3:16:
1e:e9:6e:b7:f7:af:77:a8:d2:8d:24:8a:f6:8f:2a:85:89:4b:
68:36:f5:c7:ac:15:0d:ee:2f:71:4f:77:f2:14:73:bb:e2:91:
b4:7f:36:1f:23:e6:46:43:3c:6f:ea:02:a2:05:99:2b:a8:e1:
5c:fa:67:6d:40:ca:74:8a:ed:76:32:09:ea:97:f6:d7:c4:22:
15:02:3c:2b:dc:1c:cf:44:e4:47:01:35:04:60:5d:94:78:1d:
10:45:82:bf
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHmlDjI1yujSndowwbgYbr65UghEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTYyMTUwMDlaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDk2ZmU1NDg1MDE5NDlhZjVjZjk4MTVlOWZlYjMyMWJjZGRkOTUyNGZhMjg5
ZDAzNzk5MTgxNmMxYmQ3MWE3NGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgooYYYKX1CpIEDc0Y0r5fR9XkZl2ybQ8Sldmx/8Tkyc6/2jli6GqL/nlkS
WSG+8DS/gh6ogb4TQBpNWgI15XVXLVw4i/MybVc5Ink02AAFotW96eSyjIZ8eaF+
om6FL0IkhMHtHOZSL/JKdr4pf81R9VWCA38JMSgKgqGQepfGfOqao+GSWu9USS9z
qSNT4Gv7aPowqtxFUzZYR6DVk8YnxfRf71cdmSPiKOzuGpUdvncPQprWV+hPPdqc
W9nbKKC6n6+NpyGpk4pYOuHzypmr8Rwe5Nh1k4To19QATPamgkAn1Pq0uVftlqZ6
SyVA6FdwBtZ+f6f+xg0BZEE20DcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTJnK2R
dRjpOy36NLD+cSX4Nk4XvTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmRmOGFjY2MtYTUyNS00OWVjLWFkMTMtNzQwMWRlNjJmNzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ9tMA0G
CSqGSIb3DQEBCwUAA4IBAQBWuBxMoqEhs8i8URqw2E8crJ3FOsY1KVKqITGLRD3q
AbyiSqVT53dD1PqwIAn3BdxXc7t08/1w9A8RQLH7YDY4BeToNHpTAJ9g7s3wdRMv
cDRNhRMBFfiVcr+q94eF/FkwAwJZOJUo94boqoPYsahiflreXBC7wGU9RUvfkbtc
cHzn2DpuoedlwRHLqGSLH8tztdS4q4VWxAQlhNReLm130xYe6W639693qNKNJIr2
jyqFiUtoNvXHrBUN7i9xT3fyFHO74pG0fzYfI+ZGQzxv6gKiBZkrqOFc+mdtQMp0
iu12Mgnql/bXxCIVAjwr3BzPRORHATUEYF2UeB0QRYK/
-----END CERTIFICATE-----
Generated at Sun Jun 29 07:46:41 2025 by rpki-client