Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa
File: 81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa (raw, json)
Hash identifier: B+aaz+qh4gHgpLQSpFwGh0k5c8M8IvhRH8ycIfzdKKE=
Subject key identifier: A3:B4:5B:64:09:82:97:98:68:C8:FB:08:52:70:D9:8C:8C:56:7D:54
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3D1B7B55AF058AEE84C0DC424F356837E8118F54
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa
Signing time: Wed 25 Jun 2025 00:50:24 +0000
ROA not before: Wed 25 Jun 2025 00:50:24 +0000
ROA not after: Wed 30 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 00:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:1b:7b:55:af:05:8a:ee:84:c0:dc:42:4f:35:68:37:e8:11:8f:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jun 25 00:50:24 2025 GMT
Not After : Jul 30 23:59:59 2025 GMT
Subject: serialNumber=fa650643fe6eb3707ac9a85bc468c66377acef24fdbedc5726126d3ee32a516b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:c9:e5:6a:81:fb:41:7d:4e:78:46:6f:99:16:
74:76:44:c6:18:e6:82:48:c8:e4:5c:0c:09:c1:ee:
84:c5:47:bb:a8:db:a0:44:c4:a5:94:74:e3:98:8b:
99:38:4d:25:a2:49:92:cf:1e:30:48:31:af:bf:5d:
b4:09:87:2b:58:2d:5a:a1:69:fa:63:22:ef:96:97:
a4:02:13:5d:e5:f7:06:51:30:92:16:21:07:d3:b5:
01:d6:8e:66:e1:ed:cf:33:5e:6f:8a:9e:f7:58:53:
a3:29:09:a4:1b:3b:6e:14:69:6c:59:3e:16:87:42:
39:4d:86:11:9b:b6:4b:19:9e:0c:ad:96:c9:26:b5:
8e:b4:2d:a8:2a:f0:06:e0:39:60:67:ff:48:e4:9f:
6f:49:95:c6:37:54:95:8f:da:55:5e:ed:d2:86:96:
48:e1:99:0c:b3:31:1e:7f:78:23:f2:61:4a:7c:a0:
ff:7e:c3:6a:b1:e7:df:c5:cc:ac:7e:88:2e:5f:c2:
96:44:8b:d9:6d:21:09:d4:f9:97:ed:35:c5:d4:0a:
3d:a9:7d:42:2b:35:1d:31:bd:7d:43:c5:93:c0:a4:
98:81:d8:bf:1d:ad:36:b6:40:f0:e7:51:de:94:9e:
01:d7:fd:64:73:11:2d:97:ce:5d:f7:f7:11:2d:13:
a2:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:B4:5B:64:09:82:97:98:68:C8:FB:08:52:70:D9:8C:8C:56:7D:54
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578::/32
Signature Algorithm: sha256WithRSAEncryption
16:0c:88:07:e8:ed:32:a2:9c:9f:64:f1:6d:a1:ed:6b:41:70:
3f:a6:4a:63:0a:95:66:e0:eb:93:e2:e4:fe:31:14:4f:0b:0b:
13:68:f2:ea:c1:68:0b:83:29:5d:a9:d8:4c:ed:63:65:41:d5:
64:84:cd:d6:6f:ec:cb:e5:5f:aa:ce:75:21:9c:ee:cc:68:10:
24:ae:be:91:7a:6a:ca:4a:27:c6:56:99:64:4f:12:59:95:bd:
32:2c:50:3c:ea:d0:6b:12:2c:c8:b5:18:f7:b9:b8:9e:be:67:
e1:be:d1:f3:62:08:97:48:5e:e0:df:38:a5:e0:77:4e:3d:09:
c6:9d:0a:00:66:8e:bc:34:7a:f2:15:c2:98:0e:f4:52:26:63:
44:35:d7:fb:37:4a:22:1e:fb:bb:3d:aa:94:64:80:ba:9b:38:
60:a4:9d:2d:db:9d:a5:37:36:8a:29:93:47:4b:37:a0:34:19:
e6:f5:d0:bf:7a:10:50:56:39:c3:c5:46:33:f0:b9:03:ab:51:
7b:1e:2f:3b:ec:92:71:6f:b9:bc:37:09:c8:0e:d3:53:25:cc:
87:fd:5f:75:0a:ba:70:65:58:74:b2:48:ef:a3:0f:7a:88:74:
e2:38:72:bb:35:b0:79:84:bd:f6:ce:5c:94:fa:0a:1e:51:38:
3e:11:57:e5
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUPRt7Va8Fiu6EwNxCTzVoN+gRj1QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MjUwMDUwMjRaFw0yNTA3MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGZhNjUwNjQzZmU2ZWIzNzA3YWM5YTg1YmM0NjhjNjYzNzdhY2VmMjRmZGJl
ZGM1NzI2MTI2ZDNlZTMyYTUxNmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjJ5WqB+0F9TnhGb5kWdHZExhjmgkjI5FwMCcHuhMVHu6jboETEpZR045iL
mThNJaJJks8eMEgxr79dtAmHK1gtWqFp+mMi75aXpAITXeX3BlEwkhYhB9O1AdaO
ZuHtzzNeb4qe91hToykJpBs7bhRpbFk+FodCOU2GEZu2SxmeDK2WySa1jrQtqCrw
BuA5YGf/SOSfb0mVxjdUlY/aVV7t0oaWSOGZDLMxHn94I/JhSnyg/37DarHn38XM
rH6ILl/ClkSL2W0hCdT5l+01xdQKPal9Qis1HTG9fUPFk8CkmIHYvx2tNrZA8OdR
3pSeAdf9ZHMRLZfOXff3ES0TonUCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBSjtFtk
CYKXmGjI+whScNmMjFZ9VDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODFiZDI2NDktYWQ2MC00YzZhLWJkZjktN2I3NzVlM2QwNjBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoBBXgw
DQYJKoZIhvcNAQELBQADggEBABYMiAfo7TKinJ9k8W2h7WtBcD+mSmMKlWbg65Pi
5P4xFE8LCxNo8urBaAuDKV2p2EztY2VB1WSEzdZv7MvlX6rOdSGc7sxoECSuvpF6
aspKJ8ZWmWRPElmVvTIsUDzq0GsSLMi1GPe5uJ6+Z+G+0fNiCJdIXuDfOKXgd049
CcadCgBmjrw0evIVwpgO9FImY0Q11/s3SiIe+7s9qpRkgLqbOGCknS3bnaU3Noop
k0dLN6A0Geb10L96EFBWOcPFRjPwuQOrUXseLzvsknFvubw3CcgO01MlzIf9X3UK
unBlWHSySO+jD3qIdOI4crs1sHmEvfbOXJT6Ch5ROD4RV+U=
-----END CERTIFICATE-----
Generated at Sun Jun 29 07:32:33 2025 by rpki-client