Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
File: 87cbc454-e777-437d-a43a-911995d2a7ce.roa (raw, json)
Hash identifier: YGypqrEesgccrXb9blYZeXEYyT7y2p9RIraOqk/4k40=
Subject key identifier: 10:D6:BD:E3:57:C2:99:43:4C:94:4F:1A:58:26:99:82:D8:3C:C1:0D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 208E724337C362C06805C8624745164F9C544CB2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
Signing time: Tue 29 Apr 2025 00:30:05 +0000
ROA not before: Tue 29 Apr 2025 00:30:05 +0000
ROA not after: Tue 03 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.21.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:8e:72:43:37:c3:62:c0:68:05:c8:62:47:45:16:4f:9c:54:4c:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 29 00:30:05 2025 GMT
Not After : Jun 3 23:59:59 2025 GMT
Subject: serialNumber=3496da1b531877b1316374b727437936ed08ffd8fa5c2cb511069c096eaa1ad4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:41:5e:50:8f:b1:96:88:9f:5e:85:4a:48:79:
36:33:1f:48:4c:c8:85:7c:9e:9f:24:69:3c:a3:86:
e8:2f:bb:c3:16:dc:1b:19:0c:67:b2:25:8b:b2:29:
65:f2:56:44:e7:97:ed:8b:c2:7b:ab:d3:ab:f8:62:
81:60:9c:a4:c1:03:62:8e:f5:81:94:a0:9d:7f:38:
73:3c:54:2d:5c:a7:ea:50:1d:30:45:9a:f0:08:d4:
d3:f4:8d:4e:a9:96:d5:4e:bc:5d:f8:37:d2:ed:31:
5b:5c:c0:f3:65:72:73:17:b2:32:57:f2:5d:02:9f:
c0:0c:7f:8b:9d:83:1c:9a:24:ed:ab:38:d2:76:b5:
0d:cd:13:18:38:a3:92:92:7d:42:a1:4f:7e:95:a9:
a2:7a:3e:f0:48:cd:1b:73:55:93:7a:8d:13:98:93:
bd:81:c7:17:9d:e2:a2:38:18:2b:47:61:7b:0a:32:
3a:54:22:2d:07:2d:e8:8c:22:ae:70:57:ef:86:9e:
cb:5d:b1:93:e5:a7:e2:78:a5:b8:66:92:d8:94:06:
c1:62:58:d7:a9:2f:38:a4:d6:55:9a:6c:ee:c8:e3:
7b:b7:23:c9:3e:5d:53:50:63:11:74:c6:a0:e7:63:
30:22:7e:73:d0:ef:c4:77:be:26:9e:3d:57:91:0c:
fa:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:D6:BD:E3:57:C2:99:43:4C:94:4F:1A:58:26:99:82:D8:3C:C1:0D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.21.0.0/16
Signature Algorithm: sha256WithRSAEncryption
0a:fd:b8:71:17:55:5d:21:2d:1e:7b:35:46:b5:3b:86:59:d1:
16:e0:3b:4e:2a:15:3c:c2:3d:73:cd:ad:cf:6e:29:fb:1d:e8:
72:22:dd:ee:c8:9d:68:d0:14:81:ee:9d:76:42:42:16:a1:0f:
25:12:27:b4:e0:a4:2a:db:46:c0:a9:ee:86:ee:5f:da:56:d1:
33:cd:ae:38:f9:3e:c5:c7:7f:f1:e7:0d:9d:d5:c5:42:35:ff:
6f:0a:24:99:11:a2:a0:3b:0b:4a:9a:7a:0a:7a:d2:5e:83:a9:
ae:49:2c:b7:a8:56:2b:f0:92:7a:27:84:af:ba:ca:5c:94:fc:
d3:6b:37:9c:95:20:5b:cd:a1:81:3b:b0:0e:2c:19:72:4d:4b:
0c:16:a7:f3:d0:49:7e:36:53:20:9a:3d:f4:99:d1:f4:1c:05:
39:e7:17:45:6f:38:79:dd:f0:12:fa:e9:c0:0f:1f:77:fa:5b:
52:48:4c:85:a9:f5:9a:69:4c:6f:02:9d:74:07:a5:66:1f:ce:
ce:cf:e3:d0:42:fb:6e:e2:9d:14:8d:ed:cc:83:1a:20:93:24:
70:b0:b6:e9:ed:6d:72:cd:c7:94:03:35:cc:a6:ee:3c:2c:c7:
de:74:9f:0b:3c:10:db:e5:0b:e3:d0:52:d2:dc:fe:7c:b1:f5:
5e:e8:86:76
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUII5yQzfDYsBoBchiR0UWT5xUTLIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjkwMDMwMDVaFw0yNTA2MDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDM0OTZkYTFiNTMxODc3YjEzMTYzNzRiNzI3NDM3OTM2ZWQwOGZmZDhmYTVj
MmNiNTExMDY5YzA5NmVhYTFhZDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM9BXlCPsZaIn16FSkh5NjMfSEzIhXyenyRpPKOG6C+7wxbcGxkMZ7Ili7Ip
ZfJWROeX7YvCe6vTq/higWCcpMEDYo71gZSgnX84czxULVyn6lAdMEWa8AjU0/SN
TqmW1U68Xfg30u0xW1zA82VycxeyMlfyXQKfwAx/i52DHJok7as40na1Dc0TGDij
kpJ9QqFPfpWpono+8EjNG3NVk3qNE5iTvYHHF53iojgYK0dhewoyOlQiLQct6Iwi
rnBX74aey12xk+Wn4niluGaS2JQGwWJY16kvOKTWVZps7sjje7cjyT5dU1BjEXTG
oOdjMCJ+c9DvxHe+Jp49V5EM+g8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQQ1r3j
V8KZQ0yUTxpYJpmC2DzBDTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODdjYmM0NTQtZTc3Ny00MzdkLWE0M2EtOTExOTk1ZDJhN2NlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMVMA0G
CSqGSIb3DQEBCwUAA4IBAQAK/bhxF1VdIS0eezVGtTuGWdEW4DtOKhU8wj1zza3P
bin7HehyIt3uyJ1o0BSB7p12QkIWoQ8lEie04KQq20bAqe6G7l/aVtEzza44+T7F
x3/x5w2d1cVCNf9vCiSZEaKgOwtKmnoKetJeg6muSSy3qFYr8JJ6J4SvuspclPzT
azeclSBbzaGBO7AOLBlyTUsMFqfz0El+NlMgmj30mdH0HAU55xdFbzh53fAS+unA
Dx93+ltSSEyFqfWaaUxvAp10B6VmH87Oz+PQQvtu4p0Uje3MgxogkyRwsLbp7W1y
zceUAzXMpu48LMfedJ8LPBDb5Qvj0FLS3P58sfVe6IZ2
-----END CERTIFICATE-----
Generated at Mon May 5 19:31:57 2025 by rpki-client