Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
File: aa15a3a6-022f-41a6-9a60-2175164bb741.roa (raw, json)
Hash identifier: ehFx8C7zry3r4A7kWp9eBNcQCERe6lKUxG9yU8rog5M=
Subject key identifier: B4:06:91:2F:D9:52:8F:7C:CE:C8:E2:F2:C8:5E:4E:4A:62:26:46:64
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1B410D77CD1375FB5C40A58E062BABE014849CE2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
Signing time: Mon 28 Apr 2025 15:50:20 +0000
ROA not before: Mon 28 Apr 2025 15:50:20 +0000
ROA not after: Mon 02 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.204.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 01:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:41:0d:77:cd:13:75:fb:5c:40:a5:8e:06:2b:ab:e0:14:84:9c:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 28 15:50:20 2025 GMT
Not After : Jun 2 23:59:59 2025 GMT
Subject: serialNumber=41d1bb5468e93467abdf9a57e980a9e801efbcaccc47fa092a882195cb99f431, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:d2:f7:3c:18:f5:9f:8e:12:e5:8b:22:90:81:
2e:e3:ba:9f:ed:e7:80:15:ed:2a:35:bf:2c:c6:e7:
3d:db:57:cf:d8:3c:1f:6a:67:86:0b:b3:1e:8c:21:
a3:ad:9a:ab:dd:bb:4c:1c:1c:0d:dd:d6:0d:f2:18:
0a:59:5f:40:d6:63:bb:6c:d3:9c:2b:be:91:3e:7e:
ea:91:2f:a4:71:56:bb:8b:25:13:0a:2b:39:bc:57:
fa:21:52:6c:fb:14:3f:d8:b5:93:df:97:ee:f3:bf:
15:c8:59:d3:6b:8b:6c:6a:c8:79:7f:16:9c:7d:06:
e9:90:86:1f:38:15:5f:57:b4:4c:fd:86:9a:ca:73:
29:32:40:8c:a3:c4:ec:2f:52:17:ae:07:ea:9f:8f:
46:4c:07:37:3e:4c:67:fe:1e:41:56:3d:d7:b2:93:
b4:c8:dd:b3:63:c7:11:47:bd:22:bc:99:99:37:28:
47:e4:74:33:49:82:6e:e9:93:23:83:da:b1:8e:60:
da:a0:2a:c3:a9:69:df:bc:e1:15:d7:b6:55:23:0f:
9c:12:18:07:47:c1:9f:ec:6d:52:d9:a5:1d:7c:65:
1a:a6:1a:ac:68:11:0b:bb:e3:58:d0:13:10:16:db:
1e:d4:ee:45:16:80:39:54:b4:55:c7:4e:40:be:8e:
28:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:06:91:2F:D9:52:8F:7C:CE:C8:E2:F2:C8:5E:4E:4A:62:26:46:64
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.204.0/24
Signature Algorithm: sha256WithRSAEncryption
59:4b:ad:ff:5f:71:b5:0c:20:06:69:76:e3:e9:a1:7f:a8:0b:
d9:5c:64:14:62:8b:a8:75:bc:a3:20:d9:67:f2:4d:7a:53:de:
58:e5:d4:12:34:dd:2e:d3:8d:9a:f8:2f:de:bf:95:da:e1:20:
67:7c:98:2a:12:9c:50:cc:50:85:8e:6f:43:a4:49:a7:71:1a:
e6:ee:71:8b:c1:05:83:8a:90:40:4a:d0:3d:99:6f:65:fa:4f:
62:57:bd:72:d3:a1:71:a5:56:08:24:46:9d:87:ee:38:28:05:
9d:51:94:87:ce:25:2a:d8:d1:63:d4:70:0c:8d:09:38:fd:a8:
02:b9:85:49:85:c9:02:13:ac:5f:12:e4:40:14:26:f8:e4:fb:
b5:88:20:ea:5d:8f:85:ec:2a:80:84:80:c9:04:7a:93:33:a6:
43:45:b0:11:a6:b6:a7:fd:e1:ec:25:6e:d4:a3:cd:69:4f:1c:
af:8f:c2:49:27:3b:4b:e5:33:c3:bc:b2:52:30:7d:bb:6f:ac:
11:82:6a:8d:5b:16:8f:7a:41:72:25:b2:ea:fa:1f:22:a1:82:
1b:d4:30:09:99:00:32:1f:76:4c:35:19:02:2e:0a:17:d5:94:
3a:a2:66:7a:eb:51:6d:56:26:4b:ce:c4:b6:17:bc:a7:1b:5c:
4b:5e:72:3d
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUG0ENd80TdftcQKWOBiur4BSEnOIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjgxNTUwMjBaFw0yNTA2MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQxZDFiYjU0NjhlOTM0NjdhYmRmOWE1N2U5ODBhOWU4MDFlZmJjYWNjYzQ3
ZmEwOTJhODgyMTk1Y2I5OWY0MzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjS9zwY9Z+OEuWLIpCBLuO6n+3ngBXtKjW/LMbnPdtXz9g8H2pnhguzHowh
o62aq927TBwcDd3WDfIYCllfQNZju2zTnCu+kT5+6pEvpHFWu4slEworObxX+iFS
bPsUP9i1k9+X7vO/FchZ02uLbGrIeX8WnH0G6ZCGHzgVX1e0TP2GmspzKTJAjKPE
7C9SF64H6p+PRkwHNz5MZ/4eQVY917KTtMjds2PHEUe9IryZmTcoR+R0M0mCbumT
I4PasY5g2qAqw6lp37zhFde2VSMPnBIYB0fBn+xtUtmlHXxlGqYarGgRC7vjWNAT
EBbbHtTuRRaAOVS0VcdOQL6OKGcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS0BpEv
2VKPfM7I4vLIXk5KYiZGZDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWExNWEzYTYtMDIyZi00MWE2LTlhNjAtMjE3NTE2NGJiNzQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMQzDAN
BgkqhkiG9w0BAQsFAAOCAQEAWUut/19xtQwgBml24+mhf6gL2VxkFGKLqHW8oyDZ
Z/JNelPeWOXUEjTdLtONmvgv3r+V2uEgZ3yYKhKcUMxQhY5vQ6RJp3Ea5u5xi8EF
g4qQQErQPZlvZfpPYle9ctOhcaVWCCRGnYfuOCgFnVGUh84lKtjRY9RwDI0JOP2o
ArmFSYXJAhOsXxLkQBQm+OT7tYgg6l2PhewqgISAyQR6kzOmQ0WwEaa2p/3h7CVu
1KPNaU8cr4/CSSc7S+Uzw7yyUjB9u2+sEYJqjVsWj3pBciWy6vofIqGCG9QwCZkA
Mh92TDUZAi4KF9WUOqJmeutRbVYmS87Ethe8pxtcS15yPQ==
-----END CERTIFICATE-----
Generated at Mon May 5 10:50:16 2025 by rpki-client