Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa
File: c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa (raw, json)
Hash identifier: jd5nPrA7SHxZXCyUDjXIQKl7hfvGAXBzHP+0EkbVwNc=
Subject key identifier: 3E:8E:F2:E3:10:70:CA:14:BF:21:72:4A:F9:65:A9:CF:7C:80:AC:0D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2740048E0983FACEA33A61A87C06C2FDE23E2336
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa
Signing time: Tue 17 Jun 2025 00:50:23 +0000
ROA not before: Tue 17 Jun 2025 00:50:23 +0000
ROA not after: Tue 22 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.238.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:40:04:8e:09:83:fa:ce:a3:3a:61:a8:7c:06:c2:fd:e2:3e:23:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jun 17 00:50:23 2025 GMT
Not After : Jul 22 23:59:59 2025 GMT
Subject: serialNumber=a4d36dd9abbdbef6198e3d223c5f83cf146bee8b621776f91c3dbf6a11a6b781, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:32:d6:b0:b8:62:f3:59:04:71:66:9f:9c:85:
6f:1a:1b:9b:9d:9b:98:a1:e1:62:ab:cd:2b:98:e7:
05:98:1b:cc:4f:36:c0:6b:d4:56:a5:03:23:60:85:
ef:95:cf:fc:c0:dc:16:03:62:cd:b8:98:cb:be:a1:
1c:87:2d:a1:35:5f:d9:fa:7d:22:16:66:0d:a8:c0:
da:6d:ba:93:7a:6c:0d:c9:6f:c4:19:18:7f:87:88:
18:0b:0e:6d:0d:27:eb:68:5f:c7:44:5a:10:3a:cf:
65:1d:f3:2d:84:cd:32:6d:e3:46:8d:ef:ca:53:79:
8b:b4:bc:76:ae:ab:f4:26:c7:aa:6c:07:92:82:89:
e3:d2:e6:6a:8d:2d:cf:e8:6c:5c:67:24:50:a4:4c:
4c:d0:f0:32:60:3a:3b:2c:69:aa:09:8b:28:08:c9:
25:a7:69:af:f9:57:51:01:14:62:38:9e:e9:ae:0f:
ef:a0:c0:1d:2d:9b:b0:a1:41:89:11:06:50:a6:56:
e4:bf:97:25:f2:4f:fc:8b:e1:1d:e6:de:ad:1f:d0:
92:96:2a:4e:59:49:bc:69:68:16:42:e0:1c:cc:a3:
ad:6f:32:5e:d0:db:3c:6a:a4:bd:0b:e1:36:80:8c:
e7:c4:77:d4:49:11:e5:73:d6:a1:31:ed:1a:61:d2:
d6:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:8E:F2:E3:10:70:CA:14:BF:21:72:4A:F9:65:A9:CF:7C:80:AC:0D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.238.0/23
Signature Algorithm: sha256WithRSAEncryption
b5:6a:a8:20:27:8b:db:de:70:7d:3d:01:d0:1e:de:de:91:58:
d5:66:e8:81:ad:f9:35:49:99:22:79:39:1e:6b:8e:dd:ff:fa:
50:db:60:9d:8f:a8:99:cf:34:91:01:43:d4:52:25:25:0b:78:
42:84:d9:c9:35:f2:ac:04:3b:7d:45:30:6b:c4:e6:ae:07:23:
bc:de:91:9d:4e:6a:e2:0f:88:89:db:c9:ae:0b:f4:38:a3:80:
7e:d6:a5:7c:10:0e:50:2c:fd:0d:71:08:7b:f4:fc:29:89:39:
b3:d0:35:2e:f5:25:8f:fe:5a:58:a5:38:30:8e:0f:a4:9c:b7:
9d:74:ee:fa:11:fa:be:58:b0:d2:71:c3:f6:fe:d6:25:91:19:
d1:b8:59:32:04:0d:7a:e0:b0:5b:cf:0b:4b:f7:95:63:4a:3e:
77:8d:c0:4b:92:13:85:91:db:5b:90:c4:05:11:01:73:fb:f6:
f1:44:df:37:8d:c2:9b:43:40:f1:01:02:f5:a4:d3:a8:7c:63:
fd:e1:f2:a8:c2:b7:39:9e:48:44:70:1b:f3:3e:8b:b8:6a:a2:
fe:3b:f3:67:05:02:a3:00:4b:07:ff:4e:08:63:90:03:5b:31:
6d:ae:02:c5:3e:1c:18:f1:73:3d:23:70:9a:69:bd:be:c8:82:
77:ef:08:c7
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUJ0AEjgmD+s6jOmGofAbC/eI+IzYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTcwMDUwMjNaFw0yNTA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0ZDM2ZGQ5YWJiZGJlZjYxOThlM2QyMjNjNWY4M2NmMTQ2YmVlOGI2MjE3
NzZmOTFjM2RiZjZhMTFhNmI3ODExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKgy1rC4YvNZBHFmn5yFbxobm52bmKHhYqvNK5jnBZgbzE82wGvUVqUDI2CF
75XP/MDcFgNizbiYy76hHIctoTVf2fp9IhZmDajA2m26k3psDclvxBkYf4eIGAsO
bQ0n62hfx0RaEDrPZR3zLYTNMm3jRo3vylN5i7S8dq6r9CbHqmwHkoKJ49Lmao0t
z+hsXGckUKRMTNDwMmA6OyxpqgmLKAjJJadpr/lXUQEUYjie6a4P76DAHS2bsKFB
iREGUKZW5L+XJfJP/IvhHeberR/QkpYqTllJvGloFkLgHMyjrW8yXtDbPGqkvQvh
NoCM58R31EkR5XPWoTHtGmHS1vsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ+jvLj
EHDKFL8hckr5ZanPfICsDTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzhmZDhjNDQtNzUxNC00MGU2LTkxOTgtZTBiNmUzN2I0YzY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMQ7jAN
BgkqhkiG9w0BAQsFAAOCAQEAtWqoICeL295wfT0B0B7e3pFY1Wboga35NUmZInk5
HmuO3f/6UNtgnY+omc80kQFD1FIlJQt4QoTZyTXyrAQ7fUUwa8TmrgcjvN6RnU5q
4g+IidvJrgv0OKOAftalfBAOUCz9DXEIe/T8KYk5s9A1LvUlj/5aWKU4MI4PpJy3
nXTu+hH6vliw0nHD9v7WJZEZ0bhZMgQNeuCwW88LS/eVY0o+d43AS5IThZHbW5DE
BREBc/v28UTfN43Cm0NA8QEC9aTTqHxj/eHyqMK3OZ5IRHAb8z6LuGqi/jvzZwUC
owBLB/9OCGOQA1sxba4CxT4cGPFzPSNwmmm9vsiCd+8Ixw==
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:53:41 2025 by rpki-client