Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ca9dc172-c5c5-48fd-a801-9f7f050aa67b.roa
File: ca9dc172-c5c5-48fd-a801-9f7f050aa67b.roa (raw, json)
Hash identifier: mSWi7exmwSmISiSd+Jlxkm1tKPf8P9VZv3Dk4GVHYkY=
Subject key identifier: 4D:B1:32:71:F3:6D:61:E1:08:D2:41:C0:72:E9:75:DD:16:50:27:A3
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1C68D9BB0E9094BAD1549C6756786ADDBAA6478E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ca9dc172-c5c5-48fd-a801-9f7f050aa67b.roa
Signing time: Mon 28 Apr 2025 15:50:49 +0000
ROA not before: Mon 28 Apr 2025 15:50:49 +0000
ROA not after: Mon 02 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.24.0.0/13 maxlen: 13
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 01:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:68:d9:bb:0e:90:94:ba:d1:54:9c:67:56:78:6a:dd:ba:a6:47:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 28 15:50:49 2025 GMT
Not After : Jun 2 23:59:59 2025 GMT
Subject: serialNumber=a2a4640b5d88ede520102aa2ac0bb1257ebf8230ae46a277e6db83bc717b11de, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:fc:cf:2d:fe:f7:1a:ce:b3:fd:77:5a:80:65:
35:90:13:f0:0b:e2:48:40:db:f6:f0:96:b7:8b:f8:
04:e2:0f:01:3d:9c:28:a3:e4:ee:9f:37:f6:6b:a3:
95:1a:6e:2b:33:1e:cd:c0:70:76:d2:2f:43:43:72:
11:ef:11:dd:57:92:76:8c:97:6a:15:0f:90:88:e9:
3c:e5:e8:b9:e5:c9:f8:56:6c:0a:b1:0f:98:2f:a5:
26:b7:2b:8d:e8:4f:63:0b:47:20:da:52:70:92:c5:
48:1a:9f:0d:10:07:e9:e4:db:75:ce:99:ed:4e:d4:
99:a4:31:4b:96:a7:43:92:3f:49:3a:01:f1:89:a4:
b1:e9:cf:22:a6:e0:c6:8c:ac:ab:cb:48:2f:1d:4d:
0d:3c:e1:e0:48:db:d9:25:66:42:4b:c4:bb:43:5a:
91:e6:db:0d:1a:4e:28:b3:5e:8a:7a:1a:f1:cd:93:
e0:8e:9e:72:47:65:2c:aa:d3:ef:09:64:79:3c:a8:
dd:24:6a:39:76:d3:97:54:cf:d8:a0:eb:8a:dd:71:
58:1b:49:2c:28:f3:66:33:7b:cf:21:04:10:64:5d:
f5:5d:90:af:76:d2:32:b4:a2:e3:00:cf:f0:f3:cd:
1c:4b:fc:cc:43:52:3e:94:9e:ad:3a:b6:b9:85:65:
91:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:B1:32:71:F3:6D:61:E1:08:D2:41:C0:72:E9:75:DD:16:50:27:A3
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ca9dc172-c5c5-48fd-a801-9f7f050aa67b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.24.0.0/13
Signature Algorithm: sha256WithRSAEncryption
47:08:05:68:43:d8:07:dc:53:89:55:10:e4:84:f0:aa:fb:40:
3a:7c:68:d1:2b:5a:05:46:8a:23:06:00:22:38:64:c6:c7:02:
a8:65:9d:65:e2:b8:15:18:70:22:e6:5c:a3:36:83:66:e0:76:
ec:26:aa:b7:6f:ff:fc:33:8c:e3:82:59:8f:fa:5d:28:d1:bb:
af:94:13:dd:3a:7c:6a:a1:d9:60:05:26:fc:b4:3d:b1:14:3b:
c2:60:2f:44:3b:32:36:db:7d:31:0a:e1:d7:57:c2:45:24:23:
96:77:e1:51:58:4c:fc:e2:66:f8:6b:78:55:1c:89:38:3c:af:
96:dc:70:75:93:9f:d9:4e:c4:f8:f9:40:8f:b4:b7:ea:b5:41:
07:7b:92:a6:7d:90:d0:0f:7b:cb:d3:2e:b9:02:69:d5:22:81:
ee:33:54:f0:89:be:57:f0:46:c1:b9:be:8e:8c:43:95:b1:1a:
3c:7c:c1:b8:b1:cb:a0:eb:36:ed:e6:21:90:2f:92:df:02:43:
23:1b:0c:bf:6c:92:9b:6f:2a:5f:51:3a:97:dc:57:da:92:0c:
14:f1:68:ed:fe:9b:6b:38:64:ce:95:5b:40:c8:83:54:f3:fc:
3b:d0:0a:da:bc:10:db:18:75:92:16:df:06:53:72:f7:11:db:
54:8a:53:d1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHGjZuw6QlLrRVJxnVnhq3bqmR44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjgxNTUwNDlaFw0yNTA2MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQGEyYTQ2NDBiNWQ4OGVkZTUyMDEwMmFhMmFjMGJiMTI1N2ViZjgyMzBhZTQ2
YTI3N2U2ZGI4M2JjNzE3YjExZGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALP8zy3+9xrOs/13WoBlNZAT8AviSEDb9vCWt4v4BOIPAT2cKKPk7p839muj
lRpuKzMezcBwdtIvQ0NyEe8R3VeSdoyXahUPkIjpPOXoueXJ+FZsCrEPmC+lJrcr
jehPYwtHINpScJLFSBqfDRAH6eTbdc6Z7U7UmaQxS5anQ5I/SToB8YmksenPIqbg
xoysq8tILx1NDTzh4Ejb2SVmQkvEu0NakebbDRpOKLNeinoa8c2T4I6eckdlLKrT
7wlkeTyo3SRqOXbTl1TP2KDrit1xWBtJLCjzZjN7zyEEEGRd9V2Qr3bSMrSi4wDP
8PPNHEv8zENSPpSerTq2uYVlkZMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRNsTJx
821h4QjSQcBy6XXdFlAnozAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2E5ZGMxNzItYzVjNS00OGZkLWE4MDEtOWY3ZjA1MGFhNjdiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAzMYMA0G
CSqGSIb3DQEBCwUAA4IBAQBHCAVoQ9gH3FOJVRDkhPCq+0A6fGjRK1oFRoojBgAi
OGTGxwKoZZ1l4rgVGHAi5lyjNoNm4HbsJqq3b//8M4zjglmP+l0o0buvlBPdOnxq
odlgBSb8tD2xFDvCYC9EOzI2230xCuHXV8JFJCOWd+FRWEz84mb4a3hVHIk4PK+W
3HB1k5/ZTsT4+UCPtLfqtUEHe5KmfZDQD3vL0y65AmnVIoHuM1Twib5X8EbBub6O
jEOVsRo8fMG4scug6zbt5iGQL5LfAkMjGwy/bJKbbypfUTqX3FfakgwU8Wjt/ptr
OGTOlVtAyINU8/w70AravBDbGHWSFt8GU3L3EdtUilPR
-----END CERTIFICATE-----
Generated at Mon May 5 10:45:16 2025 by rpki-client