Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
File: d485a465-65e9-4a19-a397-f29d1a36d166.roa (raw, json)
Hash identifier: sE4qnVGXuNNqsw755ZQ3bLsy7tbOEwpLD9lQyKy4i+0=
Subject key identifier: 9F:86:29:69:24:2F:38:9F:0B:48:83:F8:E0:4E:66:3C:11:42:7E:1E
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 562693E7F600967DCDDAE5B3D0C15EAE9FF39E77
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
Signing time: Mon 16 Jun 2025 21:50:42 +0000
ROA not before: Mon 16 Jun 2025 21:50:42 +0000
ROA not after: Mon 21 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 195.17.0.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:26:93:e7:f6:00:96:7d:cd:da:e5:b3:d0:c1:5e:ae:9f:f3:9e:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jun 16 21:50:42 2025 GMT
Not After : Jul 21 23:59:59 2025 GMT
Subject: serialNumber=63ba68623286e1c2dc88d3108343a89b66ba298fdad2a88b50ba9a29caf12f35, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:9e:9f:1b:85:9b:f4:79:0c:ab:15:3d:f3:75:
4d:11:3c:e2:bc:a0:d8:0e:3a:6e:d9:f4:8f:74:58:
da:52:96:6e:2e:6a:37:c1:34:9b:2e:32:fb:d6:bd:
1e:46:83:d3:6a:1e:f7:a8:83:69:8d:10:a7:37:21:
13:0d:af:56:24:26:85:b8:d8:8e:66:bb:f0:83:ec:
8b:98:58:ea:c6:9a:01:2e:b6:0d:63:a4:c2:e8:5e:
ff:40:14:68:28:46:e5:75:d5:a1:8b:11:2c:5d:d7:
dc:ba:3e:b6:d9:b2:b3:62:33:e6:be:cd:a5:2b:00:
0b:8c:4f:35:26:94:f5:19:a7:be:61:e7:f8:96:18:
25:da:87:1a:13:bf:12:a9:6c:42:21:fd:34:40:96:
aa:0e:0e:32:68:92:88:05:54:75:75:2c:ac:9a:ad:
6d:0c:f4:23:d4:24:70:e0:f6:88:61:b6:08:fa:46:
69:40:d2:f3:f0:61:82:52:76:49:d0:d6:51:ec:9b:
f4:b1:60:d8:0b:74:41:f2:e6:66:fc:9d:d2:b5:33:
11:06:e0:21:d9:30:dd:3f:d3:d0:23:74:bb:3f:20:
6b:97:db:eb:74:43:47:67:92:dd:a7:d6:a0:da:e2:
e4:db:ff:51:72:bc:9a:9e:5f:ea:8f:a8:4f:88:e9:
aa:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:86:29:69:24:2F:38:9F:0B:48:83:F8:E0:4E:66:3C:11:42:7E:1E
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.17.0.0/24
Signature Algorithm: sha256WithRSAEncryption
91:86:01:b8:79:cf:2d:dc:6b:c0:a2:fe:72:61:b0:7c:f6:8b:
1b:18:2f:73:fe:dd:ae:99:a4:dc:53:f5:5d:62:f8:27:f1:b5:
b4:a5:ac:92:87:a0:7b:e0:1e:a7:2d:08:b8:a3:cd:88:db:a3:
90:22:02:41:66:60:b4:6b:72:1d:f8:9a:b5:69:82:47:a8:41:
36:c5:00:b8:6c:6d:98:1c:2a:be:26:e5:bf:f2:bf:a4:45:46:
f5:98:43:03:54:5b:e7:92:ac:1a:71:7b:14:34:d8:9f:c8:43:
5c:c6:f1:9d:0f:cb:20:5e:92:54:c2:fa:99:1d:dc:c5:8d:1d:
27:6e:9d:b0:25:82:07:3f:ae:3e:f4:d5:ef:55:28:2c:3e:96:
45:75:57:ce:7b:3d:86:19:04:4c:2d:fe:82:da:c8:87:b3:f9:
ca:11:b1:1c:52:49:fe:9e:41:e8:d7:03:ba:fe:6b:48:dc:54:
40:a4:5a:4b:49:6f:91:e4:95:49:5f:9f:c9:48:c0:37:0b:38:
d3:4a:2e:18:9a:98:53:fe:0a:f7:e6:29:3b:df:f9:09:d5:d5:
95:31:08:d5:0e:61:cb:47:53:7d:69:1b:01:dd:64:83:fa:da:
22:fd:97:ea:03:59:fe:9c:e8:a3:b7:34:17:de:7f:4e:fc:d5:
38:89:ea:88
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUViaT5/YAln3N2uWz0MFerp/znncwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTYyMTUwNDJaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDYzYmE2ODYyMzI4NmUxYzJkYzg4ZDMxMDgzNDNhODliNjZiYTI5OGZkYWQy
YTg4YjUwYmE5YTI5Y2FmMTJmMzUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANCenxuFm/R5DKsVPfN1TRE84ryg2A46btn0j3RY2lKWbi5qN8E0my4y+9a9
HkaD02oe96iDaY0QpzchEw2vViQmhbjYjma78IPsi5hY6saaAS62DWOkwuhe/0AU
aChG5XXVoYsRLF3X3Lo+ttmys2Iz5r7NpSsAC4xPNSaU9RmnvmHn+JYYJdqHGhO/
EqlsQiH9NECWqg4OMmiSiAVUdXUsrJqtbQz0I9QkcOD2iGG2CPpGaUDS8/BhglJ2
SdDWUeyb9LFg2At0QfLmZvyd0rUzEQbgIdkw3T/T0CN0uz8ga5fb63RDR2eS3afW
oNri5Nv/UXK8mp5f6o+oT4jpqnsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSfhilp
JC84nwtIg/jgTmY8EUJ+HjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDQ4NWE0NjUtNjVlOS00YTE5LWEzOTctZjI5ZDFhMzZkMTY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMRADAN
BgkqhkiG9w0BAQsFAAOCAQEAkYYBuHnPLdxrwKL+cmGwfPaLGxgvc/7drpmk3FP1
XWL4J/G1tKWskoege+Aepy0IuKPNiNujkCICQWZgtGtyHfiatWmCR6hBNsUAuGxt
mBwqviblv/K/pEVG9ZhDA1Rb55KsGnF7FDTYn8hDXMbxnQ/LIF6SVML6mR3cxY0d
J26dsCWCBz+uPvTV71UoLD6WRXVXzns9hhkETC3+gtrIh7P5yhGxHFJJ/p5B6NcD
uv5rSNxUQKRaS0lvkeSVSV+fyUjANws400ouGJqYU/4K9+YpO9/5CdXVlTEI1Q5h
y0dTfWkbAd1kg/raIv2X6gNZ/pzoo7c0F95/TvzVOInqiA==
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:37:34 2025 by rpki-client