Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f5f17520-2ea0-4b9a-a01c-04329523a547.roa
File: f5f17520-2ea0-4b9a-a01c-04329523a547.roa (raw, json)
Hash identifier: dSY8qiyLSgS673SZC5chnHKB2t+PfT3/tkuAP1iNz+Q=
Subject key identifier: AB:7C:86:A1:FB:42:E6:E5:91:45:B8:87:3E:07:39:7E:88:D9:8C:0A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3DC9426F3FB498579E94DD5AFA82B77CF717F17F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f5f17520-2ea0-4b9a-a01c-04329523a547.roa
Signing time: Wed 25 Jun 2025 00:50:21 +0000
ROA not before: Wed 25 Jun 2025 00:50:21 +0000
ROA not after: Wed 30 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 195.61.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:c9:42:6f:3f:b4:98:57:9e:94:dd:5a:fa:82:b7:7c:f7:17:f1:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jun 25 00:50:21 2025 GMT
Not After : Jul 30 23:59:59 2025 GMT
Subject: serialNumber=bcf589977ae0d7a68d3a485d2c3ed7f936f6b6e9929479b2bb27d6a72edcd271, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:77:5c:15:22:2c:b3:f5:ba:d6:ab:c1:0e:8b:
89:a3:5d:61:b7:41:c7:8d:17:4b:3a:d5:a0:aa:41:
2e:00:4c:55:6a:6a:90:e0:29:9a:b7:5a:f8:93:27:
73:31:44:a9:8f:e3:d6:db:ac:f2:e5:83:f6:93:40:
63:42:96:80:71:06:fc:61:e0:76:0f:7e:52:a7:21:
21:9f:3c:05:cf:57:a9:70:f4:20:a3:f7:80:c7:b9:
d9:0b:14:f6:0c:6c:7e:54:29:94:03:a0:6a:41:1d:
40:32:98:f9:c7:96:ce:cc:56:4d:9a:21:ca:6e:7d:
79:c5:ec:33:61:5e:70:26:6e:c7:af:3c:53:3f:2f:
28:9c:37:74:6e:5c:0b:f1:9f:ac:d0:47:8c:ba:17:
b2:31:d3:af:7d:d6:ae:85:4a:fb:12:18:1d:64:09:
e2:0d:fd:2e:70:c1:53:32:6a:c6:b8:07:7a:c5:4f:
d8:26:bb:91:9f:80:30:eb:ee:ab:4b:b8:94:73:9a:
ca:14:0a:44:26:eb:41:53:40:94:c7:41:30:79:d1:
26:a3:62:58:52:2d:22:3d:b4:82:3f:e7:68:6a:9e:
ad:5f:42:0c:02:42:f2:d8:50:61:d1:8b:c1:cf:97:
0f:c5:e3:11:5e:8c:df:60:42:1c:12:fa:9d:d5:8e:
25:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:7C:86:A1:FB:42:E6:E5:91:45:B8:87:3E:07:39:7E:88:D9:8C:0A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f5f17520-2ea0-4b9a-a01c-04329523a547.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.61.0.0/16
Signature Algorithm: sha256WithRSAEncryption
96:da:34:c2:f3:2a:47:0a:01:25:38:98:d1:06:e0:01:1a:f7:
09:b4:5f:4c:88:92:c2:e3:09:84:cd:69:2f:4d:df:e8:5d:8c:
18:47:8a:b0:80:5f:e1:78:f0:16:ba:62:5b:22:ae:d4:48:e2:
2f:b7:b1:a7:84:ce:3b:be:2a:bb:ac:ac:f7:a1:d7:e4:54:bb:
4b:94:9e:d9:0e:5c:e4:8a:17:b3:73:10:ba:90:4e:77:3b:80:
98:54:32:34:ae:28:c4:7f:e7:3f:18:e3:2b:72:a4:96:09:6f:
c8:b1:c2:cf:de:87:a6:50:ef:62:2b:77:86:46:df:af:28:c7:
c5:f4:b5:55:74:ef:9e:44:3c:6a:14:1d:3d:c2:b8:91:73:0d:
46:78:0d:f4:2d:8b:43:ac:73:85:90:6b:8b:8d:75:b6:e1:3c:
e6:a7:53:d9:03:cd:fc:de:8a:94:2c:63:35:e4:c3:6a:6a:f7:
3b:fa:d8:a4:07:52:b5:ae:a9:3f:91:8b:cc:bd:b0:74:0d:19:
b8:8c:03:fb:18:e4:a5:40:af:7f:8f:a5:7c:53:8b:fd:b9:e4:
96:12:24:0a:06:73:5d:59:cf:39:7e:f8:64:69:89:8e:ee:50:
c3:c3:21:85:e0:97:3b:90:fd:48:e4:71:a3:a0:61:15:28:e4:
f5:d3:55:73
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUPclCbz+0mFeelN1a+oK3fPcX8X8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MjUwMDUwMjFaFw0yNTA3MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGJjZjU4OTk3N2FlMGQ3YTY4ZDNhNDg1ZDJjM2VkN2Y5MzZmNmI2ZTk5Mjk0
NzliMmJiMjdkNmE3MmVkY2QyNzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKB3XBUiLLP1utarwQ6LiaNdYbdBx40XSzrVoKpBLgBMVWpqkOApmrda+JMn
czFEqY/j1tus8uWD9pNAY0KWgHEG/GHgdg9+UqchIZ88Bc9XqXD0IKP3gMe52QsU
9gxsflQplAOgakEdQDKY+ceWzsxWTZohym59ecXsM2FecCZux688Uz8vKJw3dG5c
C/GfrNBHjLoXsjHTr33WroVK+xIYHWQJ4g39LnDBUzJqxrgHesVP2Ca7kZ+AMOvu
q0u4lHOayhQKRCbrQVNAlMdBMHnRJqNiWFItIj20gj/naGqerV9CDAJC8thQYdGL
wc+XD8XjEV6M32BCHBL6ndWOJfsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSrfIah
+0Lm5ZFFuIc+Bzl+iNmMCjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjVmMTc1MjAtMmVhMC00YjlhLWEwMWMtMDQzMjk1MjNhNTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMM9MA0G
CSqGSIb3DQEBCwUAA4IBAQCW2jTC8ypHCgElOJjRBuABGvcJtF9MiJLC4wmEzWkv
Td/oXYwYR4qwgF/hePAWumJbIq7USOIvt7GnhM47viq7rKz3odfkVLtLlJ7ZDlzk
ihezcxC6kE53O4CYVDI0rijEf+c/GOMrcqSWCW/IscLP3oemUO9iK3eGRt+vKMfF
9LVVdO+eRDxqFB09wriRcw1GeA30LYtDrHOFkGuLjXW24Tzmp1PZA8383oqULGM1
5MNqavc7+tikB1K1rqk/kYvMvbB0DRm4jAP7GOSlQK9/j6V8U4v9ueSWEiQKBnNd
Wc85fvhkaYmO7lDDwyGF4Jc7kP1I5HGjoGEVKOT101Vz
-----END CERTIFICATE-----
Generated at Sun Jun 29 05:20:05 2025 by rpki-client