Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
File: 123b20eb-4142-4c18-96e0-d1871de66fd3.roa (raw, json)
Hash identifier: xkrQaRuj9hoitEmXOrCNftTE96s0spbqVRMN7xDACF8=
Subject key identifier: 4F:6A:CC:8E:05:6D:39:27:67:2F:CA:83:DF:F8:7C:94:45:F7:7B:F5
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 08FA496ED7366B765AFB9F94C93CAA2F9D713565
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
Signing time: Fri 11 Jul 2025 21:01:07 +0000
ROA not before: Fri 11 Jul 2025 21:01:07 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.214.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:fa:49:6e:d7:36:6b:76:5a:fb:9f:94:c9:3c:aa:2f:9d:71:35:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 21:01:07 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=22029f9d301b872d8b4e405d0b853fd53e65a987dc184f035dbb091d98f9b483, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:87:11:9b:db:8a:23:ae:40:ee:0d:f3:b3:07:
1a:c2:3c:46:12:ff:5a:63:88:b5:f9:29:9e:a5:31:
b3:e3:85:1f:52:2a:b1:48:34:16:08:20:67:25:eb:
22:31:71:1d:41:c2:38:56:90:78:8e:e0:70:cd:c2:
77:8c:1d:90:cb:20:b6:06:78:75:f7:83:30:ff:be:
49:0e:08:2d:09:33:2d:49:b5:30:e3:03:96:48:c6:
f9:f7:9c:c5:8f:d1:92:7f:a1:be:18:9d:cd:08:31:
5f:c1:c9:1d:b7:33:6e:86:c7:56:96:2c:57:43:32:
96:20:9b:0b:bb:5c:e8:34:a7:d8:d7:02:d4:2b:2f:
bf:15:09:15:8d:58:80:cb:78:a9:ba:7d:b3:c0:ee:
c1:72:34:52:21:d4:a6:16:c6:54:f5:4a:b4:cd:20:
e9:64:8a:f2:99:b5:a9:02:4a:6d:f8:50:27:ea:36:
17:c7:7e:83:7f:70:ef:5b:38:a3:7f:99:50:6d:15:
18:1c:b3:ac:61:61:f7:14:98:a4:d2:03:cc:0c:da:
f5:fc:a6:0f:6c:f2:8e:87:bb:1e:48:51:f1:a9:18:
4a:38:00:57:2c:e8:1a:14:a0:3d:5c:48:3a:ed:e9:
d8:40:ed:b6:79:44:3f:ea:1d:92:a5:8d:3e:47:02:
4d:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:6A:CC:8E:05:6D:39:27:67:2F:CA:83:DF:F8:7C:94:45:F7:7B:F5
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.214.0.0/15
Signature Algorithm: sha256WithRSAEncryption
03:ff:95:f6:25:74:31:93:8a:ea:45:6a:24:84:0e:4b:7d:4d:
b0:f8:59:ed:bb:3d:ba:c6:cf:f8:50:4d:62:d9:69:d8:11:75:
bb:e5:14:43:c2:b9:a3:25:49:1e:c9:8f:45:f9:8b:25:ec:61:
07:3e:57:8e:3a:02:ac:b0:b4:33:54:54:c3:66:8a:7c:38:1f:
27:2d:83:ae:0a:79:45:51:a1:13:5c:72:a1:e5:06:5b:0d:6e:
40:78:dc:0e:1d:54:75:2b:0b:c1:5c:50:94:e4:da:72:24:32:
f6:2e:98:a8:cd:17:fd:59:ee:d1:3f:11:fc:e8:b8:07:92:91:
ed:cb:72:3a:bd:0c:84:b1:29:19:f2:7c:ad:86:50:80:12:f3:
b6:8d:a5:05:be:dc:b3:29:94:ea:f0:81:85:c8:4f:0e:cb:2b:
26:30:f4:fb:32:07:1c:f3:87:e4:24:41:26:8b:01:85:ec:bb:
e2:ad:0a:ba:31:44:07:73:f4:33:e1:2b:96:e2:c2:d1:b0:b2:
e0:16:f5:bc:19:58:dc:97:69:2f:43:87:c0:72:5a:47:71:cf:
ee:bc:b4:06:3d:7f:51:97:09:19:21:ac:5a:f8:4b:28:03:f8:
7e:60:e6:07:c5:f1:1e:75:bd:71:4c:a1:bb:fa:c5:02:e3:f0:
ff:81:1a:3b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUCPpJbtc2a3Za+5+UyTyqL51xNWUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMTAxMDdaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDIyMDI5ZjlkMzAxYjg3MmQ4YjRlNDA1ZDBiODUzZmQ1M2U2NWE5ODdkYzE4
NGYwMzVkYmIwOTFkOThmOWI0ODMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOaHEZvbiiOuQO4N87MHGsI8RhL/WmOItfkpnqUxs+OFH1IqsUg0FgggZyXr
IjFxHUHCOFaQeI7gcM3Cd4wdkMsgtgZ4dfeDMP++SQ4ILQkzLUm1MOMDlkjG+fec
xY/Rkn+hvhidzQgxX8HJHbczbobHVpYsV0MyliCbC7tc6DSn2NcC1CsvvxUJFY1Y
gMt4qbp9s8DuwXI0UiHUphbGVPVKtM0g6WSK8pm1qQJKbfhQJ+o2F8d+g39w71s4
o3+ZUG0VGByzrGFh9xSYpNIDzAza9fymD2zyjoe7HkhR8akYSjgAVyzoGhSgPVxI
Ou3p2EDttnlEP+odkqWNPkcCTakCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRPasyO
BW05J2cvyoPf+HyURfd79TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTIzYjIwZWItNDE0Mi00YzE4LTk2ZTAtZDE4NzFkZTY2ZmQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPWMA0G
CSqGSIb3DQEBCwUAA4IBAQAD/5X2JXQxk4rqRWokhA5LfU2w+Fntuz26xs/4UE1i
2WnYEXW75RRDwrmjJUkeyY9F+Ysl7GEHPleOOgKssLQzVFTDZop8OB8nLYOuCnlF
UaETXHKh5QZbDW5AeNwOHVR1KwvBXFCU5NpyJDL2LpiozRf9We7RPxH86LgHkpHt
y3I6vQyEsSkZ8nythlCAEvO2jaUFvtyzKZTq8IGFyE8OyysmMPT7Mgcc84fkJEEm
iwGF7LvirQq6MUQHc/Qz4SuW4sLRsLLgFvW8GVjcl2kvQ4fAclpHcc/uvLQGPX9R
lwkZIaxa+EsoA/h+YOYHxfEedb1xTKG7+sUC4/D/gRo7
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:18:25 2025 by rpki-client