Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
File: 2db57b82-f8e4-4b85-a46a-befecb4774c0.roa (raw, json)
Hash identifier: 3L0erJPmVp09O1iCyx4QTu7OVz+mmLhHVhijuj2EmtA=
Subject key identifier: 20:63:8C:03:62:F3:5F:A9:A0:86:DD:43:F9:58:2E:5A:D7:27:C2:6A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5C5DF646BDE7510ABE9341E8A355A2E9E7DAEA2D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
Signing time: Fri 11 Jul 2025 21:01:15 +0000
ROA not before: Fri 11 Jul 2025 21:01:15 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.32.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5c:5d:f6:46:bd:e7:51:0a:be:93:41:e8:a3:55:a2:e9:e7:da:ea:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 21:01:15 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=e903f978962ae375af4f79dc977b7c6005cbe3be9f2db381e7b01146511cfcc5, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:ff:20:16:91:00:bc:59:ab:3e:92:bc:96:ab:
56:d1:ac:00:07:3c:a8:be:ee:13:ae:aa:c8:d1:f7:
cb:42:3d:51:f3:30:3e:9d:1d:90:d4:43:dd:a4:a1:
24:3f:b6:1b:3a:7c:e0:99:a4:b4:d2:24:89:74:db:
7d:a3:89:01:cc:7e:09:db:de:75:83:17:31:2a:0f:
38:8c:fb:50:9d:33:23:97:a9:5d:00:42:de:49:b6:
9f:c5:f4:18:cf:2b:04:ea:2a:8c:e8:9a:ba:15:ba:
71:89:23:a3:6d:e1:0b:ee:15:b7:38:43:42:bb:59:
9c:00:c0:3c:a6:5a:e7:69:a7:98:99:a1:67:90:a5:
c4:21:25:6c:83:0f:7f:0a:11:58:85:ec:3c:dd:7e:
e4:64:da:d4:0b:6d:e1:f3:e0:05:b5:ea:b0:24:c0:
ca:15:6b:73:44:01:83:bf:89:55:1d:86:01:13:d6:
8e:c6:7b:73:cc:a7:e3:8e:d5:12:7b:fa:c0:8f:1e:
b0:d1:37:e6:ef:14:1f:b0:be:5d:d8:70:1d:17:27:
56:40:f2:bd:37:fd:bb:07:0f:cf:f3:ad:58:28:00:
60:f7:6a:29:93:9a:63:a8:1d:24:99:b3:53:58:ee:
bc:9c:f4:e5:7e:92:28:1b:2f:fd:7a:67:96:de:f2:
ed:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:63:8C:03:62:F3:5F:A9:A0:86:DD:43:F9:58:2E:5A:D7:27:C2:6A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.32.0.0/16
Signature Algorithm: sha256WithRSAEncryption
18:1d:28:68:7b:fd:a4:12:ec:b1:cf:59:36:4a:68:dc:96:2a:
73:f4:cc:f0:b3:5e:4f:80:c1:5e:a1:06:17:85:d0:bb:d1:fa:
cd:49:81:82:41:72:f5:85:8b:cb:87:9f:60:c0:e4:49:af:1b:
b5:2f:50:45:21:1c:d3:2a:74:59:20:55:52:4f:80:1a:2c:1c:
7c:79:61:13:28:32:0b:14:76:81:56:6c:a9:4d:bd:b9:30:7f:
01:1e:3e:64:c5:ad:9f:18:43:31:b3:a4:ed:b8:c8:0c:40:54:
df:1d:3e:c1:8b:01:0a:07:f8:b9:cb:a9:c0:83:25:62:35:94:
b8:f5:9b:63:26:9a:27:ec:7f:43:da:c6:b5:10:27:4d:43:3e:
d2:4c:71:10:24:1d:f9:66:ee:ea:00:24:ca:09:e1:2e:cb:5b:
2f:ac:96:89:1f:c7:74:61:6b:1e:66:a9:ed:e6:b2:21:92:a1:
03:0f:a0:ac:0d:e4:0c:d2:2a:0d:d1:45:2c:65:89:0f:18:75:
8c:4a:3b:8b:49:67:0b:22:8f:c9:5d:9a:ee:11:46:ea:bf:01:
de:16:04:ce:8c:19:01:74:55:fe:16:c5:5f:c3:e6:21:e4:51:
6a:d1:91:96:40:16:2f:8a:c6:a3:f7:72:a8:8f:d5:80:0e:2b:
de:23:da:92
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXF32Rr3nUQq+k0Hoo1Wi6efa6i0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMTAxMTVaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5MDNmOTc4OTYyYWUzNzVhZjRmNzlkYzk3N2I3YzYwMDVjYmUzYmU5ZjJk
YjM4MWU3YjAxMTQ2NTExY2ZjYzUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK3/IBaRALxZqz6SvJarVtGsAAc8qL7uE66qyNH3y0I9UfMwPp0dkNRD3aSh
JD+2Gzp84JmktNIkiXTbfaOJAcx+CdvedYMXMSoPOIz7UJ0zI5epXQBC3km2n8X0
GM8rBOoqjOiauhW6cYkjo23hC+4VtzhDQrtZnADAPKZa52mnmJmhZ5ClxCElbIMP
fwoRWIXsPN1+5GTa1Att4fPgBbXqsCTAyhVrc0QBg7+JVR2GARPWjsZ7c8yn447V
Env6wI8esNE35u8UH7C+XdhwHRcnVkDyvTf9uwcPz/OtWCgAYPdqKZOaY6gdJJmz
U1juvJz05X6SKBsv/Xpnlt7y7RkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQgY4wD
YvNfqaCG3UP5WC5a1yfCajAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmRiNTdiODItZjhlNC00Yjg1LWE0NmEtYmVmZWNiNDc3NGMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMgMA0G
CSqGSIb3DQEBCwUAA4IBAQAYHShoe/2kEuyxz1k2Smjclipz9Mzws15PgMFeoQYX
hdC70frNSYGCQXL1hYvLh59gwORJrxu1L1BFIRzTKnRZIFVST4AaLBx8eWETKDIL
FHaBVmypTb25MH8BHj5kxa2fGEMxs6TtuMgMQFTfHT7BiwEKB/i5y6nAgyViNZS4
9ZtjJpon7H9D2sa1ECdNQz7STHEQJB35Zu7qACTKCeEuy1svrJaJH8d0YWseZqnt
5rIhkqEDD6CsDeQM0ioN0UUsZYkPGHWMSjuLSWcLIo/JXZruEUbqvwHeFgTOjBkB
dFX+FsVfw+Yh5FFq0ZGWQBYvisaj93Koj9WADiveI9qS
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:29:01 2025 by rpki-client