Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
File: 2db57b82-f8e4-4b85-a46a-befecb4774c0.roa (raw, json)
Hash identifier: bIt/faws7ItqZ6KFU3VJXIClTqnSTuEAossOVfoYB7U=
Subject key identifier: A3:FA:45:2A:B8:8D:80:45:1F:8E:88:19:CF:CB:53:15:BF:0A:EE:FA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 41E704342A2B50500537A6FA502E4D4CAC43853F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
Signing time: Fri 25 Apr 2025 20:40:15 +0000
ROA not before: Fri 25 Apr 2025 20:40:15 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.32.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:e7:04:34:2a:2b:50:50:05:37:a6:fa:50:2e:4d:4c:ac:43:85:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 25 20:40:15 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=5f2a29948b6597c7f7c1bc8024feac14530d39dae1b8bf0304ad496f2fec0ca5, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:43:b1:70:2f:d8:3e:a2:2f:5d:30:bf:bc:b1:
58:bc:63:96:0a:6c:98:9a:44:5c:25:ce:1b:2d:0d:
04:12:5e:03:0c:1b:ab:13:1c:ee:3b:ad:b6:51:69:
5d:fe:03:9a:f4:a9:3f:4d:eb:84:7d:32:b3:f9:b0:
b4:46:6b:a9:d8:1b:89:b5:7c:e0:65:be:95:65:28:
a1:43:18:68:e8:c0:46:39:87:3c:46:1b:9c:4a:78:
29:10:a0:67:4a:f8:e3:e7:b6:c9:8a:30:86:e8:08:
d9:a3:d6:2f:d9:2e:c2:6f:e6:9e:b1:8e:32:75:cf:
fc:c8:21:f3:c3:a2:06:74:73:22:bf:de:aa:c9:bf:
b7:00:37:c9:d8:71:04:b4:ec:41:07:22:ee:6d:97:
4a:cf:95:93:fc:f7:17:48:db:42:8f:8c:3a:da:99:
c5:64:c7:2e:b8:47:72:ac:90:34:20:74:38:6d:48:
cc:66:00:79:4d:08:bd:3e:bb:0d:53:52:19:04:0e:
9f:b0:51:4e:21:0b:4e:f6:0f:4f:61:fb:48:31:a1:
b8:01:2d:00:b8:9e:e4:c0:71:5b:ac:bb:d1:bb:12:
8e:b3:63:12:f4:ff:1f:a3:9e:09:c9:06:0b:6b:8f:
4f:43:93:ad:6b:ac:b2:8c:6d:22:fe:79:b1:a3:3a:
56:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:FA:45:2A:B8:8D:80:45:1F:8E:88:19:CF:CB:53:15:BF:0A:EE:FA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.32.0.0/16
Signature Algorithm: sha256WithRSAEncryption
70:83:8f:64:87:7f:07:9b:54:11:74:7c:78:f4:d4:34:9f:e2:
ca:29:bf:81:9e:d1:82:be:10:38:87:fb:c9:1f:a9:39:53:67:
78:91:7c:21:52:3a:79:36:24:e9:d2:e6:d6:59:b0:13:ca:48:
f9:19:75:b1:eb:3b:6c:76:c2:ff:a2:6c:ff:b8:e8:1f:fd:e1:
22:1d:6e:ab:80:08:2a:c7:86:f2:65:43:be:bd:e5:df:49:ba:
58:9d:85:2e:58:c7:a3:a6:f8:83:07:b6:bf:a2:21:79:e3:fc:
22:8a:60:87:5a:8a:7f:13:1c:1a:1b:04:b8:47:50:b7:02:a9:
2f:30:41:8e:25:22:4c:62:12:77:10:16:1d:e6:22:66:a9:66:
7e:a4:e6:af:6e:13:ba:37:2e:84:25:d5:f2:b4:1a:1d:78:e5:
b7:96:8b:ae:05:7c:1f:14:8d:75:fb:fd:bc:4f:29:e9:b1:ae:
7f:a1:0a:ab:6d:a8:ef:bd:9a:56:c8:78:13:e6:9f:80:69:c7:
e8:25:73:88:10:8c:81:bb:e3:d2:c3:6d:f1:31:0d:e4:f1:5a:
e3:55:cf:6f:27:c3:30:1f:e9:3f:31:b0:25:e0:3a:ca:ef:21:
2e:02:a4:66:1c:b8:41:32:23:a5:95:77:7f:ab:3a:2c:21:5b:
a7:31:b6:80
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUQecENCorUFAFN6b6UC5NTKxDhT8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjUyMDQwMTVaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDVmMmEyOTk0OGI2NTk3YzdmN2MxYmM4MDI0ZmVhYzE0NTMwZDM5ZGFlMWI4
YmYwMzA0YWQ0OTZmMmZlYzBjYTUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMdDsXAv2D6iL10wv7yxWLxjlgpsmJpEXCXOGy0NBBJeAwwbqxMc7juttlFp
Xf4DmvSpP03rhH0ys/mwtEZrqdgbibV84GW+lWUooUMYaOjARjmHPEYbnEp4KRCg
Z0r44+e2yYowhugI2aPWL9kuwm/mnrGOMnXP/Mgh88OiBnRzIr/eqsm/twA3ydhx
BLTsQQci7m2XSs+Vk/z3F0jbQo+MOtqZxWTHLrhHcqyQNCB0OG1IzGYAeU0IvT67
DVNSGQQOn7BRTiELTvYPT2H7SDGhuAEtALie5MBxW6y70bsSjrNjEvT/H6OeCckG
C2uPT0OTrWussoxtIv55saM6VjsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSj+kUq
uI2ARR+OiBnPy1MVvwru+jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmRiNTdiODItZjhlNC00Yjg1LWE0NmEtYmVmZWNiNDc3NGMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMgMA0G
CSqGSIb3DQEBCwUAA4IBAQBwg49kh38Hm1QRdHx49NQ0n+LKKb+BntGCvhA4h/vJ
H6k5U2d4kXwhUjp5NiTp0ubWWbATykj5GXWx6ztsdsL/omz/uOgf/eEiHW6rgAgq
x4byZUO+veXfSbpYnYUuWMejpviDB7a/oiF54/wiimCHWop/ExwaGwS4R1C3Aqkv
MEGOJSJMYhJ3EBYd5iJmqWZ+pOavbhO6Ny6EJdXytBodeOW3louuBXwfFI11+/28
Tynpsa5/oQqrbajvvZpWyHgT5p+AacfoJXOIEIyBu+PSw23xMQ3k8VrjVc9vJ8Mw
H+k/MbAl4DrK7yEuAqRmHLhBMiOllXd/qzosIVunMbaA
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:46:02 2025 by rpki-client