Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
File: 3558ad32-215e-47a4-9f5b-477ec71e940f.roa (raw, json)
Hash identifier: hd3Y9MITEkbwYKSH2qjdf8faYeT9VYgvz6W4KTjy6EY=
Subject key identifier: B3:04:0A:7F:A8:09:C0:47:E8:5E:CE:A8:F8:E5:A3:32:C7:7F:73:96
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 232AE7ED32AD34E4F8000FE22242D8641246BCB2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
Signing time: Tue 20 May 2025 20:41:26 +0000
ROA not before: Tue 20 May 2025 20:41:26 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:2a:e7:ed:32:ad:34:e4:f8:00:0f:e2:22:42:d8:64:12:46:bc:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:41:26 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=b5736be2b48c73c000a4d2c1421de06ae0023cdba96d5f9def846a8125743647, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:a7:5a:ce:b2:59:22:9b:13:21:46:31:c6:bd:
62:4b:70:d8:fc:a9:0c:43:dc:44:f5:a4:9a:3f:d1:
9f:49:4e:de:c1:1f:71:0d:8f:57:a1:76:42:be:b6:
69:50:62:ab:c3:ed:e9:04:3f:50:ba:da:5b:44:e5:
e7:8f:06:fb:89:40:42:f8:c5:1c:4d:0f:13:10:0f:
1d:3e:4d:c7:b9:58:29:35:c1:41:52:35:1f:5e:56:
00:e3:d4:f5:86:5d:53:83:b8:55:2b:2a:99:d3:43:
52:a1:5f:f0:57:da:36:cc:34:f7:a3:4f:68:7d:e8:
a1:11:71:1d:7e:7a:72:f6:54:08:6b:10:3b:5c:90:
26:37:d9:fe:1b:fd:b6:96:d6:60:0d:5c:bb:63:59:
09:e7:a4:66:93:c8:4e:c6:ea:09:c2:dd:fc:2d:85:
8b:33:aa:db:b4:1f:ea:4e:f3:0a:80:c4:8c:b3:84:
9f:34:11:65:64:4f:99:20:b6:c6:ac:56:e0:08:ec:
32:6c:c3:8f:04:0e:6e:f1:78:8f:62:09:dd:e4:b1:
2c:5d:88:80:ed:b1:af:f8:fc:21:35:4c:ec:55:f8:
99:35:2e:7e:64:e6:57:5d:f0:ac:c5:59:8f:08:f8:
4e:32:b5:18:ec:d7:85:ac:3d:f0:b7:e0:82:d1:2d:
76:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:04:0A:7F:A8:09:C0:47:E8:5E:CE:A8:F8:E5:A3:32:C7:7F:73:96
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578:3::/48
Signature Algorithm: sha256WithRSAEncryption
a2:26:a9:93:f0:40:91:87:99:a8:c1:7f:91:95:57:83:83:01:
ad:82:1d:16:ae:93:f7:8f:7f:82:f1:84:8a:e4:b4:79:c1:76:
9d:37:cf:54:73:72:0f:3f:99:0f:83:2c:0a:aa:b9:b9:26:d8:
bb:ca:92:07:d3:c8:e4:ef:0e:b1:27:e2:8d:fb:50:5e:5c:e6:
f5:94:68:61:bc:2a:17:77:ae:f3:09:18:24:74:f7:cf:9a:b8:
16:aa:49:00:4a:fb:f6:de:37:89:d5:38:43:ff:ef:88:ed:4a:
d9:f7:8b:15:86:21:ca:87:91:77:71:dc:8d:b4:30:4e:1d:f1:
ee:65:15:7d:8c:51:b6:18:40:4f:88:e1:65:f9:25:b3:c8:e2:
95:f5:3b:cc:c4:29:a2:53:f9:8f:d9:9c:d8:bd:a0:c7:1b:4c:
b0:31:73:01:04:04:14:34:5a:62:4b:ab:ed:30:4f:9d:4f:b4:
0e:39:76:89:e6:8d:4b:13:81:24:42:f0:9e:17:96:f4:b4:bb:
82:c1:2d:4f:63:96:23:4c:cd:1d:41:13:37:9a:2c:f8:60:93:
97:a7:af:20:19:f4:74:b6:61:29:15:7f:36:de:3c:3c:e4:ec:
c3:54:02:e6:fe:53:17:51:a6:ac:85:d3:74:aa:1b:8c:68:97:
2d:75:7c:da
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUIyrn7TKtNOT4AA/iIkLYZBJGvLIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDQxMjZaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGI1NzM2YmUyYjQ4YzczYzAwMGE0ZDJjMTQyMWRlMDZhZTAwMjNjZGJhOTZk
NWY5ZGVmODQ2YTgxMjU3NDM2NDcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMqnWs6yWSKbEyFGMca9Yktw2PypDEPcRPWkmj/Rn0lO3sEfcQ2PV6F2Qr62
aVBiq8Pt6QQ/ULraW0Tl548G+4lAQvjFHE0PExAPHT5Nx7lYKTXBQVI1H15WAOPU
9YZdU4O4VSsqmdNDUqFf8FfaNsw096NPaH3ooRFxHX56cvZUCGsQO1yQJjfZ/hv9
tpbWYA1cu2NZCeekZpPITsbqCcLd/C2FizOq27Qf6k7zCoDEjLOEnzQRZWRPmSC2
xqxW4AjsMmzDjwQObvF4j2IJ3eSxLF2IgO2xr/j8ITVM7FX4mTUufmTmV13wrMVZ
jwj4TjK1GOzXhaw98LfggtEtdmMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSzBAp/
qAnAR+hezqj45aMyx39zljAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzU1OGFkMzItMjE1ZS00N2E0LTlmNWItNDc3ZWM3MWU5NDBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
AzANBgkqhkiG9w0BAQsFAAOCAQEAoiapk/BAkYeZqMF/kZVXg4MBrYIdFq6T949/
gvGEiuS0ecF2nTfPVHNyDz+ZD4MsCqq5uSbYu8qSB9PI5O8OsSfijftQXlzm9ZRo
YbwqF3eu8wkYJHT3z5q4FqpJAEr79t43idU4Q//viO1K2feLFYYhyoeRd3HcjbQw
Th3x7mUVfYxRthhAT4jhZfkls8jilfU7zMQpolP5j9mc2L2gxxtMsDFzAQQEFDRa
Ykur7TBPnU+0Djl2ieaNSxOBJELwnheW9LS7gsEtT2OWI0zNHUETN5os+GCTl6ev
IBn0dLZhKRV/Nt48POTsw1QC5v5TF1GmrIXTdKobjGiXLXV82g==
-----END CERTIFICATE-----
Generated at Sat Jun 14 06:04:15 2025 by rpki-client