Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
File: 3558ad32-215e-47a4-9f5b-477ec71e940f.roa (raw, json)
Hash identifier: 24rPmqor+IYKiCgyW2Tl8mJiDbGyZrGp8bSoxrN/LXM=
Subject key identifier: 80:4C:FF:F2:98:83:CB:91:2B:3B:2F:68:72:72:37:FA:AA:73:9F:FC
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3FFAF378CF532F7A8335DEE332282C9FA0C63C14
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
Signing time: Fri 25 Apr 2025 20:31:29 +0000
ROA not before: Fri 25 Apr 2025 20:31:29 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:fa:f3:78:cf:53:2f:7a:83:35:de:e3:32:28:2c:9f:a0:c6:3c:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 25 20:31:29 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=16d9a1ac5137331ef5682b5a889e0ea270bf7ed9589694e8d447ce89367c050a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ce:12:a6:c3:e3:ac:f9:8b:d7:87:1b:dd:65:
ec:d8:3b:2a:64:3e:50:a4:d1:ec:7f:24:52:46:24:
16:02:55:46:5c:c1:f6:00:6a:0d:10:4e:24:60:e5:
79:64:f3:05:8f:d9:61:07:77:7b:10:e8:3e:67:3c:
8d:32:0a:9c:4c:60:e2:99:16:fb:e8:b0:29:16:7b:
02:5f:9f:98:3d:77:34:fb:77:60:5f:21:25:25:14:
17:ec:40:ed:de:76:21:bb:17:8d:ee:1c:2f:7d:3e:
09:61:94:4f:cd:5c:82:dd:39:6d:27:28:fa:70:d9:
e7:1e:68:42:cf:36:ed:6e:86:96:36:61:cd:1e:ae:
11:40:73:6d:37:5f:38:39:e3:e4:1f:6c:d0:19:94:
ef:68:ad:6a:ae:21:d4:6b:63:2c:5e:5d:6c:3f:71:
99:a2:04:a1:19:60:78:96:b9:ae:06:b4:79:99:76:
01:c4:a5:63:38:a7:59:26:b6:99:85:57:f3:15:1a:
7c:14:4e:d3:01:5e:61:7d:00:3e:aa:25:6f:c5:79:
81:d9:1e:78:a7:65:13:ce:c9:2d:b2:77:dc:7d:ee:
32:58:d9:e5:84:20:19:11:fb:ab:99:b6:49:e3:24:
52:9f:3c:ae:a7:b8:87:13:86:33:09:94:0a:a5:75:
6a:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:4C:FF:F2:98:83:CB:91:2B:3B:2F:68:72:72:37:FA:AA:73:9F:FC
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578:3::/48
Signature Algorithm: sha256WithRSAEncryption
14:af:3a:37:45:fd:e9:35:fc:53:b5:bc:17:da:20:36:43:82:
16:05:8b:72:71:98:78:5a:93:44:86:fd:99:23:0e:6f:09:84:
47:e7:b0:88:9b:e9:fd:5a:60:6e:ea:eb:e0:99:50:f8:29:9d:
ac:e2:9a:c9:d1:d8:72:c9:8f:c1:4d:93:f3:e9:bf:a6:49:de:
2d:af:39:7f:03:f8:f9:19:3e:9e:4f:b4:9b:ea:3e:26:83:ab:
a6:99:0a:17:21:69:f3:9e:82:fa:9b:96:7a:17:aa:c9:55:fe:
3c:ef:1c:b5:52:35:27:07:af:02:77:69:f2:fa:b3:1a:99:09:
65:c5:75:24:e6:49:f8:f1:95:c5:6e:6c:db:ac:83:74:7a:6d:
97:e2:db:78:37:46:4f:43:31:74:00:a4:ab:1b:86:72:ae:8c:
68:49:19:8e:47:7f:85:52:14:ad:ee:9f:22:d0:2c:04:da:9b:
c7:38:66:18:d3:f8:51:4b:1f:14:28:7b:c4:ad:f8:0e:79:11:
7e:31:a0:89:0f:ed:f5:aa:a8:ec:0a:b4:74:c5:8e:fb:59:f0:
66:aa:40:dd:8b:c9:76:c1:1f:57:f4:68:d7:3b:02:74:34:b7:
5d:aa:06:76:c5:18:e3:d9:4a:89:8d:55:79:a2:ba:3c:00:cf:
45:e1:29:e8
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUP/rzeM9TL3qDNd7jMigsn6DGPBQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjUyMDMxMjlaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDE2ZDlhMWFjNTEzNzMzMWVmNTY4MmI1YTg4OWUwZWEyNzBiZjdlZDk1ODk2
OTRlOGQ0NDdjZTg5MzY3YzA1MGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMHOEqbD46z5i9eHG91l7Ng7KmQ+UKTR7H8kUkYkFgJVRlzB9gBqDRBOJGDl
eWTzBY/ZYQd3exDoPmc8jTIKnExg4pkW++iwKRZ7Al+fmD13NPt3YF8hJSUUF+xA
7d52IbsXje4cL30+CWGUT81cgt05bSco+nDZ5x5oQs827W6GljZhzR6uEUBzbTdf
ODnj5B9s0BmU72itaq4h1GtjLF5dbD9xmaIEoRlgeJa5rga0eZl2AcSlYzinWSa2
mYVX8xUafBRO0wFeYX0APqolb8V5gdkeeKdlE87JLbJ33H3uMljZ5YQgGRH7q5m2
SeMkUp88rqe4hxOGMwmUCqV1ahkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSATP/y
mIPLkSs7L2hycjf6qnOf/DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzU1OGFkMzItMjE1ZS00N2E0LTlmNWItNDc3ZWM3MWU5NDBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
AzANBgkqhkiG9w0BAQsFAAOCAQEAFK86N0X96TX8U7W8F9ogNkOCFgWLcnGYeFqT
RIb9mSMObwmER+ewiJvp/Vpgburr4JlQ+CmdrOKaydHYcsmPwU2T8+m/pkneLa85
fwP4+Rk+nk+0m+o+JoOrppkKFyFp856C+puWeheqyVX+PO8ctVI1JwevAndp8vqz
GpkJZcV1JOZJ+PGVxW5s26yDdHptl+LbeDdGT0MxdACkqxuGcq6MaEkZjkd/hVIU
re6fItAsBNqbxzhmGNP4UUsfFCh7xK34DnkRfjGgiQ/t9aqo7Aq0dMWO+1nwZqpA
3YvJdsEfV/Ro1zsCdDS3XaoGdsUY49lKiY1VeaK6PADPReEp6A==
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:47:12 2025 by rpki-client