Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/41816f61-5ce3-406a-8d78-37c4eafa6915.roa
File: 41816f61-5ce3-406a-8d78-37c4eafa6915.roa (raw, json)
Hash identifier: VSEkjYO/ic3b8fqpEY4uCaXbhLym0g1aulztJd2mHDI=
Subject key identifier: 34:AF:8F:56:2F:D3:45:BF:BB:AE:A0:53:71:0A:B7:F1:61:BC:07:99
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 717F6E60A5FB3DB944224EAD75A0C2190531B4DA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/41816f61-5ce3-406a-8d78-37c4eafa6915.roa
Signing time: Fri 11 Jul 2025 20:50:11 +0000
ROA not before: Fri 11 Jul 2025 20:50:11 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.32.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:7f:6e:60:a5:fb:3d:b9:44:22:4e:ad:75:a0:c2:19:05:31:b4:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 20:50:11 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=748298fbf19985eb8ed21397c4eacc1960fb081cfb5640e0b7f003fc97e4020b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:0e:c2:8b:7f:aa:60:27:2e:09:5e:9b:78:01:
4c:9e:ac:89:94:dd:6f:8a:5f:1e:99:3a:22:c5:6a:
a1:fb:85:67:2c:a6:ce:6f:73:2b:6f:bc:9d:cb:b3:
f9:f2:49:36:a4:6e:d0:5b:1e:be:8f:71:b0:81:75:
5c:42:fb:03:89:14:8f:06:85:cb:89:22:67:b2:04:
18:7f:2b:48:21:fc:46:70:27:3a:c3:c8:c5:44:0e:
6d:e8:f8:95:f2:aa:ab:ca:59:3b:5a:4a:62:4a:ac:
55:3a:0d:8d:5e:0c:79:58:79:da:9d:d5:09:9d:5f:
7e:b2:b9:b0:9c:f4:cf:48:12:b3:97:b5:72:a7:10:
f9:b1:1c:22:b2:58:6b:f9:30:26:eb:d2:fa:8f:8d:
d5:19:f9:54:a3:ba:7e:36:7a:b4:e8:03:d8:de:1a:
7c:1f:4f:50:00:b8:53:a6:53:8d:e8:a9:e0:11:bd:
7d:ae:84:60:48:0c:1b:0e:6e:0d:42:d7:77:12:37:
3c:4f:9d:11:c5:f6:32:c0:0c:81:d0:bb:a2:a7:b0:
54:06:a1:e6:5b:ba:fb:37:fd:6d:12:82:89:22:60:
4b:92:02:8f:70:5d:9b:0f:d5:e0:e3:14:f9:57:cd:
26:1c:65:3f:10:21:6e:84:70:c8:d1:c5:2b:60:08:
ac:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:AF:8F:56:2F:D3:45:BF:BB:AE:A0:53:71:0A:B7:F1:61:BC:07:99
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/41816f61-5ce3-406a-8d78-37c4eafa6915.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.32.0/19
Signature Algorithm: sha256WithRSAEncryption
89:d1:df:9f:35:17:03:e2:75:03:47:e3:6c:93:e5:f2:28:e9:
d9:86:71:9d:6c:1d:d4:95:98:2a:a8:57:d3:d1:ff:1a:48:c4:
dc:09:09:4b:7e:a1:16:8e:af:aa:65:57:3a:27:87:6b:81:e7:
1b:cb:a5:40:5b:b5:0a:1f:a5:9f:10:f6:6f:58:e7:83:41:fb:
8e:6f:e1:42:a1:4a:15:d6:25:45:ac:e4:19:f1:0b:18:e5:ea:
fc:4e:eb:7f:94:9e:e1:e8:0c:0a:21:8c:32:7f:fd:78:4a:09:
03:77:c5:8f:d8:39:b9:2f:7d:4c:6d:c2:47:41:ae:81:ba:0c:
86:ab:e9:4d:fa:3d:8c:c5:59:7c:c8:5a:ba:31:8e:d7:6f:79:
16:86:55:1b:fb:33:a3:b6:98:ad:c0:7e:d1:39:c7:1e:3a:ba:
d7:78:96:12:f0:1e:27:84:11:a5:49:d2:71:2c:8e:41:e5:1b:
0e:bf:f3:9e:0b:a7:f4:22:97:4d:86:67:c4:fe:55:72:db:c0:
ff:e3:ab:b9:e7:c0:7a:ab:9e:18:c1:0e:96:c0:28:16:3c:71:
3b:81:f5:a4:38:0b:a7:b1:a3:c8:39:1a:ca:fb:41:98:cc:51:
83:50:a1:f8:7b:c8:85:0a:7d:02:83:ef:1e:b2:73:21:f8:fe:
f1:72:9a:ae
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUcX9uYKX7PblEIk6tdaDCGQUxtNowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMDUwMTFaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc0ODI5OGZiZjE5OTg1ZWI4ZWQyMTM5N2M0ZWFjYzE5NjBmYjA4MWNmYjU2
NDBlMGI3ZjAwM2ZjOTdlNDAyMGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKQOwot/qmAnLglem3gBTJ6siZTdb4pfHpk6IsVqofuFZyymzm9zK2+8ncuz
+fJJNqRu0Fsevo9xsIF1XEL7A4kUjwaFy4kiZ7IEGH8rSCH8RnAnOsPIxUQObej4
lfKqq8pZO1pKYkqsVToNjV4MeVh52p3VCZ1ffrK5sJz0z0gSs5e1cqcQ+bEcIrJY
a/kwJuvS+o+N1Rn5VKO6fjZ6tOgD2N4afB9PUAC4U6ZTjeip4BG9fa6EYEgMGw5u
DULXdxI3PE+dEcX2MsAMgdC7oqewVAah5lu6+zf9bRKCiSJgS5ICj3Bdmw/V4OMU
+VfNJhxlPxAhboRwyNHFK2AIrOsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ0r49W
L9NFv7uuoFNxCrfxYbwHmTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDE4MTZmNjEtNWNlMy00MDZhLThkNzgtMzdjNGVhZmE2OTE1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBTMAIDAN
BgkqhkiG9w0BAQsFAAOCAQEAidHfnzUXA+J1A0fjbJPl8ijp2YZxnWwd1JWYKqhX
09H/GkjE3AkJS36hFo6vqmVXOieHa4HnG8ulQFu1Ch+lnxD2b1jng0H7jm/hQqFK
FdYlRazkGfELGOXq/E7rf5Se4egMCiGMMn/9eEoJA3fFj9g5uS99TG3CR0GugboM
hqvpTfo9jMVZfMhaujGO1295FoZVG/szo7aYrcB+0TnHHjq613iWEvAeJ4QRpUnS
cSyOQeUbDr/zngun9CKXTYZnxP5VctvA/+OruefAequeGMEOlsAoFjxxO4H1pDgL
p7GjyDkayvtBmMxRg1Ch+HvIhQp9AoPvHrJzIfj+8XKarg==
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:17:24 2025 by rpki-client