Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa
File: 42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa (raw, json)
Hash identifier: 0zJia+snGEjOCrhABCX6ORiBiHXKx6Renk+eizgNCtc=
Subject key identifier: EC:B8:EF:54:0D:D3:E6:D4:08:4E:68:24:ED:46:F7:B8:7C:57:1B:A7
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0DA739B017B0532086BA7CA754159EA7BB9EF48E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa
Signing time: Fri 11 Jul 2025 21:00:18 +0000
ROA not before: Fri 11 Jul 2025 21:00:18 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.164.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:a7:39:b0:17:b0:53:20:86:ba:7c:a7:54:15:9e:a7:bb:9e:f4:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 21:00:18 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=5029225bfafd85204b44750d7690f9acc1f3abe8c8dac57bd3d5bbfc11b4a22e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:32:92:fc:14:92:69:60:a4:b2:9e:58:2a:c2:
23:7e:8d:b5:f1:bb:5c:b8:9e:dc:54:29:bb:09:1f:
b0:49:22:3c:5d:0b:d6:f8:05:94:66:4f:60:74:d3:
14:38:40:43:4f:c4:d0:0e:31:36:29:e3:df:ef:0c:
be:00:d8:10:e1:f9:58:51:b5:5c:93:68:5e:aa:47:
0c:e3:24:e7:e2:80:34:3a:5f:04:5b:58:ba:bd:aa:
f1:9f:3e:d7:72:e2:92:fe:4f:34:67:c1:46:11:4e:
d6:4e:98:9d:6f:d6:28:c4:26:6c:0f:91:fa:6d:5c:
7e:90:87:bd:1e:e5:9d:30:ec:68:b2:21:59:c9:89:
89:b0:e8:5e:d0:c0:42:ca:7f:9e:76:89:29:2c:6c:
b4:a1:59:d1:81:44:16:d8:0b:8a:af:3d:fe:d0:68:
54:36:79:00:4d:a5:ec:43:cc:31:f8:a1:bb:d7:b9:
78:a8:b4:c0:b1:0b:3a:ba:63:54:d8:62:f7:8a:93:
f7:63:fd:db:2c:ce:82:2a:1f:b5:3d:6d:b9:b4:42:
53:00:79:f6:23:3f:c5:67:6a:71:71:b3:7f:b8:95:
d8:fb:07:9b:8e:6c:dc:30:6f:2d:66:a0:3a:00:86:
de:65:a8:20:eb:3a:79:7d:f2:15:7f:fc:0a:dc:1c:
4d:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:B8:EF:54:0D:D3:E6:D4:08:4E:68:24:ED:46:F7:B8:7C:57:1B:A7
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.164.0.0/15
Signature Algorithm: sha256WithRSAEncryption
11:20:39:1f:9e:e5:60:4d:11:18:b3:ce:1e:b5:96:af:77:17:
9f:1d:55:83:7c:f6:82:70:be:c7:7b:6b:df:25:7b:5d:1f:29:
94:8f:71:e4:2c:64:41:e9:2d:3a:ad:bc:e4:77:45:82:b7:5f:
8b:ac:2d:21:33:65:2b:e0:35:80:67:5d:0c:ac:bd:72:29:d7:
7b:ec:e5:f2:7a:ec:e7:9b:ec:3a:23:aa:70:f6:9e:33:c9:22:
76:dd:8f:d3:1a:df:de:31:3c:27:83:6c:e1:f7:d8:b8:f5:86:
bb:16:db:a1:b7:d2:95:a1:b1:60:90:3e:bf:a6:79:47:63:0a:
6c:50:05:74:93:29:c5:47:5a:6a:bf:bc:9f:91:2d:9f:41:41:
3b:f4:cf:e2:90:6f:01:69:8b:3b:3d:fb:59:25:48:de:52:9e:
3d:2b:e6:ff:1e:c6:7a:03:ef:c6:20:85:fe:e4:0a:7d:89:cf:
ab:95:e1:83:4f:ca:14:24:70:ea:6c:a7:e2:93:b9:16:96:75:
d5:40:03:5b:97:e8:68:97:96:65:bb:59:67:ce:ed:e2:99:ed:
43:b6:a2:15:22:70:5c:70:32:03:4e:f1:16:1f:27:80:04:37:
17:6b:20:a3:6f:43:1e:3f:77:fd:43:08:24:a0:e9:83:4b:bd:
f1:42:9a:dc
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDac5sBewUyCGunynVBWep7ue9I4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMTAwMThaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwMjkyMjViZmFmZDg1MjA0YjQ0NzUwZDc2OTBmOWFjYzFmM2FiZThjOGRh
YzU3YmQzZDViYmZjMTFiNGEyMmUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALQykvwUkmlgpLKeWCrCI36NtfG7XLie3FQpuwkfsEkiPF0L1vgFlGZPYHTT
FDhAQ0/E0A4xNinj3+8MvgDYEOH5WFG1XJNoXqpHDOMk5+KANDpfBFtYur2q8Z8+
13Likv5PNGfBRhFO1k6YnW/WKMQmbA+R+m1cfpCHvR7lnTDsaLIhWcmJibDoXtDA
Qsp/nnaJKSxstKFZ0YFEFtgLiq89/tBoVDZ5AE2l7EPMMfihu9e5eKi0wLELOrpj
VNhi94qT92P92yzOgioftT1tubRCUwB59iM/xWdqcXGzf7iV2PsHm45s3DBvLWag
OgCG3mWoIOs6eX3yFX/8CtwcTWECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTsuO9U
DdPm1AhOaCTtRve4fFcbpzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDJlZmExYTgtZjgwNC00N2M1LThhM2QtNmYzZWEwNWUxYTViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOkMA0G
CSqGSIb3DQEBCwUAA4IBAQARIDkfnuVgTREYs84etZavdxefHVWDfPaCcL7He2vf
JXtdHymUj3HkLGRB6S06rbzkd0WCt1+LrC0hM2Ur4DWAZ10MrL1yKdd77OXyeuzn
m+w6I6pw9p4zySJ23Y/TGt/eMTwng2zh99i49Ya7Ftuht9KVobFgkD6/pnlHYwps
UAV0kynFR1pqv7yfkS2fQUE79M/ikG8BaYs7PftZJUjeUp49K+b/HsZ6A+/GIIX+
5Ap9ic+rleGDT8oUJHDqbKfik7kWlnXVQANbl+hol5Zlu1lnzu3ime1DtqIVInBc
cDIDTvEWHyeABDcXayCjb0MeP3f9QwgkoOmDS73xQprc
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:33:18 2025 by rpki-client