Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
File: 42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa (raw, json)
Hash identifier: zqEDhRWZpqHFwAt3dQcOAm2bCS/7RmXJq5xTqonOgVE=
Subject key identifier: 8A:33:8B:D4:11:D5:E1:9E:ED:E7:34:4D:AB:15:17:04:FC:26:6E:2A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 255C8949728A5CD008F9E1146364C76A4F8AFA3B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
Signing time: Mon 14 Jul 2025 15:40:12 +0000
ROA not before: Mon 14 Jul 2025 15:40:12 +0000
ROA not after: Mon 18 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.24.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:5c:89:49:72:8a:5c:d0:08:f9:e1:14:63:64:c7:6a:4f:8a:fa:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 14 15:40:12 2025 GMT
Not After : Aug 18 23:59:59 2025 GMT
Subject: serialNumber=61506710da673168a9240344d19de3f4031f3efa7ab1f9ac3c85870b96bc832f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:c9:9d:79:8e:a7:c2:2c:79:f9:19:b3:e0:37:
af:da:b4:81:d7:8f:be:55:48:24:8e:5d:40:c8:7f:
2c:22:c1:f5:b9:ae:d7:a8:9c:cd:90:74:29:05:56:
f0:8f:44:21:ec:29:2d:a5:ab:ec:58:39:20:c3:8f:
14:bf:17:91:c6:06:32:98:f3:e7:41:ab:fe:7d:37:
b3:6c:b3:6c:59:b1:f4:85:96:f2:2c:86:67:19:44:
c5:ca:4e:40:d7:58:d4:ca:b9:ff:86:01:51:c6:3f:
fd:e1:9f:9c:12:4c:8c:cb:03:94:52:db:30:de:5f:
1d:3a:35:98:e9:e5:c7:2f:93:d5:77:78:4e:0d:38:
62:99:13:5c:da:61:4c:4a:33:30:ef:10:13:65:d4:
7a:72:b9:c9:09:02:f3:e3:4d:05:60:ee:89:10:c0:
bc:c2:3d:14:19:fb:66:ac:72:ba:9c:96:ee:88:56:
e0:8d:1c:b0:17:80:96:59:4c:fc:71:04:4e:a6:81:
15:1f:d4:e9:2b:c6:77:5a:82:eb:e7:ff:de:0c:ce:
a4:7e:e9:d6:0e:ce:4b:d6:e8:aa:4d:be:c6:ab:e2:
e4:cc:97:de:bd:ec:63:b8:65:bd:cc:b8:4e:42:a6:
73:15:cf:92:eb:1c:bb:3d:54:91:c5:a3:ac:1b:9b:
4a:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:33:8B:D4:11:D5:E1:9E:ED:E7:34:4D:AB:15:17:04:FC:26:6E:2A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.24.0.0/16
Signature Algorithm: sha256WithRSAEncryption
cc:36:f3:ef:4e:fe:6f:02:b2:c6:5e:1c:c9:27:39:fb:e0:f9:
f4:fc:45:e4:d1:63:48:eb:27:f7:88:44:d8:dd:3e:8f:e7:bb:
2c:89:5a:4f:ea:19:dd:22:46:5c:17:c9:0d:23:fd:a3:6f:98:
b9:a4:78:ff:a4:68:10:22:aa:d9:23:6e:d6:f5:f2:49:2e:30:
63:43:18:bc:4c:b9:3c:96:83:c7:95:75:c9:78:ce:b6:81:30:
13:37:bf:db:2a:cb:e8:ea:f6:51:b3:1d:56:c1:b8:e8:1c:a5:
5c:a5:3a:b8:9c:43:a0:e3:52:94:4c:91:73:0e:81:91:8b:cd:
4c:2b:be:f1:c2:49:97:31:2f:57:14:a4:14:7b:f0:a2:18:2c:
b7:c1:0f:9b:4d:71:46:0e:24:e2:a6:37:65:cf:ef:87:93:c1:
84:76:82:13:28:43:39:6f:de:d2:91:96:f3:fb:dc:ba:6d:ac:
43:77:83:32:f3:83:81:b6:cf:0d:49:56:b6:9d:6e:ad:e7:3e:
cb:e5:d2:2f:5f:e2:86:73:1a:88:51:51:02:ae:9d:4f:b9:72:
be:a1:cd:21:3c:9d:3b:4a:01:cf:8a:4e:c4:e0:0a:6c:73:9a:
73:53:88:21:ce:03:51:3b:a3:d5:64:5a:5a:9a:1b:db:1e:ba:
05:51:94:05
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUJVyJSXKKXNAI+eEUY2THak+K+jswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTQxNTQwMTJaFw0yNTA4MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDYxNTA2NzEwZGE2NzMxNjhhOTI0MDM0NGQxOWRlM2Y0MDMxZjNlZmE3YWIx
ZjlhYzNjODU4NzBiOTZiYzgzMmYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7JnXmOp8IsefkZs+A3r9q0gdePvlVIJI5dQMh/LCLB9bmu16iczZB0KQVW
8I9EIewpLaWr7Fg5IMOPFL8XkcYGMpjz50Gr/n03s2yzbFmx9IWW8iyGZxlExcpO
QNdY1Mq5/4YBUcY//eGfnBJMjMsDlFLbMN5fHTo1mOnlxy+T1Xd4Tg04YpkTXNph
TEozMO8QE2XUenK5yQkC8+NNBWDuiRDAvMI9FBn7ZqxyupyW7ohW4I0csBeAlllM
/HEETqaBFR/U6SvGd1qC6+f/3gzOpH7p1g7OS9boqk2+xqvi5MyX3r3sY7hlvcy4
TkKmcxXPkuscuz1UkcWjrBubSj0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSKM4vU
EdXhnu3nNE2rFRcE/CZuKjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDJmNDdjODUtZTlmZS00MGY5LWFlMWMtNTdlYTFiODA1NDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMYMA0G
CSqGSIb3DQEBCwUAA4IBAQDMNvPvTv5vArLGXhzJJzn74Pn0/EXk0WNI6yf3iETY
3T6P57ssiVpP6hndIkZcF8kNI/2jb5i5pHj/pGgQIqrZI27W9fJJLjBjQxi8TLk8
loPHlXXJeM62gTATN7/bKsvo6vZRsx1WwbjoHKVcpTq4nEOg41KUTJFzDoGRi81M
K77xwkmXMS9XFKQUe/CiGCy3wQ+bTXFGDiTipjdlz++Hk8GEdoITKEM5b97SkZbz
+9y6baxDd4My84OBts8NSVa2nW6t5z7L5dIvX+KGcxqIUVECrp1PuXK+oc0hPJ07
SgHPik7E4Apsc5pzU4ghzgNRO6PVZFpamhvbHroFUZQF
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:30:50 2025 by rpki-client