Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4911793e-4031-4d2f-be54-a38fc617b3c5.roa
File: 4911793e-4031-4d2f-be54-a38fc617b3c5.roa (raw, json)
Hash identifier: w84FGD7vYX0bd5xNQMf6dp/qYGn39nLpyjoMTAr3U6I=
Subject key identifier: 81:F0:6E:12:5E:3A:A2:D2:4A:1E:0D:B8:56:80:A2:7F:2E:33:8B:49
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 892B9EECBF9C3A1C90E0B57A4D198B91121655
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4911793e-4031-4d2f-be54-a38fc617b3c5.roa
Signing time: Tue 20 May 2025 20:41:33 +0000
ROA not before: Tue 20 May 2025 20:41:33 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.114.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
89:2b:9e:ec:bf:9c:3a:1c:90:e0:b5:7a:4d:19:8b:91:12:16:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:41:33 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=f059b4088a5314bd61f76fbcbafff9263eb7ad1dd6795ef259c9f142f109a79b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:0f:20:17:57:64:cd:90:09:29:00:6d:04:84:
22:6d:27:67:14:93:98:69:e5:aa:7c:83:9f:94:17:
47:a9:7b:e3:de:65:c0:89:25:85:b2:ed:38:80:87:
f0:68:a5:cb:8e:3e:20:22:c3:e3:23:92:17:83:58:
71:11:45:85:fc:3d:f1:0b:05:75:67:a7:81:10:5c:
92:a8:c5:da:21:1b:1b:4f:79:0d:99:2f:5c:18:4e:
fc:9e:c1:eb:cb:a5:87:0e:eb:ae:e2:4e:62:35:f1:
80:d0:03:99:a2:1e:1e:dd:67:33:1d:dc:04:fd:dd:
62:86:90:67:a3:e0:73:d4:8e:d8:f4:43:81:f0:ba:
1f:95:e8:32:07:4d:09:c2:61:4b:f9:46:2e:64:97:
29:c7:02:fc:bf:5e:dc:15:ad:62:af:dd:75:d2:c1:
de:8c:8c:c3:bb:62:d2:9d:e7:ac:71:7d:16:84:df:
e3:e5:3b:f0:69:a3:41:31:88:90:bf:9a:36:2e:84:
0a:06:5a:12:69:af:01:8d:d1:71:c3:7e:d5:d8:ae:
9f:58:d8:0a:53:46:ed:3d:66:eb:39:fd:9d:aa:eb:
7e:dc:7a:f2:0d:95:b8:b5:b1:a0:22:33:6a:53:6d:
01:59:99:1b:6a:81:16:1e:a5:4d:c6:2d:74:9d:1b:
db:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:F0:6E:12:5E:3A:A2:D2:4A:1E:0D:B8:56:80:A2:7F:2E:33:8B:49
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4911793e-4031-4d2f-be54-a38fc617b3c5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.114.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9e:33:2d:fb:e8:5b:99:74:d5:e5:b7:76:3b:45:7c:1d:12:23:
bc:68:bd:06:b5:3b:a2:4c:8c:25:e3:b6:77:f1:e8:d1:4a:a5:
35:d7:b4:95:fb:ae:fc:54:fd:bd:cc:b0:70:a1:ef:9c:6a:14:
2a:05:33:1e:dc:33:8e:7a:cd:e2:61:77:6e:b5:46:f3:95:44:
63:22:8b:ba:c2:6b:b6:59:28:ff:b1:2d:36:ac:f0:92:9b:47:
12:b4:dc:85:c0:bb:68:1a:91:65:09:31:ce:ee:14:b9:3e:ec:
55:8f:fb:c3:ee:f6:6c:04:25:0a:37:24:00:9f:ad:6d:a1:bf:
a0:51:0b:94:9a:6b:78:57:ce:60:c1:15:9f:82:8b:1f:45:b4:
4d:f9:e2:e5:21:e6:fc:de:40:2d:69:9e:52:20:1d:94:7d:b3:
ec:b0:91:ed:fc:7d:67:39:92:d2:1e:b6:64:d9:30:2a:bc:f1:
cc:c4:bb:f4:97:5c:bf:ee:95:17:49:73:1b:52:18:8f:dd:69:
65:f4:bc:4b:ec:63:b8:77:81:48:47:2d:28:59:d7:4d:85:ff:
48:40:1d:f9:35:6c:0f:d9:e6:31:31:ae:14:aa:f7:46:b7:bb:
5d:cd:f3:07:2c:42:47:f2:fe:8a:a9:ab:3e:ba:5d:b4:67:17:
df:39:03:e7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUAIkrnuy/nDockOC1ek0Zi5ESFlUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDQxMzNaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGYwNTliNDA4OGE1MzE0YmQ2MWY3NmZiY2JhZmZmOTI2M2ViN2FkMWRkNjc5
NWVmMjU5YzlmMTQyZjEwOWE3OWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALwPIBdXZM2QCSkAbQSEIm0nZxSTmGnlqnyDn5QXR6l7495lwIklhbLtOICH
8Gily44+ICLD4yOSF4NYcRFFhfw98QsFdWengRBckqjF2iEbG095DZkvXBhO/J7B
68ulhw7rruJOYjXxgNADmaIeHt1nMx3cBP3dYoaQZ6Pgc9SO2PRDgfC6H5XoMgdN
CcJhS/lGLmSXKccC/L9e3BWtYq/dddLB3oyMw7ti0p3nrHF9FoTf4+U78GmjQTGI
kL+aNi6ECgZaEmmvAY3RccN+1diun1jYClNG7T1m6zn9narrftx68g2VuLWxoCIz
alNtAVmZG2qBFh6lTcYtdJ0b2wECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSB8G4S
Xjqi0koeDbhWgKJ/LjOLSTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDkxMTc5M2UtNDAzMS00ZDJmLWJlNTQtYTM4ZmM2MTdiM2M1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNyMA0G
CSqGSIb3DQEBCwUAA4IBAQCeMy376FuZdNXlt3Y7RXwdEiO8aL0GtTuiTIwl47Z3
8ejRSqU117SV+678VP29zLBwoe+cahQqBTMe3DOOes3iYXdutUbzlURjIou6wmu2
WSj/sS02rPCSm0cStNyFwLtoGpFlCTHO7hS5PuxVj/vD7vZsBCUKNyQAn61tob+g
UQuUmmt4V85gwRWfgosfRbRN+eLlIeb83kAtaZ5SIB2UfbPssJHt/H1nOZLSHrZk
2TAqvPHMxLv0l1y/7pUXSXMbUhiP3Wll9LxL7GO4d4FIRy0oWddNhf9IQB35NWwP
2eYxMa4UqvdGt7tdzfMHLEJH8v6Kqas+ul20ZxffOQPn
-----END CERTIFICATE-----
Generated at Sat Jun 14 06:04:18 2025 by rpki-client