Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa
File: 4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa (raw, json)
Hash identifier: 9pHB7Hn9qlASHKuCcYJCmPmAnGMqKFQppKJ1erD1UAQ=
Subject key identifier: D5:1E:54:F6:8C:4B:A6:EB:5E:7C:11:83:12:9F:F8:72:82:98:8D:62
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2B68466A86612208148CC09F46969850444DA217
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa
Signing time: Fri 23 May 2025 00:50:08 +0000
ROA not before: Fri 23 May 2025 00:50:08 +0000
ROA not after: Fri 27 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.88.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:68:46:6a:86:61:22:08:14:8c:c0:9f:46:96:98:50:44:4d:a2:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 23 00:50:08 2025 GMT
Not After : Jun 27 23:59:59 2025 GMT
Subject: serialNumber=40115dc070d5dc64cc120517f4ac30fddb4bc22c1c4fdd371c45d7b8c608d84b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:6f:aa:ce:63:20:1f:26:23:3d:0c:fd:8b:0e:
4e:4e:e6:5b:c6:76:7a:ad:b1:fb:79:91:a3:a2:a7:
ab:25:37:4f:36:97:9f:2e:d5:d6:0c:5c:0d:6e:ca:
40:b0:99:85:34:5a:eb:6c:88:b5:49:70:df:2c:83:
02:b9:1a:3f:5a:7c:a9:84:2e:81:11:8b:fe:85:4c:
82:4a:fe:75:95:53:55:e5:92:35:99:9f:2e:6e:47:
82:39:f0:9c:f5:8f:b7:2b:90:fc:7f:a0:02:b1:5d:
08:16:d6:07:f0:a6:53:db:8b:2d:dd:2b:52:92:fb:
2e:5f:f7:e3:d6:79:38:55:dd:d1:62:a3:6e:52:82:
db:38:c6:7a:07:ed:2e:e0:ca:51:53:11:d9:ea:e6:
f7:32:77:5a:f2:bd:58:5f:25:72:d9:89:f5:97:a3:
97:19:6f:22:a7:0b:87:a0:1d:79:12:64:da:89:e7:
d2:d2:bd:6e:38:b8:49:b1:23:73:cb:4d:48:5c:77:
88:5b:e6:6d:88:3f:8e:28:84:8c:91:d2:3c:29:2c:
79:71:13:31:f5:1f:de:36:7b:9f:e3:a4:16:95:b0:
ab:cc:6c:a1:e6:97:c3:29:17:8f:0e:ea:cd:5c:cc:
38:ee:56:52:d2:f7:af:65:c1:bc:9e:52:b9:76:6d:
cc:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:1E:54:F6:8C:4B:A6:EB:5E:7C:11:83:12:9F:F8:72:82:98:8D:62
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4f9d3c39-ae76-4f22-9df9-c6501acbcc84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.88.0/21
Signature Algorithm: sha256WithRSAEncryption
29:48:5c:8c:a4:59:18:94:58:a1:96:4e:f3:1d:f3:c6:c6:93:
41:22:9a:28:75:86:38:e3:2b:a2:44:46:9f:fb:8e:88:8f:16:
23:a9:1b:8a:7c:3d:4c:df:11:1d:34:ad:c4:a2:63:e6:92:49:
0e:fe:06:25:74:8a:22:dc:b6:34:66:c7:2d:03:97:19:9d:bb:
02:e9:0c:44:ae:a8:f5:38:d9:6f:61:b8:13:98:1d:c6:d2:ba:
61:8e:1b:71:1a:2e:a7:c2:cf:4d:0f:ea:a2:25:7d:62:85:0f:
5d:46:cf:72:db:9d:ce:63:83:a5:20:53:39:db:eb:d0:ef:1a:
e6:da:d4:36:ab:6d:e3:80:d9:2a:be:cc:f0:53:9d:f9:bf:ae:
6c:0b:a8:e8:75:a2:30:5c:9f:b6:22:75:5d:4a:4f:11:3e:87:
60:72:b7:61:fb:17:48:6a:df:1b:bf:16:6b:38:27:ef:20:b3:
56:a9:96:92:d3:4d:41:ec:70:a7:e7:d6:d7:02:04:d7:f3:1d:
83:3d:c0:57:9a:cd:40:a9:ab:3e:85:39:40:7e:4f:2a:f4:44:
5c:90:65:5d:2f:0a:95:7c:43:8d:a9:5f:37:bd:7c:f9:79:ab:
31:53:90:c4:cd:b3:31:ac:f0:1d:d7:87:36:37:af:62:7b:18:
7b:dd:15:49
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUK2hGaoZhIggUjMCfRpaYUERNohcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjMwMDUwMDhaFw0yNTA2MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwMTE1ZGMwNzBkNWRjNjRjYzEyMDUxN2Y0YWMzMGZkZGI0YmMyMmMxYzRm
ZGQzNzFjNDVkN2I4YzYwOGQ4NGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMVvqs5jIB8mIz0M/YsOTk7mW8Z2eq2x+3mRo6KnqyU3TzaXny7V1gxcDW7K
QLCZhTRa62yItUlw3yyDArkaP1p8qYQugRGL/oVMgkr+dZVTVeWSNZmfLm5Hgjnw
nPWPtyuQ/H+gArFdCBbWB/CmU9uLLd0rUpL7Ll/349Z5OFXd0WKjblKC2zjGegft
LuDKUVMR2erm9zJ3WvK9WF8lctmJ9ZejlxlvIqcLh6AdeRJk2onn0tK9bji4SbEj
c8tNSFx3iFvmbYg/jiiEjJHSPCkseXETMfUf3jZ7n+OkFpWwq8xsoeaXwykXjw7q
zVzMOO5WUtL3r2XBvJ5SuXZtzD8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTVHlT2
jEum6158EYMSn/hygpiNYjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGY5ZDNjMzktYWU3Ni00ZjIyLTlkZjktYzY1MDFhY2JjYzg0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAWDAN
BgkqhkiG9w0BAQsFAAOCAQEAKUhcjKRZGJRYoZZO8x3zxsaTQSKaKHWGOOMrokRG
n/uOiI8WI6kbinw9TN8RHTStxKJj5pJJDv4GJXSKIty2NGbHLQOXGZ27AukMRK6o
9TjZb2G4E5gdxtK6YY4bcRoup8LPTQ/qoiV9YoUPXUbPctudzmODpSBTOdvr0O8a
5trUNqtt44DZKr7M8FOd+b+ubAuo6HWiMFyftiJ1XUpPET6HYHK3YfsXSGrfG78W
azgn7yCzVqmWktNNQexwp+fW1wIE1/Mdgz3AV5rNQKmrPoU5QH5PKvREXJBlXS8K
lXxDjalfN718+XmrMVOQxM2zMazwHdeHNjevYnsYe90VSQ==
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:44:35 2025 by rpki-client