Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
File: 57870f13-82ea-4955-953f-742413b6a651.roa (raw, json)
Hash identifier: Sz1PrIo4UolmG9BhBXJ2BHA1HTN8H8Jkk80Tx/FF3ME=
Subject key identifier: 8B:8D:98:E0:1D:B3:12:5C:9A:E0:0E:AA:75:88:19:85:31:A3:C8:CA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4A4B8B6171F59566AE9B8567E738D3B688B6924F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
Signing time: Fri 23 May 2025 00:50:07 +0000
ROA not before: Fri 23 May 2025 00:50:07 +0000
ROA not after: Fri 27 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:4b:8b:61:71:f5:95:66:ae:9b:85:67:e7:38:d3:b6:88:b6:92:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 23 00:50:07 2025 GMT
Not After : Jun 27 23:59:59 2025 GMT
Subject: serialNumber=658a8ad921ef51eee37d1ec4469b9cbdde34875bc480aefd822fa541e16d52fc, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:3f:83:f6:7d:d7:a7:dd:17:ff:56:96:3d:f8:
f5:5a:57:01:2e:df:69:ea:76:f3:83:ab:64:d4:09:
aa:16:8e:40:60:c2:c6:0f:8e:fb:86:ab:a6:10:24:
ce:12:10:59:bb:7a:c5:47:6d:03:a3:4d:2b:aa:db:
b6:d9:6f:68:94:09:02:dd:ac:9c:fa:7b:7e:a0:fc:
85:63:a9:76:b1:a8:ac:10:44:5f:a1:6f:68:aa:9a:
e0:02:20:17:8f:dd:8c:b4:76:75:ab:54:d6:d2:31:
51:89:f0:d5:10:8f:ac:d8:f4:60:2d:f0:0a:61:93:
9e:5b:2d:24:5b:0f:05:1f:0c:8a:5f:df:46:63:8c:
a9:57:29:1b:90:09:0e:ba:e2:d8:e2:15:fc:74:37:
ca:f0:41:43:2c:7e:a8:c4:3e:89:fb:90:db:52:2c:
9f:1b:7b:a8:59:17:2a:2f:47:e9:e5:16:44:eb:73:
72:9e:5f:07:cc:40:f0:2b:73:79:75:2d:21:b2:4d:
00:e1:3e:b9:58:57:59:38:8e:4a:fb:6e:7a:b9:77:
41:8f:ec:5b:c7:9b:33:e0:73:32:c1:cb:1e:69:02:
95:4a:09:93:20:3b:7c:46:2b:30:cc:b0:6e:fa:fa:
b5:e3:b3:44:f3:a1:c0:54:34:2f:88:8e:54:15:70:
d4:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:8D:98:E0:1D:B3:12:5C:9A:E0:0E:AA:75:88:19:85:31:A3:C8:CA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578::/48
Signature Algorithm: sha256WithRSAEncryption
18:16:4e:1c:cc:9a:75:78:9e:4a:88:73:6b:b2:83:d0:fb:3d:
57:2f:19:ea:24:c2:16:79:e8:e1:cb:3f:fe:9e:9b:39:d0:2c:
01:86:99:dc:32:87:d6:1b:d9:d7:b1:80:31:76:e3:57:b6:43:
0b:8f:c0:01:eb:7a:4e:12:50:a2:d4:a6:16:57:e7:4e:9e:25:
fc:d1:e0:7c:ff:57:af:13:ec:a2:f7:01:d3:77:de:50:a0:ee:
63:fc:65:10:0a:70:97:64:a8:c9:e4:2f:68:d6:92:57:00:e5:
9f:1b:43:94:66:1a:52:54:88:e7:6b:d4:0a:cc:6f:9f:08:3e:
db:9b:c9:8c:bb:7b:2a:0f:70:92:fe:27:75:85:30:09:c2:d7:
27:de:27:f7:f5:d4:0b:fa:08:b1:fc:41:22:4d:c2:53:3f:f1:
ce:13:33:48:28:86:74:77:b2:62:36:8c:d5:ed:c4:61:91:03:
fa:01:a5:69:43:4c:7f:cd:e6:45:f6:47:9c:bc:85:06:17:01:
14:22:8f:25:33:8e:ff:b1:51:4a:c3:30:07:b6:4b:ba:5d:d8:
af:32:ef:55:ee:f7:8c:04:9a:34:cc:e1:b7:0d:b6:0d:e7:ea:
cc:4b:93:d3:0f:57:aa:5e:c1:7a:32:13:b1:aa:71:6b:d1:e3:
54:50:cb:93
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUSkuLYXH1lWaum4Vn5zjTtoi2kk8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjMwMDUwMDdaFw0yNTA2MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1OGE4YWQ5MjFlZjUxZWVlMzdkMWVjNDQ2OWI5Y2JkZGUzNDg3NWJjNDgw
YWVmZDgyMmZhNTQxZTE2ZDUyZmMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4/g/Z916fdF/9Wlj349VpXAS7faep284OrZNQJqhaOQGDCxg+O+4arphAk
zhIQWbt6xUdtA6NNK6rbttlvaJQJAt2snPp7fqD8hWOpdrGorBBEX6FvaKqa4AIg
F4/djLR2datU1tIxUYnw1RCPrNj0YC3wCmGTnlstJFsPBR8Mil/fRmOMqVcpG5AJ
Drri2OIV/HQ3yvBBQyx+qMQ+ifuQ21Isnxt7qFkXKi9H6eUWROtzcp5fB8xA8Ctz
eXUtIbJNAOE+uVhXWTiOSvtuerl3QY/sW8ebM+BzMsHLHmkClUoJkyA7fEYrMMyw
bvr6teOzRPOhwFQ0L4iOVBVw1KsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSLjZjg
HbMSXJrgDqp1iBmFMaPIyjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTc4NzBmMTMtODJlYS00OTU1LTk1M2YtNzQyNDEzYjZhNjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
ADANBgkqhkiG9w0BAQsFAAOCAQEAGBZOHMyadXieSohza7KD0Ps9Vy8Z6iTCFnno
4cs//p6bOdAsAYaZ3DKH1hvZ17GAMXbjV7ZDC4/AAet6ThJQotSmFlfnTp4l/NHg
fP9XrxPsovcB03feUKDuY/xlEApwl2SoyeQvaNaSVwDlnxtDlGYaUlSI52vUCsxv
nwg+25vJjLt7Kg9wkv4ndYUwCcLXJ94n9/XUC/oIsfxBIk3CUz/xzhMzSCiGdHey
YjaM1e3EYZED+gGlaUNMf83mRfZHnLyFBhcBFCKPJTOO/7FRSsMwB7ZLul3YrzLv
Ve73jASaNMzhtw22DefqzEuT0w9Xql7BejITsapxa9HjVFDLkw==
-----END CERTIFICATE-----
Generated at Sat Jun 14 06:20:18 2025 by rpki-client