Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
File: 67568c6a-cd1a-4586-a397-580b374dbdb0.roa (raw, json)
Hash identifier: KCf3ULsPAEP76dTteCyK1KajyV8womju0sAD0jcqHik=
Subject key identifier: B9:06:EF:2D:86:48:E5:61:86:C4:31:60:E2:BB:E8:65:55:75:B0:05
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 411447631FB16EADA9DEBAD1D9C2650B740C26FB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
Signing time: Tue 20 May 2025 20:50:02 +0000
ROA not before: Tue 20 May 2025 20:50:02 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.60.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:14:47:63:1f:b1:6e:ad:a9:de:ba:d1:d9:c2:65:0b:74:0c:26:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:50:02 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=9ec183b1007898fb47cc52d2df7901dc2ac429f757e01e1dfaead0a7ba8d28d4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:33:2b:04:cf:ec:09:70:98:3b:46:12:b1:3e:
46:7a:e5:d0:ef:3a:b6:1e:a5:a3:10:d6:23:5f:3a:
de:b3:dd:0a:7b:6d:ef:e3:69:a2:26:2b:27:1b:ab:
b0:b7:73:ec:53:ef:8f:ad:4f:74:e7:81:fd:97:28:
19:c0:41:da:21:30:b5:14:5c:74:79:7f:03:10:93:
24:62:91:28:6e:59:91:9c:df:03:22:20:ca:51:5f:
be:8d:d3:8a:b7:6f:c0:4f:5e:62:0b:38:fb:50:3d:
11:43:ed:48:3a:b4:ee:12:b6:cd:d2:4b:c4:e1:24:
5e:64:dd:b0:5a:3b:a5:a9:71:48:30:f3:97:ac:3e:
95:da:0b:01:61:a8:47:f1:c4:55:ec:16:6d:7d:4e:
ad:f9:6b:13:f7:e0:1b:fb:d3:5c:55:1f:27:c3:17:
43:23:40:e4:13:a0:0b:99:d1:c3:20:60:6b:1f:14:
fd:aa:69:14:7d:2b:10:52:6b:b9:20:8c:36:55:6a:
c6:d4:75:e7:24:50:85:6c:1f:ac:b1:ec:5b:50:20:
11:2c:1b:af:06:78:42:87:e6:8e:9a:11:9d:c1:af:
8c:50:54:dd:50:27:2a:cd:ac:ae:88:c0:21:4c:87:
52:38:4f:7b:af:69:65:91:db:dc:cf:1c:53:4d:77:
7c:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:06:EF:2D:86:48:E5:61:86:C4:31:60:E2:BB:E8:65:55:75:B0:05
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.60.0.0/16
Signature Algorithm: sha256WithRSAEncryption
86:46:31:a2:9c:e1:79:97:85:f2:df:7e:a9:49:ee:7d:a4:10:
73:5b:65:d7:0d:1b:40:33:62:13:40:29:a9:d7:a9:9a:07:76:
e1:66:01:cb:e3:d1:87:26:3d:88:18:e7:75:bd:9a:11:e3:9c:
3b:51:ef:d3:37:fa:74:a5:00:3b:0f:40:68:6d:15:ac:1f:40:
50:fe:2b:08:ff:a2:e6:84:b8:32:15:68:73:28:48:9d:a7:f9:
84:3d:3c:cf:de:4b:63:e0:2b:3a:97:44:1f:2f:b5:c6:80:05:
56:63:8e:85:27:da:67:00:66:22:2b:af:a6:3e:5c:52:da:8b:
bd:08:20:2d:a3:5a:ea:5b:6a:6e:dd:20:92:51:47:89:3f:e2:
db:8a:e6:77:85:9c:fc:c4:02:c0:f0:55:16:e5:ce:28:cb:a7:
6b:f9:f7:fa:0b:4c:e1:b2:05:6a:98:3e:61:74:fc:db:93:08:
a6:3f:67:08:58:79:79:af:fb:dc:c7:c4:1b:60:57:4a:fe:12:
1d:f3:4b:b6:6d:8a:7a:9a:1e:1e:c8:78:29:b5:a0:90:25:7d:
46:77:05:9e:3c:d6:13:90:f7:79:f1:cf:1e:6d:c5:c5:91:03:
d2:2b:bb:f0:e4:93:ab:a7:f3:62:60:ac:c1:9a:bc:e5:df:aa:
21:52:76:d1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUQRRHYx+xbq2p3rrR2cJlC3QMJvswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDUwMDJaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDllYzE4M2IxMDA3ODk4ZmI0N2NjNTJkMmRmNzkwMWRjMmFjNDI5Zjc1N2Uw
MWUxZGZhZWFkMGE3YmE4ZDI4ZDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4zKwTP7AlwmDtGErE+Rnrl0O86th6loxDWI1863rPdCntt7+NpoiYrJxur
sLdz7FPvj61PdOeB/ZcoGcBB2iEwtRRcdHl/AxCTJGKRKG5ZkZzfAyIgylFfvo3T
irdvwE9eYgs4+1A9EUPtSDq07hK2zdJLxOEkXmTdsFo7palxSDDzl6w+ldoLAWGo
R/HEVewWbX1OrflrE/fgG/vTXFUfJ8MXQyNA5BOgC5nRwyBgax8U/appFH0rEFJr
uSCMNlVqxtR15yRQhWwfrLHsW1AgESwbrwZ4QofmjpoRncGvjFBU3VAnKs2srojA
IUyHUjhPe69pZZHb3M8cU013fMMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS5Bu8t
hkjlYYbEMWDiu+hlVXWwBTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc1NjhjNmEtY2QxYS00NTg2LWEzOTctNTgwYjM3NGRiZGIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQCGRjGinOF5l4Xy336pSe59pBBzW2XXDRtAM2ITQCmp
16maB3bhZgHL49GHJj2IGOd1vZoR45w7Ue/TN/p0pQA7D0BobRWsH0BQ/isI/6Lm
hLgyFWhzKEidp/mEPTzP3ktj4Cs6l0QfL7XGgAVWY46FJ9pnAGYiK6+mPlxS2ou9
CCAto1rqW2pu3SCSUUeJP+LbiuZ3hZz8xALA8FUW5c4oy6dr+ff6C0zhsgVqmD5h
dPzbkwimP2cIWHl5r/vcx8QbYFdK/hId80u2bYp6mh4eyHgptaCQJX1GdwWePNYT
kPd58c8ebcXFkQPSK7vw5JOrp/NiYKzBmrzl36ohUnbR
-----END CERTIFICATE-----
Generated at Sat Jun 14 06:20:17 2025 by rpki-client