Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
File: 67568c6a-cd1a-4586-a397-580b374dbdb0.roa (raw, json)
Hash identifier: rlrV71kiuzUyteROGQ1zkvauq9gXUWnR1sxoWYDkCdI=
Subject key identifier: 8F:95:7D:7A:86:47:B5:49:3A:4B:99:38:E4:58:FD:FC:6A:F9:98:6C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2D60C7BCCA8C750527DE1BA044BF20E29EF065F1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
Signing time: Fri 11 Jul 2025 21:00:38 +0000
ROA not before: Fri 11 Jul 2025 21:00:38 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.60.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:60:c7:bc:ca:8c:75:05:27:de:1b:a0:44:bf:20:e2:9e:f0:65:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 21:00:38 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=fca4fbbd5d3da4311a1c7d4a14da21bad9ae8b37bb314fbdcdfb7f0a38e414da, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:1b:91:11:70:53:06:43:1e:a2:4b:fa:03:28:
70:12:de:c8:09:4a:db:43:dd:ee:be:80:fd:13:bf:
68:58:83:29:5c:5c:44:c4:1c:cb:5a:f3:b0:f6:c1:
74:68:03:f8:ef:0e:c8:e9:74:64:d7:7e:8a:33:30:
ba:6b:03:f0:34:a1:2c:45:9e:04:81:3b:0a:f6:5a:
a5:a2:98:05:49:26:58:21:99:1c:1d:5c:36:e9:0b:
1d:93:5a:8a:c2:cd:ae:e9:f9:1b:15:1d:37:21:7c:
3a:8a:4f:8a:59:e7:ef:4b:0f:4f:3b:a7:4f:9a:a0:
84:d6:d9:5e:6c:08:35:62:02:90:43:40:aa:ee:20:
b7:8a:db:fa:26:d9:a2:cd:a2:43:17:cf:0d:e3:c5:
9d:15:ed:99:94:0f:76:3d:71:43:a0:18:76:a4:7f:
a6:45:21:b9:77:01:d3:e5:3f:8b:1a:9f:4d:50:f9:
95:ee:f4:81:67:08:ce:ea:35:ba:92:70:b7:48:cf:
b3:72:59:e4:88:79:a7:ab:7d:a2:0e:72:0d:9f:01:
80:29:81:1e:cc:94:f2:74:ec:25:d2:b4:e9:27:89:
18:42:1e:3d:de:33:33:14:65:32:e4:6b:6a:fb:b3:
ba:4e:98:dd:bd:b5:6d:ef:57:b4:33:81:84:57:9b:
1b:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:95:7D:7A:86:47:B5:49:3A:4B:99:38:E4:58:FD:FC:6A:F9:98:6C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.60.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7a:6a:a1:c3:63:dd:41:b4:e7:eb:bf:77:91:f4:4a:b0:da:a2:
d0:c9:46:5a:05:0e:b7:98:de:fc:5d:01:6e:a9:4b:04:15:86:
43:11:64:59:78:83:7d:13:20:01:ee:cd:78:da:0a:e5:2a:5a:
17:5f:67:15:ab:b4:14:71:b1:f7:c2:c5:4a:f8:ca:9c:30:50:
47:38:80:3e:87:b9:68:77:a3:aa:14:dd:bb:76:6b:48:ad:69:
44:92:02:5e:cb:e3:48:29:90:c5:5b:e2:e4:95:4f:44:d9:56:
ff:7c:90:f2:92:46:be:16:4f:85:a1:c7:10:ef:c5:41:c2:ec:
5c:6f:ac:d0:dc:f2:dd:2e:a4:e1:7e:26:c5:a3:82:ba:f6:05:
73:3f:6a:26:6e:dd:73:1f:29:40:e3:ef:09:34:27:13:71:b1:
6a:68:26:11:cf:2c:a2:1b:04:67:32:1a:41:36:f7:18:f4:4a:
3e:1f:97:5e:65:19:4c:15:0b:1a:3d:73:3b:14:cb:17:7b:8d:
88:34:a7:d8:9d:6d:c3:0f:a0:b8:45:62:9f:33:0c:b6:9d:93:
14:b0:e5:85:24:5d:e8:64:d1:5a:41:ca:e1:a5:72:04:55:e0:
8e:83:5c:62:d6:30:79:8d:8e:f9:9b:f4:c9:68:be:b3:16:aa:
c9:18:b0:d3
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULWDHvMqMdQUn3hugRL8g4p7wZfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMTAwMzhaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZjYTRmYmJkNWQzZGE0MzExYTFjN2Q0YTE0ZGEyMWJhZDlhZThiMzdiYjMx
NGZiZGNkZmI3ZjBhMzhlNDE0ZGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALIbkRFwUwZDHqJL+gMocBLeyAlK20Pd7r6A/RO/aFiDKVxcRMQcy1rzsPbB
dGgD+O8OyOl0ZNd+ijMwumsD8DShLEWeBIE7CvZapaKYBUkmWCGZHB1cNukLHZNa
isLNrun5GxUdNyF8OopPilnn70sPTzunT5qghNbZXmwINWICkENAqu4gt4rb+ibZ
os2iQxfPDePFnRXtmZQPdj1xQ6AYdqR/pkUhuXcB0+U/ixqfTVD5le70gWcIzuo1
upJwt0jPs3JZ5Ih5p6t9og5yDZ8BgCmBHsyU8nTsJdK06SeJGEIePd4zMxRlMuRr
avuzuk6Y3b21be9XtDOBhFebG7UCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSPlX16
hke1STpLmTjkWP38avmYbDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc1NjhjNmEtY2QxYS00NTg2LWEzOTctNTgwYjM3NGRiZGIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQB6aqHDY91BtOfrv3eR9Eqw2qLQyUZaBQ63mN78XQFu
qUsEFYZDEWRZeIN9EyAB7s142grlKloXX2cVq7QUcbH3wsVK+MqcMFBHOIA+h7lo
d6OqFN27dmtIrWlEkgJey+NIKZDFW+LklU9E2Vb/fJDykka+Fk+FoccQ78VBwuxc
b6zQ3PLdLqThfibFo4K69gVzP2ombt1zHylA4+8JNCcTcbFqaCYRzyyiGwRnMhpB
NvcY9Eo+H5deZRlMFQsaPXM7FMsXe42INKfYnW3DD6C4RWKfMwy2nZMUsOWFJF3o
ZNFaQcrhpXIEVeCOg1xi1jB5jY75m/TJaL6zFqrJGLDT
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:19:24 2025 by rpki-client