Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
File: 69988e45-d4fb-4896-be53-951c20d12c48.roa (raw, json)
Hash identifier: vs66co3qTAk8J1Uj5dNNLQG0fkX2pXsCtYboyoRWHhI=
Subject key identifier: B8:83:38:AB:A0:25:03:B4:F4:4C:61:88:0A:1C:7C:F7:7F:EF:98:5B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 07A20A8F738C292A04294CCAE903CA6AFDB02EC1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
Signing time: Fri 25 Apr 2025 20:31:32 +0000
ROA not before: Fri 25 Apr 2025 20:31:32 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a11:47c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:a2:0a:8f:73:8c:29:2a:04:29:4c:ca:e9:03:ca:6a:fd:b0:2e:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 25 20:31:32 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=0373b36570a6d0897cf6523ae196cb7cf687fc06671042a5a2efa16c4bfa14d6, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:64:d5:f2:81:1d:58:6b:42:d9:a2:47:ac:5b:
d2:57:e4:e4:fe:a8:5a:df:f3:62:a2:00:09:59:14:
09:1b:7a:66:be:28:d5:e0:d0:86:b1:f5:0b:59:15:
a7:bb:b8:b6:f5:a9:eb:12:e9:6e:df:80:92:29:ea:
da:d3:4d:1f:57:c3:6a:52:4a:8a:db:b7:1a:4f:a9:
48:7e:1c:b3:af:1e:bd:53:93:1c:61:6e:55:46:bc:
6c:83:be:d7:03:b3:0b:07:aa:f9:1c:59:33:4f:23:
79:10:5d:82:7e:3c:86:f7:5d:9f:fa:9e:74:87:14:
ba:05:72:03:05:d5:f8:57:7e:83:fa:ad:85:74:07:
d7:50:13:fc:7f:a6:c5:c9:97:bf:18:5a:e3:db:3b:
f6:c6:d2:db:dc:c0:9e:d9:83:b7:d9:46:e4:06:ea:
8d:85:9d:a8:a0:6d:86:ea:49:28:1f:17:cb:a4:56:
30:3a:a1:10:8d:8e:61:ef:6e:0f:a9:c0:91:5b:f8:
d9:61:86:0a:b0:4f:48:fc:5d:63:64:80:8e:44:54:
44:87:68:cb:50:70:2c:1f:14:fe:5e:e4:59:4c:e9:
f4:c5:da:94:94:33:b7:9b:29:35:fb:3f:08:2d:24:
8a:b4:67:c2:8c:60:d1:56:d2:06:b0:99:ca:61:1c:
46:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:83:38:AB:A0:25:03:B4:F4:4C:61:88:0A:1C:7C:F7:7F:EF:98:5B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:47c0::/29
Signature Algorithm: sha256WithRSAEncryption
8e:37:a5:2e:c6:2c:e8:3d:98:0d:bc:44:24:94:ad:3e:7f:f1:
bd:9f:37:b0:b9:c0:71:82:44:e6:b0:3a:12:c7:66:4d:18:69:
32:54:95:44:bd:15:7f:5e:08:6e:83:ae:f2:42:83:74:82:c1:
01:86:f4:f4:c4:8f:14:b7:01:43:be:e5:22:26:80:30:9b:1c:
51:7f:b2:ee:f0:06:08:69:24:e9:5b:97:5f:b6:1b:76:83:cf:
70:41:6e:1e:bb:fd:d4:2a:8f:01:96:d7:3f:4a:55:90:81:53:
3e:19:b3:66:2b:ab:27:8b:c9:9d:8c:d3:08:44:6b:31:f4:0f:
f3:52:5f:d8:20:a1:1d:f3:3b:c8:53:00:8c:3f:cc:0d:c4:e6:
18:f8:e0:bc:a6:44:9f:61:15:57:e9:6f:00:8b:f4:77:d2:61:
0e:dd:09:a5:26:7d:57:ea:8b:80:74:b5:c1:e3:e8:1a:eb:c5:
33:85:20:08:b0:97:a6:e5:2c:8a:d4:37:1c:8e:a2:89:ea:e7:
9e:2e:1b:6c:27:5e:97:85:7f:45:92:88:a2:db:5f:c5:92:71:
8f:a7:b9:4e:73:72:ec:03:d5:ed:4e:39:98:1f:c6:b0:6d:b1:
3a:bb:dd:29:47:3d:de:36:05:c0:e6:6b:5f:a3:f9:39:80:62:
58:d1:b1:47
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUB6IKj3OMKSoEKUzK6QPKav2wLsEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjUyMDMxMzJaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDAzNzNiMzY1NzBhNmQwODk3Y2Y2NTIzYWUxOTZjYjdjZjY4N2ZjMDY2NzEw
NDJhNWEyZWZhMTZjNGJmYTE0ZDYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ1k1fKBHVhrQtmiR6xb0lfk5P6oWt/zYqIACVkUCRt6Zr4o1eDQhrH1C1kV
p7u4tvWp6xLpbt+Akinq2tNNH1fDalJKitu3Gk+pSH4cs68evVOTHGFuVUa8bIO+
1wOzCweq+RxZM08jeRBdgn48hvddn/qedIcUugVyAwXV+Fd+g/qthXQH11AT/H+m
xcmXvxha49s79sbS29zAntmDt9lG5AbqjYWdqKBthupJKB8Xy6RWMDqhEI2OYe9u
D6nAkVv42WGGCrBPSPxdY2SAjkRURIdoy1BwLB8U/l7kWUzp9MXalJQzt5spNfs/
CC0kirRnwoxg0VbSBrCZymEcRhECAwEAAaOCAiIwggIeMB0GA1UdDgQWBBS4gzir
oCUDtPRMYYgKHHz3f++YWzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njk5ODhlNDUtZDRmYi00ODk2LWJlNTMtOTUxYzIwZDEyYzQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoRR8Aw
DQYJKoZIhvcNAQELBQADggEBAI43pS7GLOg9mA28RCSUrT5/8b2fN7C5wHGCROaw
OhLHZk0YaTJUlUS9FX9eCG6DrvJCg3SCwQGG9PTEjxS3AUO+5SImgDCbHFF/su7w
BghpJOlbl1+2G3aDz3BBbh67/dQqjwGW1z9KVZCBUz4Zs2YrqyeLyZ2M0whEazH0
D/NSX9ggoR3zO8hTAIw/zA3E5hj44LymRJ9hFVfpbwCL9HfSYQ7dCaUmfVfqi4B0
tcHj6BrrxTOFIAiwl6blLIrUNxyOoonq554uG2wnXpeFf0WSiKLbX8WScY+nuU5z
cuwD1e1OOZgfxrBtsTq73SlHPd42BcDma1+j+TmAYljRsUc=
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:44:12 2025 by rpki-client