Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
File: 795bae65-e494-4497-8c64-6c78c5a4b388.roa (raw, json)
Hash identifier: QexXhe5XPaYUkZiy9QDnEy5j0rq4644f/2jRv7Q/Gks=
Subject key identifier: 38:E5:C9:5E:D9:85:B8:6F:0F:65:D5:89:21:DE:8B:AA:85:71:3C:A9
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 120B88DF46F25E0C55ED7BB2AD33A4AAC9FAED2C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
Signing time: Mon 14 Jul 2025 15:30:42 +0000
ROA not before: Mon 14 Jul 2025 15:30:42 +0000
ROA not after: Mon 18 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.104.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:0b:88:df:46:f2:5e:0c:55:ed:7b:b2:ad:33:a4:aa:c9:fa:ed:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 14 15:30:42 2025 GMT
Not After : Aug 18 23:59:59 2025 GMT
Subject: serialNumber=bb2ba1a4de58e2098c12b06a0db1d2253d61b22ad6cba89650089564c9608660, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:24:7b:c7:53:f6:76:e2:4d:7e:aa:fa:c0:88:
fa:fc:67:3f:17:e6:7c:38:27:5d:34:f9:6a:f5:8b:
64:5e:b4:22:aa:03:6a:56:d8:31:a5:f3:a6:d0:a0:
a8:25:40:7c:1e:e0:3b:56:14:3b:22:30:6e:ba:a4:
48:10:47:c0:65:f5:71:23:3c:0b:f2:a4:dc:89:58:
f4:13:18:e5:00:ee:27:f2:16:48:70:e3:e3:a8:59:
6a:eb:25:81:b1:69:1b:db:ce:21:6f:38:96:6e:19:
ab:ae:85:54:c3:69:61:91:1d:a8:ee:0f:29:05:9f:
ee:38:39:a8:ba:73:c8:ea:a8:7b:23:19:90:3c:29:
77:6c:33:8e:d1:2e:a3:c4:df:b9:9c:1b:d7:f5:d9:
8d:6d:08:7f:3c:1d:1a:2a:56:a8:10:d9:03:17:8a:
ac:9d:5c:c1:47:c2:ef:6a:dd:5d:3d:7c:4a:29:f0:
fb:ff:25:48:01:7d:08:d6:d1:ee:ad:85:2a:b8:0a:
a4:93:c8:a5:59:88:36:42:a6:a2:01:ec:5b:48:fc:
42:41:e2:a0:01:3c:2d:ae:16:1a:fb:99:d7:68:bb:
ce:bc:6a:9c:71:ec:0d:53:5a:0c:49:b7:19:32:11:
6c:2e:76:ff:e6:09:00:22:da:b6:bb:58:b0:f4:fa:
ab:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:E5:C9:5E:D9:85:B8:6F:0F:65:D5:89:21:DE:8B:AA:85:71:3C:A9
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.104.0/21
Signature Algorithm: sha256WithRSAEncryption
cb:38:7e:d7:c9:d5:09:be:35:28:90:bf:b1:78:8a:48:d8:f9:
56:63:a5:1f:47:f4:8a:b6:05:db:9e:5c:a1:dd:e8:20:05:7c:
66:ee:17:f7:cc:60:90:60:12:92:61:40:cf:1a:a9:5f:6a:72:
38:3e:32:79:3b:39:7f:3f:87:b7:44:17:ea:93:b1:bb:89:2d:
d4:4a:8a:f2:3b:32:d2:bb:ad:6b:5a:03:6c:a1:28:9d:4d:7e:
38:93:da:cb:75:e2:d9:9d:0c:16:d4:10:a4:a3:fa:6d:bf:49:
c4:72:ad:b4:08:62:00:79:0a:e5:77:ab:f4:a7:b0:c5:d2:69:
25:65:c5:e7:0f:03:78:84:f9:6b:1a:2c:0a:5e:a2:8e:f1:7d:
fd:81:7b:7a:07:c2:5d:35:05:4f:e9:92:8a:98:b2:80:48:45:
88:66:66:04:3f:b2:3c:0f:a8:32:7c:99:7c:9d:4a:42:a3:cd:
4a:f2:77:e1:f1:20:6e:76:46:cd:69:85:a6:8f:a3:ef:6a:57:
11:74:e5:e1:6c:3c:57:40:35:c4:89:c0:47:cb:63:4e:01:7d:
f1:f9:f5:48:fa:61:62:c1:3d:8b:73:12:e8:2d:f3:fe:9c:c2:
aa:ae:ed:c3:4b:02:f7:1c:a1:f3:8f:9b:b2:84:c5:9f:2d:55:
54:5b:f0:41
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUEguI30byXgxV7XuyrTOkqsn67SwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTQxNTMwNDJaFw0yNTA4MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQGJiMmJhMWE0ZGU1OGUyMDk4YzEyYjA2YTBkYjFkMjI1M2Q2MWIyMmFkNmNi
YTg5NjUwMDg5NTY0Yzk2MDg2NjAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANoke8dT9nbiTX6q+sCI+vxnPxfmfDgnXTT5avWLZF60IqoDalbYMaXzptCg
qCVAfB7gO1YUOyIwbrqkSBBHwGX1cSM8C/Kk3IlY9BMY5QDuJ/IWSHDj46hZausl
gbFpG9vOIW84lm4Zq66FVMNpYZEdqO4PKQWf7jg5qLpzyOqoeyMZkDwpd2wzjtEu
o8TfuZwb1/XZjW0IfzwdGipWqBDZAxeKrJ1cwUfC72rdXT18Sinw+/8lSAF9CNbR
7q2FKrgKpJPIpVmINkKmogHsW0j8QkHioAE8La4WGvuZ12i7zrxqnHHsDVNaDEm3
GTIRbC52/+YJACLatrtYsPT6q0UCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ45cle
2YW4bw9l1Ykh3ouqhXE8qTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Nzk1YmFlNjUtZTQ5NC00NDk3LThjNjQtNmM3OGM1YTRiMzg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAaDAN
BgkqhkiG9w0BAQsFAAOCAQEAyzh+18nVCb41KJC/sXiKSNj5VmOlH0f0irYF255c
od3oIAV8Zu4X98xgkGASkmFAzxqpX2pyOD4yeTs5fz+Ht0QX6pOxu4kt1EqK8jsy
0ruta1oDbKEonU1+OJPay3Xi2Z0MFtQQpKP6bb9JxHKttAhiAHkK5Xer9KewxdJp
JWXF5w8DeIT5axosCl6ijvF9/YF7egfCXTUFT+mSipiygEhFiGZmBD+yPA+oMnyZ
fJ1KQqPNSvJ34fEgbnZGzWmFpo+j72pXEXTl4Ww8V0A1xInAR8tjTgF98fn1SPph
YsE9i3MS6C3z/pzCqq7tw0sC9xyh84+bsoTFny1VVFvwQQ==
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:15:25 2025 by rpki-client