Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa
File: 81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa (raw, json)
Hash identifier: YsQV/y3YZ9kD1VwfDicwKPkrtiGr5w+H+N17e8jDB5g=
Subject key identifier: 17:CC:B3:82:50:0D:F0:73:5F:B2:6E:02:AC:92:93:34:87:75:17:22
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3BB6B28E0AC41D8A3A54F396042A0FA724901BAA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa
Signing time: Sat 31 May 2025 00:50:23 +0000
ROA not before: Sat 31 May 2025 00:50:23 +0000
ROA not after: Sat 05 Jul 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:b6:b2:8e:0a:c4:1d:8a:3a:54:f3:96:04:2a:0f:a7:24:90:1b:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 31 00:50:23 2025 GMT
Not After : Jul 5 23:59:59 2025 GMT
Subject: serialNumber=40d06043475e5e45500d069c93170f91bee26a88b6fe4e2aa8d51af360e29e90, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:75:48:be:96:f4:51:dd:a2:99:63:87:bf:fb:
f4:0e:f8:22:b3:dc:77:b8:6e:c5:ef:08:4d:d1:ce:
fc:95:27:48:0d:df:68:e6:d8:a6:2c:e4:75:00:1b:
fc:af:4f:9d:6a:e8:0c:cf:44:83:d3:9f:1d:27:01:
f6:1d:3f:6a:4b:a6:b5:8f:23:23:ba:e9:5d:c8:21:
70:f4:69:73:23:61:97:b0:99:14:73:be:03:90:ad:
3b:30:c8:ec:a6:ae:18:2b:4b:3d:38:23:7b:04:e4:
9c:aa:b6:41:1f:0f:58:7b:cd:83:57:97:2a:de:a6:
5d:ae:77:52:25:24:12:b9:35:e8:b1:05:ef:64:79:
76:ee:0e:41:e4:f1:71:01:75:79:3b:aa:b2:95:1e:
2a:f2:33:58:29:fd:9e:5b:72:04:e3:b0:b7:88:57:
73:f2:dc:0c:f7:bd:c0:2a:9c:d9:d0:d8:72:27:bf:
03:cf:64:77:50:98:b0:a7:41:f1:22:f2:10:3a:26:
36:b5:b2:98:b2:86:f6:0b:f2:24:37:6a:23:bf:67:
05:fa:b5:de:82:fa:b4:66:aa:97:d0:82:a6:bc:35:
d2:ad:ad:38:52:d8:63:6c:ab:cd:62:0a:9e:86:78:
10:11:44:dd:eb:30:df:be:4b:39:c2:c5:5f:32:99:
c9:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:CC:B3:82:50:0D:F0:73:5F:B2:6E:02:AC:92:93:34:87:75:17:22
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578::/32
Signature Algorithm: sha256WithRSAEncryption
2a:03:3f:84:4f:01:75:81:a3:9a:43:0b:fa:3b:df:f4:88:08:
0c:b7:db:ba:13:b7:08:7c:d4:8a:ae:c9:db:ec:06:b0:4d:ee:
8f:e9:7d:67:5c:d3:b2:6d:e6:96:63:52:cd:8c:76:99:8d:30:
ef:5b:32:05:4b:09:78:ca:93:ea:5a:e2:de:52:11:65:73:be:
a0:e6:94:f6:68:78:59:7d:84:1e:10:0e:3e:fb:39:3c:02:9e:
84:c8:b1:7a:35:ce:fa:8a:77:9e:a0:47:7a:ee:2f:c6:4c:c1:
72:23:7f:34:0d:1d:d8:ea:7a:c0:d9:a7:21:28:c4:d2:64:cb:
6b:6e:a6:c6:0d:df:16:79:b8:e5:81:78:06:43:82:45:fd:06:
d5:c7:51:59:ba:82:64:6c:9c:52:6d:f4:85:c0:f9:dd:9c:33:
f6:f7:32:2e:fe:40:e5:20:48:d1:f4:5d:bb:7c:ce:4d:b8:7b:
96:ab:8e:ec:dc:92:2e:2a:5f:71:c2:4b:19:66:75:d5:a9:ee:
c8:4d:14:dc:0b:53:67:c1:44:21:d6:22:a4:60:b6:e5:50:08:
01:14:b4:03:0b:15:ec:45:23:fe:14:e5:fc:24:e9:41:74:23:
6d:1b:24:86:95:dc:43:e6:85:6c:7e:e5:ae:c8:96:c1:25:c4:
82:bc:6c:04
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUO7ayjgrEHYo6VPOWBCoPpySQG6owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MzEwMDUwMjNaFw0yNTA3MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwZDA2MDQzNDc1ZTVlNDU1MDBkMDY5YzkzMTcwZjkxYmVlMjZhODhiNmZl
NGUyYWE4ZDUxYWYzNjBlMjllOTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJN1SL6W9FHdopljh7/79A74IrPcd7huxe8ITdHO/JUnSA3faObYpizkdQAb
/K9PnWroDM9Eg9OfHScB9h0/akumtY8jI7rpXcghcPRpcyNhl7CZFHO+A5CtOzDI
7KauGCtLPTgjewTknKq2QR8PWHvNg1eXKt6mXa53UiUkErk16LEF72R5du4OQeTx
cQF1eTuqspUeKvIzWCn9nltyBOOwt4hXc/LcDPe9wCqc2dDYcie/A89kd1CYsKdB
8SLyEDomNrWymLKG9gvyJDdqI79nBfq13oL6tGaql9CCprw10q2tOFLYY2yrzWIK
noZ4EBFE3esw375LOcLFXzKZySkCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBQXzLOC
UA3wc1+ybgKskpM0h3UXIjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODFiZDI2NDktYWQ2MC00YzZhLWJkZjktN2I3NzVlM2QwNjBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoBBXgw
DQYJKoZIhvcNAQELBQADggEBACoDP4RPAXWBo5pDC/o73/SICAy327oTtwh81Iqu
ydvsBrBN7o/pfWdc07Jt5pZjUs2MdpmNMO9bMgVLCXjKk+pa4t5SEWVzvqDmlPZo
eFl9hB4QDj77OTwCnoTIsXo1zvqKd56gR3ruL8ZMwXIjfzQNHdjqesDZpyEoxNJk
y2tupsYN3xZ5uOWBeAZDgkX9BtXHUVm6gmRsnFJt9IXA+d2cM/b3Mi7+QOUgSNH0
Xbt8zk24e5arjuzcki4qX3HCSxlmddWp7shNFNwLU2fBRCHWIqRgtuVQCAEUtAML
FexFI/4U5fwk6UF0I20bJIaV3EPmhWx+5a7IlsElxIK8bAQ=
-----END CERTIFICATE-----
Generated at Sat Jun 14 06:04:14 2025 by rpki-client