Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
File: 94c2a36e-245b-439a-bf61-04132c5df5a4.roa (raw, json)
Hash identifier: T42Bvp7TB24oG39uranDP8VXfYZFetWdis4QHz7itQ0=
Subject key identifier: DA:C1:5E:C3:F3:71:8F:43:CE:C6:CA:6C:28:73:96:92:7B:F2:C5:C5
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 114023D93EFA3146CAFEB6C0F96C55AAD552EFE8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
Signing time: Fri 11 Jul 2025 21:01:16 +0000
ROA not before: Fri 11 Jul 2025 21:01:16 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.35.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:40:23:d9:3e:fa:31:46:ca:fe:b6:c0:f9:6c:55:aa:d5:52:ef:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 21:01:16 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=3eb98c613db8235c038f11b51a35bb8ecbd74f17d8c41cd374004f9514519cad, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:3b:a7:75:3b:32:39:f1:f7:25:8d:5a:aa:cc:
e9:31:b8:7f:9b:54:ea:02:dd:da:d2:b7:cf:62:3e:
cb:32:c8:ba:40:90:ad:9d:bd:22:cf:8a:bf:cc:d5:
8b:9e:6a:52:8e:99:d9:df:ab:4f:f6:b2:02:82:ed:
9b:b6:87:ce:94:c5:37:c3:08:ce:cc:e2:27:73:04:
b9:6f:f6:07:16:5f:39:c3:7c:77:14:f1:14:b4:58:
59:5c:57:8e:31:e8:37:1f:2a:7b:40:ea:a4:cb:4c:
2e:0e:b6:02:d8:ee:30:7f:d5:0a:43:33:35:84:68:
5b:79:eb:4b:42:97:75:3f:4b:37:96:ec:d6:31:ca:
e3:4b:2e:91:90:a6:06:26:2e:15:98:4e:b4:51:3d:
61:aa:57:28:20:eb:6b:fb:1f:43:37:4a:d9:d7:dc:
ad:38:47:26:9d:f6:64:64:2b:18:6e:c8:8b:53:dd:
22:8b:90:fb:c7:8e:b8:1f:63:58:6c:6d:bc:fc:e1:
e5:9a:67:04:5d:52:be:7d:32:6f:0c:52:d3:aa:46:
e0:4a:18:9c:ab:42:88:5b:75:90:79:fb:13:0d:ae:
af:3d:76:ed:6f:ea:cd:be:95:47:02:81:c6:df:2b:
9a:d3:a9:c8:84:55:37:62:4f:e2:d3:20:8b:05:c7:
57:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:C1:5E:C3:F3:71:8F:43:CE:C6:CA:6C:28:73:96:92:7B:F2:C5:C5
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.35.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7e:37:55:77:ed:cb:d5:61:06:45:a7:8b:57:d7:f5:a2:36:8b:
ed:86:fe:19:a7:e8:d0:2e:9b:fd:44:22:ed:b1:db:b6:28:9b:
5a:0c:31:63:ae:df:65:0a:f5:02:22:7f:cc:68:88:53:7f:0a:
9b:7a:cc:5e:f2:ba:ca:f0:83:5c:59:58:7e:d3:1f:e8:d4:29:
00:a4:79:0b:43:15:dd:74:5c:f1:e2:7e:33:ab:5b:c4:ac:1d:
69:1c:cb:ad:59:95:11:9d:15:77:97:e1:96:e6:2c:32:78:37:
58:27:f1:36:3f:0c:89:05:58:86:fd:c5:d5:df:90:90:7c:1e:
17:48:a6:ab:07:a2:fa:e5:3c:57:a9:f5:69:19:84:e2:0a:ee:
8c:4a:f0:58:4f:9f:2f:a2:15:74:f8:39:c0:75:c6:5f:f9:3e:
b7:09:b7:35:d4:45:fd:75:d0:e7:67:69:f2:25:19:65:72:6d:
3d:e5:c8:4c:ec:5f:a0:e3:21:9e:11:28:06:59:4d:82:df:20:
e4:16:35:f1:86:7e:70:4d:9a:3d:ab:ae:a4:c0:15:fe:e5:50:
91:49:64:b2:90:d7:de:6d:62:e8:29:40:1f:c0:22:f6:db:29:
61:90:dc:3c:f6:99:b5:2d:42:09:59:a9:33:e3:5e:32:08:8a:
e4:29:12:53
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUEUAj2T76MUbK/rbA+WxVqtVS7+gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMTAxMTZaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNlYjk4YzYxM2RiODIzNWMwMzhmMTFiNTFhMzViYjhlY2JkNzRmMTdkOGM0
MWNkMzc0MDA0Zjk1MTQ1MTljYWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO87p3U7Mjnx9yWNWqrM6TG4f5tU6gLd2tK3z2I+yzLIukCQrZ29Is+Kv8zV
i55qUo6Z2d+rT/ayAoLtm7aHzpTFN8MIzsziJ3MEuW/2BxZfOcN8dxTxFLRYWVxX
jjHoNx8qe0DqpMtMLg62AtjuMH/VCkMzNYRoW3nrS0KXdT9LN5bs1jHK40sukZCm
BiYuFZhOtFE9YapXKCDra/sfQzdK2dfcrThHJp32ZGQrGG7Ii1PdIouQ+8eOuB9j
WGxtvPzh5ZpnBF1Svn0ybwxS06pG4EoYnKtCiFt1kHn7Ew2urz127W/qzb6VRwKB
xt8rmtOpyIRVN2JP4tMgiwXHV1ECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTawV7D
83GPQ87Gymwoc5aSe/LFxTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTRjMmEzNmUtMjQ1Yi00MzlhLWJmNjEtMDQxMzJjNWRmNWE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMjMA0G
CSqGSIb3DQEBCwUAA4IBAQB+N1V37cvVYQZFp4tX1/WiNovthv4Zp+jQLpv9RCLt
sdu2KJtaDDFjrt9lCvUCIn/MaIhTfwqbesxe8rrK8INcWVh+0x/o1CkApHkLQxXd
dFzx4n4zq1vErB1pHMutWZURnRV3l+GW5iwyeDdYJ/E2PwyJBViG/cXV35CQfB4X
SKarB6L65TxXqfVpGYTiCu6MSvBYT58vohV0+DnAdcZf+T63Cbc11EX9ddDnZ2ny
JRllcm095chM7F+g4yGeESgGWU2C3yDkFjXxhn5wTZo9q66kwBX+5VCRSWSykNfe
bWLoKUAfwCL22ylhkNw89pm1LUIJWakz414yCIrkKRJT
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:42:56 2025 by rpki-client