Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
File: 94c2a36e-245b-439a-bf61-04132c5df5a4.roa (raw, json)
Hash identifier: EnTiVQ+k1u+T//uP8lOxPGz/sH+F8MkkUYDSXQyMjS8=
Subject key identifier: 66:5F:D1:F5:74:13:3C:7B:47:68:77:12:54:70:BF:27:8E:A5:49:0D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 45EA68E2BB29CD554635D4B834EAC28C1D45D509
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
Signing time: Tue 20 May 2025 20:50:46 +0000
ROA not before: Tue 20 May 2025 20:50:46 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.35.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:ea:68:e2:bb:29:cd:55:46:35:d4:b8:34:ea:c2:8c:1d:45:d5:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:50:46 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=a278b0a8874ec7f4cd06d66a0a7d8f52e1d017aaf0151831177cff893db60f6c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:8f:0d:11:01:f6:44:dc:af:29:ee:1c:53:97:
56:7c:8c:21:24:56:6e:91:1a:0b:d6:4e:d6:f1:b9:
92:22:96:bc:85:5c:ad:77:3f:16:b1:5f:6f:ef:60:
aa:73:ff:ea:c1:d2:08:3f:62:4b:72:1f:6a:25:61:
91:19:a5:6f:16:53:81:a0:cc:51:7e:4a:b0:93:3c:
5b:03:86:8f:57:23:88:d1:bd:5e:4c:6d:42:20:c2:
fe:3e:4a:1f:8a:70:56:77:b5:74:d3:41:68:4e:d1:
13:d5:e7:e7:06:34:7d:63:d6:76:1e:21:31:71:b2:
39:2a:0f:ab:c1:b6:29:76:16:76:48:5c:5d:f7:3c:
35:c6:0d:3e:2a:e4:25:62:52:0a:6a:fc:5b:87:cf:
f0:1a:2e:0b:47:c6:1f:31:2d:f3:2b:c5:5b:ca:25:
9d:00:fe:c3:c0:f0:cc:cd:b2:28:81:54:9d:c3:2f:
ee:b8:1c:97:ab:c4:6a:98:0b:c1:68:40:01:ff:f5:
fd:d0:70:c7:6a:a3:f5:95:b5:93:8a:f5:33:5c:70:
28:89:21:93:56:aa:98:84:ff:6e:d0:47:a7:98:3f:
5f:bc:a2:62:1a:c0:11:dc:a5:55:40:d8:fe:c4:a3:
9a:98:4c:c1:a5:c9:77:01:31:cb:13:90:80:94:28:
3e:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:5F:D1:F5:74:13:3C:7B:47:68:77:12:54:70:BF:27:8E:A5:49:0D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.35.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a4:1f:03:13:b9:39:61:2c:33:58:25:2e:fb:eb:d1:86:7f:47:
df:a3:bd:c1:1c:12:58:75:7c:41:60:9c:34:9c:c3:52:40:cf:
33:d0:cf:8c:98:d3:b6:f7:4f:f9:71:8f:bc:df:bd:93:73:17:
f4:37:eb:0c:82:e9:12:37:05:6a:f7:34:b5:77:55:87:f2:66:
7c:1d:92:a5:b1:56:6f:e9:d9:33:34:cc:a9:a4:ec:ab:71:8c:
26:4c:bb:5f:f9:79:63:f7:cf:f3:16:22:ff:d6:34:bd:7e:ae:
8e:5e:f9:aa:65:93:c5:06:ad:bd:bc:6d:54:8d:e2:85:6f:47:
c5:4d:cc:f2:f6:0b:2d:ca:25:83:af:0e:ed:89:d2:01:a0:4b:
51:ff:c3:5e:b5:1a:45:10:a7:71:22:50:1c:d4:55:7f:c8:3d:
23:dc:ba:4c:cf:f0:0f:c3:a4:82:1a:7f:4f:b3:b7:71:a3:8b:
bd:07:65:4b:04:6c:68:58:51:d0:dc:ef:5e:99:6e:7c:a0:d3:
0d:94:21:dc:c5:99:7d:06:fa:12:7e:39:09:c4:34:db:06:01:
75:68:2c:36:9d:d7:78:00:0c:1a:07:1f:ac:9b:bd:20:e6:a3:
58:e9:a0:e2:ab:4b:68:0a:f2:d9:29:3c:03:a3:c2:1c:85:5f:
18:57:ed:63
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIURepo4rspzVVGNdS4NOrCjB1F1QkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDUwNDZaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGEyNzhiMGE4ODc0ZWM3ZjRjZDA2ZDY2YTBhN2Q4ZjUyZTFkMDE3YWFmMDE1
MTgzMTE3N2NmZjg5M2RiNjBmNmMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSPDREB9kTcrynuHFOXVnyMISRWbpEaC9ZO1vG5kiKWvIVcrXc/FrFfb+9g
qnP/6sHSCD9iS3IfaiVhkRmlbxZTgaDMUX5KsJM8WwOGj1cjiNG9XkxtQiDC/j5K
H4pwVne1dNNBaE7RE9Xn5wY0fWPWdh4hMXGyOSoPq8G2KXYWdkhcXfc8NcYNPirk
JWJSCmr8W4fP8BouC0fGHzEt8yvFW8olnQD+w8DwzM2yKIFUncMv7rgcl6vEapgL
wWhAAf/1/dBwx2qj9ZW1k4r1M1xwKIkhk1aqmIT/btBHp5g/X7yiYhrAEdylVUDY
/sSjmphMwaXJdwExyxOQgJQoPhcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRmX9H1
dBM8e0dodxJUcL8njqVJDTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTRjMmEzNmUtMjQ1Yi00MzlhLWJmNjEtMDQxMzJjNWRmNWE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMjMA0G
CSqGSIb3DQEBCwUAA4IBAQCkHwMTuTlhLDNYJS7769GGf0ffo73BHBJYdXxBYJw0
nMNSQM8z0M+MmNO290/5cY+8372Tcxf0N+sMgukSNwVq9zS1d1WH8mZ8HZKlsVZv
6dkzNMyppOyrcYwmTLtf+Xlj98/zFiL/1jS9fq6OXvmqZZPFBq29vG1UjeKFb0fF
Tczy9gstyiWDrw7tidIBoEtR/8NetRpFEKdxIlAc1FV/yD0j3LpMz/APw6SCGn9P
s7dxo4u9B2VLBGxoWFHQ3O9emW58oNMNlCHcxZl9BvoSfjkJxDTbBgF1aCw2ndd4
AAwaBx+sm70g5qNY6aDiq0toCvLZKTwDo8IchV8YV+1j
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:57:01 2025 by rpki-client