Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
File: 95019996-0ef4-4f98-90e2-dd7efc004375.roa (raw, json)
Hash identifier: KI270l1VYXPaWBnVtv/culVnog64jnVNw0mAseT4+4Y=
Subject key identifier: 45:BD:E1:D0:13:14:4F:AC:5B:5A:FD:48:CD:DB:A8:09:F7:4D:27:50
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 67F4DA9272C1B26B7340F4F60B440AC283A12F07
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
Signing time: Tue 20 May 2025 20:40:54 +0000
ROA not before: Tue 20 May 2025 20:40:54 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.244.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:f4:da:92:72:c1:b2:6b:73:40:f4:f6:0b:44:0a:c2:83:a1:2f:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:40:54 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=c033fc855481802c91f8b8bd2c5c0aaf9a2f84d35f7e1a5d499ca4ecaac0fe46, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:7f:03:52:b2:76:83:c7:91:f0:9a:df:49:96:
2a:3c:a0:dd:1a:8e:4a:70:8e:61:90:7a:a0:fd:a0:
9f:56:bb:79:8b:23:5a:b9:9f:f7:55:c2:7c:a3:13:
c8:b3:f7:20:9a:cf:7c:77:42:ab:60:98:4e:26:61:
c5:0c:76:ca:7b:33:82:77:c8:7a:55:a6:a0:b6:53:
9c:d1:f3:77:a9:70:2b:b4:f8:6a:fa:fd:0e:c1:03:
4a:56:83:ee:52:d2:39:a1:24:66:1c:40:b3:68:c3:
1e:69:63:21:e2:d5:90:2b:53:19:af:6b:2e:d8:c2:
3d:bc:89:f8:47:75:92:c5:60:71:6a:7c:8d:af:92:
db:11:01:bf:44:91:8c:a0:6f:e0:6c:6f:53:c1:c5:
b8:7a:f0:01:5d:21:95:52:35:bc:b7:7a:fa:b5:8d:
7e:75:fc:3b:f2:6a:27:83:6a:41:8f:90:3a:0c:35:
28:5b:c7:2e:c5:65:f5:e9:91:c7:43:58:b9:0f:f9:
16:89:0a:41:64:74:33:d2:9e:23:30:ab:7e:9f:84:
c2:e2:0c:61:29:7e:51:9d:4e:47:ca:68:19:d9:02:
3c:28:3d:63:e4:aa:0c:31:36:89:d5:34:ca:f0:3b:
f4:ad:bb:f7:56:59:77:d4:4a:10:bb:55:c1:55:f3:
fd:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:BD:E1:D0:13:14:4F:AC:5B:5A:FD:48:CD:DB:A8:09:F7:4D:27:50
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.244.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5b:2b:b4:9f:40:91:08:25:f0:d2:a5:89:fb:a4:d6:ef:5c:d3:
be:e2:89:5c:ec:55:9a:32:53:1c:8c:4a:f8:d7:ae:d8:83:53:
40:75:dc:a3:f3:d4:11:5c:d9:c2:3e:20:2f:8f:1e:51:2f:3d:
23:30:a3:fa:2d:dc:fc:a7:c6:9f:0a:ce:d2:35:e3:65:c2:c7:
41:d4:fa:a3:b7:9f:00:7b:34:24:4d:7a:a9:60:6b:43:3b:7a:
02:e0:a0:2f:3c:74:b1:51:e8:a2:34:5c:85:30:8f:a6:e1:6b:
fa:ce:2f:16:6e:65:ba:41:c3:ec:15:99:06:a1:a4:b9:14:67:
23:49:62:4c:02:d3:cc:41:86:24:3d:a8:f5:b4:92:20:f4:d4:
ff:3c:e2:98:ea:07:6d:87:81:f0:30:df:b7:3a:28:d9:87:67:
0f:fe:62:69:e6:1d:f1:4e:b6:f5:85:3c:fb:47:62:b8:ea:87:
02:ae:d4:17:6a:76:f0:9d:1a:d4:cd:41:8a:de:54:7f:30:e3:
62:29:79:40:52:bc:69:f9:ad:e9:9e:58:58:0b:cd:d4:54:fa:
d6:e3:f6:4a:a8:1f:f2:c0:d9:de:63:0c:11:c0:07:8e:04:5e:
8c:7e:dc:1a:18:4f:2c:a0:86:56:ed:7e:1b:ee:a6:b2:45:72:
bb:d3:50:5b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZ/TaknLBsmtzQPT2C0QKwoOhLwcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDQwNTRaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGMwMzNmYzg1NTQ4MTgwMmM5MWY4YjhiZDJjNWMwYWFmOWEyZjg0ZDM1Zjdl
MWE1ZDQ5OWNhNGVjYWFjMGZlNDYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALN/A1KydoPHkfCa30mWKjyg3RqOSnCOYZB6oP2gn1a7eYsjWrmf91XCfKMT
yLP3IJrPfHdCq2CYTiZhxQx2ynszgnfIelWmoLZTnNHzd6lwK7T4avr9DsEDSlaD
7lLSOaEkZhxAs2jDHmljIeLVkCtTGa9rLtjCPbyJ+Ed1ksVgcWp8ja+S2xEBv0SR
jKBv4GxvU8HFuHrwAV0hlVI1vLd6+rWNfnX8O/JqJ4NqQY+QOgw1KFvHLsVl9emR
x0NYuQ/5FokKQWR0M9KeIzCrfp+EwuIMYSl+UZ1OR8poGdkCPCg9Y+SqDDE2idU0
yvA79K2791ZZd9RKELtVwVXz/f0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRFveHQ
ExRPrFta/UjN26gJ900nUDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTUwMTk5OTYtMGVmNC00Zjk4LTkwZTItZGQ3ZWZjMDA0Mzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ/0MA0G
CSqGSIb3DQEBCwUAA4IBAQBbK7SfQJEIJfDSpYn7pNbvXNO+4olc7FWaMlMcjEr4
167Yg1NAddyj89QRXNnCPiAvjx5RLz0jMKP6Ldz8p8afCs7SNeNlwsdB1Pqjt58A
ezQkTXqpYGtDO3oC4KAvPHSxUeiiNFyFMI+m4Wv6zi8WbmW6QcPsFZkGoaS5FGcj
SWJMAtPMQYYkPaj1tJIg9NT/POKY6gdth4HwMN+3OijZh2cP/mJp5h3xTrb1hTz7
R2K46ocCrtQXanbwnRrUzUGK3lR/MONiKXlAUrxp+a3pnlhYC83UVPrW4/ZKqB/y
wNneYwwRwAeOBF6MftwaGE8soIZW7X4b7qayRXK701Bb
-----END CERTIFICATE-----
Generated at Sat Jun 14 06:29:16 2025 by rpki-client