Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9adb83e6-fa36-47fa-b5be-856fd7247898.roa
File: 9adb83e6-fa36-47fa-b5be-856fd7247898.roa (raw, json)
Hash identifier: oK7C6AolhxPcj6HSzw1cSH62ZfD3kV3aGL7icZDFm8s=
Subject key identifier: 8F:AD:F4:BF:D2:02:B4:7F:DC:88:65:3A:48:88:41:E9:43:0D:5D:D6
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 68A87346E8B3E9AAFC761284F1C285813B6FD025
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9adb83e6-fa36-47fa-b5be-856fd7247898.roa
Signing time: Tue 01 Apr 2025 15:10:34 +0000
ROA not before: Tue 01 Apr 2025 15:10:34 +0000
ROA not after: Tue 06 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.104.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:a8:73:46:e8:b3:e9:aa:fc:76:12:84:f1:c2:85:81:3b:6f:d0:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 1 15:10:34 2025 GMT
Not After : May 6 23:59:59 2025 GMT
Subject: serialNumber=963c49d6958fdabf41f003e76c6b9d733b577b50a19ebf5315a38947f3f67143, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:87:97:6d:f3:e1:91:61:ee:dc:82:29:dc:fd:
f3:b8:e9:a2:65:a9:fc:f2:37:bc:dc:2f:c3:f6:3e:
59:d4:66:aa:e0:da:c7:10:2c:b9:44:73:11:f8:c9:
fa:1a:c0:82:38:98:e5:9a:74:58:fc:3a:e0:ee:27:
10:eb:9c:93:ed:0a:6c:67:d0:0d:2e:6e:07:2e:33:
9d:82:30:a9:2d:f8:16:ae:50:32:d5:d2:81:e7:f9:
7b:3e:45:56:d9:46:cf:cc:89:bf:55:ad:77:ab:87:
f2:6c:af:b7:5e:3c:f4:00:53:1c:18:b2:c7:48:db:
00:fd:59:83:97:cc:6a:28:83:69:d5:46:7f:cf:0c:
c3:5a:b0:70:d4:a5:a5:d7:e9:f2:ec:f1:7c:a1:9f:
74:4e:57:0c:b9:14:86:8a:3a:20:b4:b8:e2:f5:05:
8a:9b:24:21:7c:56:95:89:db:f1:ee:18:b2:88:5d:
1f:13:33:5e:8b:ad:f1:4c:2d:9e:49:1c:ad:29:cf:
e2:33:00:aa:dd:54:1a:72:2e:26:d2:cf:01:c8:08:
a9:4b:5b:4e:0a:cd:11:9d:a5:74:c8:cc:2a:31:af:
28:36:98:bf:99:bf:1f:7d:ce:c2:3a:96:0f:2e:08:
43:ef:07:6d:a0:6a:30:8a:71:6c:dc:86:09:f1:5a:
82:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:AD:F4:BF:D2:02:B4:7F:DC:88:65:3A:48:88:41:E9:43:0D:5D:D6
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9adb83e6-fa36-47fa-b5be-856fd7247898.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.104.0/23
Signature Algorithm: sha256WithRSAEncryption
ae:60:c3:be:9f:05:1f:19:f7:8a:f6:10:15:62:25:a2:02:8f:
b6:d5:f0:72:3a:a1:72:c0:e3:5d:81:d4:9f:fe:dd:5c:05:01:
ed:7d:b0:64:74:0c:44:7e:bb:1f:7b:35:d4:ac:2a:5b:39:d5:
51:f7:1a:40:3e:6c:0a:25:6c:18:3b:4b:77:7b:7c:77:83:1c:
06:8e:f2:94:79:3d:97:7f:99:a6:a2:ec:ce:3f:d0:ce:0a:ae:
ef:b0:96:f3:ef:a9:b8:d4:58:f3:56:59:d3:b0:a4:93:71:bd:
2d:cb:6d:82:6e:31:47:a9:a6:e6:ae:f0:2c:eb:a9:ca:9f:09:
e9:c8:94:0f:77:1a:7b:aa:7b:54:99:b1:78:7b:3c:46:7a:82:
fd:60:51:77:d4:40:d5:09:2c:59:34:10:07:a5:f6:9b:d6:0b:
4d:8b:1b:75:5b:b0:a1:40:25:af:89:54:11:76:ef:34:fc:da:
15:de:2a:a1:9b:e8:33:e2:04:0f:c1:22:25:83:1c:26:2b:e4:
56:3b:dd:21:98:0a:08:44:03:b2:a3:dc:68:4e:a9:8e:06:62:
ca:1f:d4:ee:34:0d:a0:d1:61:6e:e6:51:62:b0:05:6d:d8:95:
eb:66:37:d7:59:cc:dc:08:ba:0e:2f:bc:41:0b:cc:70:80:d5:
25:b5:73:32
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUaKhzRuiz6ar8dhKE8cKFgTtv0CUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MDExNTEwMzRaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDk2M2M0OWQ2OTU4ZmRhYmY0MWYwMDNlNzZjNmI5ZDczM2I1NzdiNTBhMTll
YmY1MzE1YTM4OTQ3ZjNmNjcxNDMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOeHl23z4ZFh7tyCKdz987jpomWp/PI3vNwvw/Y+WdRmquDaxxAsuURzEfjJ
+hrAgjiY5Zp0WPw64O4nEOuck+0KbGfQDS5uBy4znYIwqS34Fq5QMtXSgef5ez5F
VtlGz8yJv1Wtd6uH8myvt1489ABTHBiyx0jbAP1Zg5fMaiiDadVGf88Mw1qwcNSl
pdfp8uzxfKGfdE5XDLkUhoo6ILS44vUFipskIXxWlYnb8e4YsohdHxMzXout8Uwt
nkkcrSnP4jMAqt1UGnIuJtLPAcgIqUtbTgrNEZ2ldMjMKjGvKDaYv5m/H33OwjqW
Dy4IQ+8HbaBqMIpxbNyGCfFagpUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSPrfS/
0gK0f9yIZTpIiEHpQw1d1jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWFkYjgzZTYtZmEzNi00N2ZhLWI1YmUtODU2ZmQ3MjQ3ODk4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMQaDAN
BgkqhkiG9w0BAQsFAAOCAQEArmDDvp8FHxn3ivYQFWIlogKPttXwcjqhcsDjXYHU
n/7dXAUB7X2wZHQMRH67H3s11KwqWznVUfcaQD5sCiVsGDtLd3t8d4McBo7ylHk9
l3+ZpqLszj/Qzgqu77CW8++puNRY81ZZ07Ckk3G9Lcttgm4xR6mm5q7wLOupyp8J
6ciUD3cae6p7VJmxeHs8RnqC/WBRd9RA1QksWTQQB6X2m9YLTYsbdVuwoUAlr4lU
EXbvNPzaFd4qoZvoM+IED8EiJYMcJivkVjvdIZgKCEQDsqPcaE6pjgZiyh/U7jQN
oNFhbuZRYrAFbdiV62Y311nM3Ai6Di+8QQvMcIDVJbVzMg==
-----END CERTIFICATE-----
Generated at Sat Apr 26 15:51:29 2025 by rpki-client