Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
File: af8582f5-d209-4e12-aacf-31186289c430.roa (raw, json)
Hash identifier: 4jCQKjArvfyN6pHcNUBjsE+yU+jCVRjLN7gMjFjukcU=
Subject key identifier: 1E:6E:49:7F:99:29:B2:22:DE:32:6A:75:04:47:98:58:F3:6B:F9:4D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 506993D1DA3A472B4567324AE4BF9E1C924F2CF9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
Signing time: Tue 20 May 2025 20:50:40 +0000
ROA not before: Tue 20 May 2025 20:50:40 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.216.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:69:93:d1:da:3a:47:2b:45:67:32:4a:e4:bf:9e:1c:92:4f:2c:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:50:40 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=6b94ac3e7aeb300b60c2ab15c2d99208b63ef7999cccb008c0b610991cdecc5a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:ff:3a:a0:79:53:4f:81:ab:f9:6c:d8:37:b8:
69:b3:bd:3e:fd:a6:05:5b:0d:cd:7e:8a:8e:57:cc:
fb:c4:a8:d1:66:90:02:86:cd:a8:7e:02:53:7f:87:
56:84:91:89:0e:dd:52:8c:88:26:50:aa:34:e7:7b:
90:7c:f8:a5:0b:8a:9a:ce:ad:9c:75:79:dd:88:18:
c3:2a:0b:2f:d4:a5:07:85:8c:0b:39:81:76:f9:71:
d4:10:6d:a2:f2:6d:0c:07:07:2b:5e:30:b7:ba:ff:
9d:ac:3b:4c:06:50:83:df:c6:ab:25:e3:8c:95:fe:
d4:d1:4e:b8:84:7c:2d:f3:ba:73:b9:ef:be:91:41:
3c:bc:33:8d:6d:8c:6e:f2:69:c5:f3:0a:62:2f:d3:
be:a5:6e:a5:1c:17:85:f6:cf:2f:3b:9d:23:1c:9f:
f0:ef:c6:06:c5:e6:93:0b:16:49:24:fc:fd:53:98:
39:c7:05:22:f2:48:89:c9:da:01:74:f4:e2:9c:7e:
5d:8d:84:88:19:68:31:d4:28:4f:3e:63:87:2b:ea:
69:c4:30:7b:f0:2b:a9:60:99:7c:29:48:40:00:be:
83:9a:96:5e:60:a0:b9:1a:14:4e:c4:2e:9a:fb:ec:
02:bb:5e:ea:8e:e5:73:95:09:4d:27:fd:22:be:95:
80:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:6E:49:7F:99:29:B2:22:DE:32:6A:75:04:47:98:58:F3:6B:F9:4D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.216.0.0/15
Signature Algorithm: sha256WithRSAEncryption
31:85:27:2a:82:0b:9c:53:5e:f4:ac:94:e1:ad:6e:ca:11:c9:
5e:c7:55:03:05:86:cd:c8:e8:da:f5:9c:de:22:6e:b9:4b:25:
19:e9:b2:0c:28:91:22:04:30:d0:8e:65:8f:04:88:b6:47:13:
5e:a6:bf:9a:bb:f3:8f:fa:2f:31:b7:03:6d:21:32:a8:21:83:
01:4e:83:a5:1e:51:9e:4a:82:dd:de:49:d4:0e:19:cb:dc:55:
f4:52:97:20:2c:64:6b:4e:7c:64:82:52:c4:50:18:32:57:70:
91:cf:24:65:89:21:a7:9c:02:b6:7a:78:02:51:06:5a:b9:76:
b8:64:f0:c6:00:c6:03:8d:fa:6b:93:87:6e:bd:6f:27:dc:36:
56:ae:8c:a0:50:82:9f:c1:19:24:4f:1f:6f:b3:5f:d6:dd:83:
f1:eb:06:23:e4:da:1b:22:ae:4f:d4:a9:36:73:e9:cb:45:70:
46:0a:ef:58:4e:2e:33:71:3f:4a:68:c9:70:af:58:73:0c:e0:
64:d7:52:1a:58:f8:2e:54:88:01:9b:e4:7c:04:19:20:28:9d:
65:2b:2e:fa:74:1a:27:d9:b1:bc:12:24:9c:39:ca:c8:d6:d1:
a9:64:3d:a0:7f:84:b3:b4:28:84:0d:bc:ed:8d:32:d7:88:b3:
76:1a:b1:9d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUGmT0do6RytFZzJK5L+eHJJPLPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDUwNDBaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiOTRhYzNlN2FlYjMwMGI2MGMyYWIxNWMyZDk5MjA4YjYzZWY3OTk5Y2Nj
YjAwOGMwYjYxMDk5MWNkZWNjNWExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3/OqB5U0+Bq/ls2De4abO9Pv2mBVsNzX6KjlfM+8So0WaQAobNqH4CU3+H
VoSRiQ7dUoyIJlCqNOd7kHz4pQuKms6tnHV53YgYwyoLL9SlB4WMCzmBdvlx1BBt
ovJtDAcHK14wt7r/naw7TAZQg9/GqyXjjJX+1NFOuIR8LfO6c7nvvpFBPLwzjW2M
bvJpxfMKYi/TvqVupRwXhfbPLzudIxyf8O/GBsXmkwsWSST8/VOYOccFIvJIicna
AXT04px+XY2EiBloMdQoTz5jhyvqacQwe/ArqWCZfClIQAC+g5qWXmCguRoUTsQu
mvvsArte6o7lc5UJTSf9Ir6VgNUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQebkl/
mSmyIt4yanUER5hY82v5TTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWY4NTgyZjUtZDIwOS00ZTEyLWFhY2YtMzExODYyODljNDMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPYMA0G
CSqGSIb3DQEBCwUAA4IBAQAxhScqggucU170rJThrW7KEclex1UDBYbNyOja9Zze
Im65SyUZ6bIMKJEiBDDQjmWPBIi2RxNepr+au/OP+i8xtwNtITKoIYMBToOlHlGe
SoLd3knUDhnL3FX0UpcgLGRrTnxkglLEUBgyV3CRzyRliSGnnAK2engCUQZauXa4
ZPDGAMYDjfprk4duvW8n3DZWroygUIKfwRkkTx9vs1/W3YPx6wYj5NobIq5P1Kk2
c+nLRXBGCu9YTi4zcT9KaMlwr1hzDOBk11IaWPguVIgBm+R8BBkgKJ1lKy76dBon
2bG8EiScOcrI1tGpZD2gf4SztCiEDbztjTLXiLN2GrGd
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:58:04 2025 by rpki-client