Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b2cfc52a-1f15-43b9-93f9-9828d60fbe69.roa
File: b2cfc52a-1f15-43b9-93f9-9828d60fbe69.roa (raw, json)
Hash identifier: beZooF79V+JROX3z/AywbTYU9h3Grhq4sfG9VpjZZi0=
Subject key identifier: 40:2B:99:1F:89:FB:F7:3B:CF:D0:73:D8:60:E7:65:2B:54:D4:00:41
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4E0E1A80C134C2F2FD1FDF33B70F9DDD13F22B9A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b2cfc52a-1f15-43b9-93f9-9828d60fbe69.roa
Signing time: Fri 25 Apr 2025 20:31:00 +0000
ROA not before: Fri 25 Apr 2025 20:31:00 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 193.218.122.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:0e:1a:80:c1:34:c2:f2:fd:1f:df:33:b7:0f:9d:dd:13:f2:2b:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 25 20:31:00 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=c2ab2e7b9d46769723bd3d018db7e60232ab260dd8461d8fb8e7cb4cd3291c6c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:35:fa:ed:86:26:b9:97:1d:ce:03:81:c1:04:
23:46:5e:bd:ec:84:16:75:bb:3f:23:4f:96:d7:99:
ef:1f:05:c9:9f:58:f9:6e:2b:50:35:90:f2:81:06:
cd:58:72:38:36:92:a2:40:3d:93:a9:50:bc:82:18:
4c:9a:97:58:15:29:e0:31:ac:23:25:e9:d0:77:21:
89:ff:1a:ed:09:0d:19:f7:26:1c:c8:b2:b5:85:fe:
b4:87:39:88:29:7a:b1:03:a4:bc:17:d2:16:f6:f7:
de:32:a6:03:1b:d9:d9:8f:9b:95:c9:1e:1e:e0:8c:
95:b5:d6:09:05:9a:6f:7e:59:2b:b1:c7:32:b2:4a:
96:a0:6b:62:dc:ab:15:3e:05:0c:07:c6:c6:0f:89:
bd:2c:b2:6b:84:10:e1:65:69:c5:c5:58:48:ea:86:
34:01:89:d2:af:ce:7b:9d:17:76:a6:84:c0:a9:71:
ff:b4:c3:4d:7f:a8:1d:85:08:4f:22:2f:43:8a:77:
27:a6:7a:96:30:ad:61:d9:63:fd:bd:e8:4e:db:b4:
d4:ae:37:1f:1e:1d:50:f6:b3:a4:29:6c:ae:13:dd:
15:31:b7:8d:33:9e:3f:21:d6:40:5d:20:7d:6b:73:
ad:91:98:d6:cf:a6:dc:14:f1:f3:df:e5:84:34:81:
86:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:2B:99:1F:89:FB:F7:3B:CF:D0:73:D8:60:E7:65:2B:54:D4:00:41
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b2cfc52a-1f15-43b9-93f9-9828d60fbe69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.218.122.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:f0:b8:8f:9f:33:56:c9:39:46:3f:1a:22:0a:c2:af:c1:ba:
a0:fa:76:5d:b2:9c:68:c9:e1:01:15:38:7c:ce:61:58:63:4f:
b7:59:08:f1:9f:1e:06:ab:d8:17:6d:e6:38:12:b4:49:5d:68:
7f:6d:35:53:4a:bd:ae:e0:c0:8f:a3:b3:24:a7:80:50:ef:51:
0c:78:a4:f9:3c:3d:b7:b7:ae:ea:1e:39:05:35:53:1d:17:51:
80:56:a5:b1:25:16:0e:68:14:a6:6d:17:31:ca:ca:e4:53:1e:
77:1b:4e:09:df:5c:43:10:a9:d8:5c:49:79:cf:75:d6:cf:a2:
76:0c:e6:93:3a:08:c7:08:b4:6a:1c:5e:36:fc:c0:a9:b2:b9:
d5:6d:aa:6a:80:fa:09:17:44:05:ef:51:06:41:2f:8f:a1:f9:
b0:60:03:9f:7f:e1:7f:9e:fa:53:17:09:4c:a5:76:63:36:97:
d2:af:96:81:e1:c9:87:b6:6d:89:52:36:1b:55:b8:4f:22:ae:
c2:f2:06:7b:d0:48:51:c8:82:e0:2a:4b:34:a3:51:8b:53:5a:
bc:ae:f5:79:bc:a4:b4:ff:ca:b7:64:26:c8:0f:47:80:c6:d4:
c0:08:45:21:94:c2:89:fb:b3:39:1a:25:c7:d0:65:c3:4c:5c:
f2:07:9a:5d
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUTg4agME0wvL9H98ztw+d3RPyK5owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjUyMDMxMDBaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyYWIyZTdiOWQ0Njc2OTcyM2JkM2QwMThkYjdlNjAyMzJhYjI2MGRkODQ2
MWQ4ZmI4ZTdjYjRjZDMyOTFjNmMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANE1+u2GJrmXHc4DgcEEI0ZeveyEFnW7PyNPlteZ7x8FyZ9Y+W4rUDWQ8oEG
zVhyODaSokA9k6lQvIIYTJqXWBUp4DGsIyXp0Hchif8a7QkNGfcmHMiytYX+tIc5
iCl6sQOkvBfSFvb33jKmAxvZ2Y+blckeHuCMlbXWCQWab35ZK7HHMrJKlqBrYtyr
FT4FDAfGxg+JvSyya4QQ4WVpxcVYSOqGNAGJ0q/Oe50XdqaEwKlx/7TDTX+oHYUI
TyIvQ4p3J6Z6ljCtYdlj/b3oTtu01K43Hx4dUPazpClsrhPdFTG3jTOePyHWQF0g
fWtzrZGY1s+m3BTx89/lhDSBhhsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRAK5kf
ifv3O8/Qc9hg52UrVNQAQTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjJjZmM1MmEtMWYxNS00M2I5LTkzZjktOTgyOGQ2MGZiZTY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMHaejAN
BgkqhkiG9w0BAQsFAAOCAQEAO/C4j58zVsk5Rj8aIgrCr8G6oPp2XbKcaMnhARU4
fM5hWGNPt1kI8Z8eBqvYF23mOBK0SV1of201U0q9ruDAj6OzJKeAUO9RDHik+Tw9
t7eu6h45BTVTHRdRgFalsSUWDmgUpm0XMcrK5FMedxtOCd9cQxCp2FxJec911s+i
dgzmkzoIxwi0ahxeNvzAqbK51W2qaoD6CRdEBe9RBkEvj6H5sGADn3/hf576UxcJ
TKV2YzaX0q+WgeHJh7ZtiVI2G1W4TyKuwvIGe9BIUciC4CpLNKNRi1NavK71ebyk
tP/Kt2QmyA9HgMbUwAhFIZTCifuzORolx9Blw0xc8geaXQ==
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:46:58 2025 by rpki-client