Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b39e8644-b3a5-4477-b7b6-d340235a9010.roa
File: b39e8644-b3a5-4477-b7b6-d340235a9010.roa (raw, json)
Hash identifier: lbC2PfzVAh5ec+9v0EKuNVt0+AiRGkwxe2rGscdpD9g=
Subject key identifier: 8A:27:9C:A9:76:F8:69:2C:9B:65:1D:37:A6:EA:E6:BF:3B:4F:64:36
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3F7EF76D11979D53949C853286A068EA05B96884
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b39e8644-b3a5-4477-b7b6-d340235a9010.roa
Signing time: Fri 01 Aug 2025 17:20:02 +0000
ROA not before: Fri 01 Aug 2025 17:20:02 +0000
ROA not after: Fri 05 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.168.0.0/15 maxlen: 15
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:7e:f7:6d:11:97:9d:53:94:9c:85:32:86:a0:68:ea:05:b9:68:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 1 17:20:02 2025 GMT
Not After : Sep 5 23:59:59 2025 GMT
Subject: serialNumber=9888cb3d4df1fb9676e86206615bf630a23be0e474f1dce85972851ce50107c3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:d9:3e:d2:8d:03:19:90:48:b2:c0:0a:a9:58:
fe:29:f3:29:fa:5d:22:53:c7:d5:17:1e:d4:74:b2:
be:70:e3:97:92:4d:0f:8f:82:00:8a:2c:1f:c7:79:
48:45:6f:05:b0:62:6a:d7:79:54:d6:cf:76:2e:7e:
11:b1:d4:73:ae:15:08:18:0c:8a:01:58:29:92:6b:
c9:4d:39:33:37:74:31:d0:fb:ad:13:f5:30:15:09:
6e:86:6c:02:a6:ab:56:3e:15:03:4b:08:ff:7e:8f:
e7:21:82:ec:02:e4:6f:2a:b3:c2:2c:48:23:d1:dd:
a8:2e:fd:15:38:56:d7:e2:f4:41:a5:fb:3b:c6:a3:
57:93:cc:29:9e:c4:13:24:1a:17:28:59:77:3f:72:
70:88:ac:7e:af:53:20:77:35:6c:49:d7:be:10:3c:
32:ac:4e:24:d1:b5:75:88:61:ac:2e:f9:35:bb:b2:
82:85:c7:21:dd:69:0e:fa:45:e0:64:39:1d:52:fb:
3a:42:38:2b:58:14:d5:43:50:d8:28:e1:f7:32:5e:
67:18:06:49:20:fd:1d:3c:06:73:62:8b:c9:c3:fa:
c1:7d:7c:2c:ce:18:14:67:64:4b:b7:3a:c1:dd:0f:
b1:cd:84:92:90:f3:b2:94:4d:be:2c:42:e9:6c:49:
6f:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:27:9C:A9:76:F8:69:2C:9B:65:1D:37:A6:EA:E6:BF:3B:4F:64:36
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b39e8644-b3a5-4477-b7b6-d340235a9010.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.168.0.0/15
Signature Algorithm: sha256WithRSAEncryption
07:a3:3a:fb:cf:ca:73:a7:6a:a3:53:08:92:03:68:73:a1:cf:
80:c7:af:9b:f2:53:0b:fd:74:eb:4c:7d:b0:f4:6a:63:64:a8:
73:67:6a:fb:4e:25:b4:1e:57:30:49:56:eb:df:47:a5:f2:f1:
cf:b2:4c:93:60:f9:99:89:15:8c:2b:2c:43:1a:b1:d9:6e:00:
a2:77:47:33:a9:9f:52:80:23:e7:00:55:ed:dc:08:ca:12:c3:
b9:f5:b1:2c:b9:26:85:16:91:0d:8e:e7:e0:c3:c0:ff:27:af:
4f:8f:65:3d:f8:d6:a4:03:83:13:4c:9e:a8:d3:93:06:68:d3:
19:df:23:d7:e6:a5:07:ec:03:ba:cc:02:3b:80:7f:25:6b:4e:
1d:5d:c8:69:b4:4a:83:3f:bf:0b:c8:80:ed:08:e9:ba:38:25:
73:57:d8:fb:e4:f1:7e:9c:dd:00:a6:0f:07:31:33:4d:5a:bf:
5a:2f:71:bb:71:58:bc:5f:6a:d3:43:44:ee:dd:ba:98:c4:56:
71:a5:98:04:14:14:8f:9f:77:81:5b:e4:4d:93:43:de:2b:3a:
8e:d2:b9:17:b7:aa:6c:4b:d5:20:ce:c8:e7:91:fa:e5:ef:4a:
88:00:92:46:31:14:29:07:d8:f1:8e:35:7a:ac:ff:12:cb:3c:
b5:76:fd:14
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUP373bRGXnVOUnIUyhqBo6gW5aIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDExNzIwMDJaFw0yNTA5MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk4ODhjYjNkNGRmMWZiOTY3NmU4NjIwNjYxNWJmNjMwYTIzYmUwZTQ3NGYx
ZGNlODU5NzI4NTFjZTUwMTA3YzMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALjZPtKNAxmQSLLACqlY/inzKfpdIlPH1Rce1HSyvnDjl5JND4+CAIosH8d5
SEVvBbBiatd5VNbPdi5+EbHUc64VCBgMigFYKZJryU05Mzd0MdD7rRP1MBUJboZs
AqarVj4VA0sI/36P5yGC7ALkbyqzwixII9HdqC79FThW1+L0QaX7O8ajV5PMKZ7E
EyQaFyhZdz9ycIisfq9TIHc1bEnXvhA8MqxOJNG1dYhhrC75NbuygoXHId1pDvpF
4GQ5HVL7OkI4K1gU1UNQ2Cjh9zJeZxgGSSD9HTwGc2KLycP6wX18LM4YFGdkS7c6
wd0Psc2EkpDzspRNvixC6WxJb20CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSKJ5yp
dvhpLJtlHTem6ua/O09kNjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjM5ZTg2NDQtYjNhNS00NDc3LWI3YjYtZDM0MDIzNWE5MDEwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOoMA0G
CSqGSIb3DQEBCwUAA4IBAQAHozr7z8pzp2qjUwiSA2hzoc+Ax6+b8lML/XTrTH2w
9GpjZKhzZ2r7TiW0HlcwSVbr30el8vHPskyTYPmZiRWMKyxDGrHZbgCid0czqZ9S
gCPnAFXt3AjKEsO59bEsuSaFFpENjufgw8D/J69Pj2U9+NakA4MTTJ6o05MGaNMZ
3yPX5qUH7AO6zAI7gH8la04dXchptEqDP78LyIDtCOm6OCVzV9j75PF+nN0Apg8H
MTNNWr9aL3G7cVi8X2rTQ0Tu3bqYxFZxpZgEFBSPn3eBW+RNk0PeKzqO0rkXt6ps
S9Ugzsjnkfrl70qIAJJGMRQpB9jxjjV6rP8Syzy1dv0U
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:40:23 2025 by rpki-client