Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b94c01ab-78c9-4dea-8605-206edf4f4ac3.roa
File: b94c01ab-78c9-4dea-8605-206edf4f4ac3.roa (raw, json)
Hash identifier: t4f7wXsBQFEIfHZofMS8f7Ued8zV8yY2wepKzSVJ58M=
Subject key identifier: FD:B1:EE:05:09:62:66:66:A9:30:5A:89:5C:4F:53:1D:08:72:16:F6
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4D42EB866022ECE40ADC0A68D92C95BCB6C7D3DE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b94c01ab-78c9-4dea-8605-206edf4f4ac3.roa
Signing time: Tue 20 May 2025 20:50:13 +0000
ROA not before: Tue 20 May 2025 20:50:13 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 57.85.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:42:eb:86:60:22:ec:e4:0a:dc:0a:68:d9:2c:95:bc:b6:c7:d3:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:50:13 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=a9fa4aa85bfca51671da92c69ad96af6788a68ab90c08e6fbcf114a7434909e4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ea:11:11:a8:63:49:56:e8:69:f4:f9:de:d9:
e9:cf:4d:d1:f8:df:f4:42:88:a6:e5:4b:be:7b:df:
d5:a6:69:15:78:c2:a0:73:72:1e:dd:95:d3:a4:48:
43:7c:7c:7e:44:51:c6:6f:cf:11:c4:f1:56:8b:fb:
57:ec:4d:0b:a5:52:e9:f3:37:87:da:90:3f:a2:d3:
2d:47:72:e9:71:1e:e8:d3:59:b9:23:d2:fd:b3:40:
7f:7d:0d:77:cc:16:4c:81:cf:7c:52:25:26:c6:fb:
0a:a4:48:c4:11:3e:a5:cd:46:18:8f:66:3f:e6:c5:
e8:32:6a:47:da:67:10:3d:ac:cc:11:4d:05:ee:3c:
e3:77:45:f3:71:92:a0:a6:15:3d:98:15:fa:8d:00:
bc:12:b3:d3:c6:2e:84:d4:93:7b:ae:76:28:78:1f:
2a:e0:e2:34:3d:08:0e:1b:76:65:3e:91:3d:66:a9:
7c:c9:5c:9e:a8:5c:a8:90:ee:71:e8:20:43:f0:a3:
c0:0a:bd:40:5d:a6:ff:bb:86:b2:67:80:cb:dc:79:
ec:ce:cc:8c:d2:ab:9a:11:e6:a8:c7:dd:0a:34:2b:
e3:a6:b4:8a:9c:31:ad:47:48:4a:ac:d0:92:31:8d:
fa:3d:63:c6:d3:6f:af:79:ca:ff:fa:d2:0e:40:54:
8a:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:B1:EE:05:09:62:66:66:A9:30:5A:89:5C:4F:53:1D:08:72:16:F6
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b94c01ab-78c9-4dea-8605-206edf4f4ac3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
57.85.0.0/16
Signature Algorithm: sha256WithRSAEncryption
bf:22:49:39:df:b2:7e:74:f3:e9:53:49:7e:4e:e7:28:a5:26:
95:59:44:34:21:0e:99:69:5e:eb:6d:14:55:01:7a:81:4c:78:
99:91:40:af:38:ec:ab:ac:79:63:82:08:e4:4f:1e:3b:7f:6d:
36:90:d7:90:e0:b0:45:43:4a:a5:f8:6c:22:73:23:e1:80:70:
56:b7:b5:85:4c:4e:c9:3d:0e:20:2a:e4:66:3a:e2:56:8d:58:
7e:4f:3d:ac:da:36:f1:08:8e:6b:7b:a6:9f:66:03:2e:85:12:
b8:f7:72:eb:e1:99:6d:b6:a5:aa:94:c2:ed:29:e7:b9:e1:ce:
2d:8a:42:35:29:47:20:18:6d:d4:bc:59:29:11:cd:72:4c:57:
f0:30:e7:bb:b9:42:1c:bd:59:01:05:69:1b:8c:63:e5:9c:71:
85:3b:8b:cf:bf:7f:62:c7:c6:60:74:7b:c9:ad:9b:4c:ce:d1:
6a:36:26:aa:24:ee:d4:f6:0b:a6:7d:2b:cd:b0:2b:94:0d:0b:
93:bc:2c:56:e9:d9:7b:55:b4:e4:e9:6f:6d:64:c9:64:9d:45:
a9:a1:44:67:18:90:ab:13:0a:5f:1f:53:04:ac:c4:fb:0b:2c:
09:51:fe:8c:46:ca:78:15:87:03:16:53:63:6f:3f:7b:4f:7e:
81:e0:dd:fb
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUTULrhmAi7OQK3Apo2SyVvLbH094wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDUwMTNaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5ZmE0YWE4NWJmY2E1MTY3MWRhOTJjNjlhZDk2YWY2Nzg4YTY4YWI5MGMw
OGU2ZmJjZjExNGE3NDM0OTA5ZTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKDqERGoY0lW6Gn0+d7Z6c9N0fjf9EKIpuVLvnvf1aZpFXjCoHNyHt2V06RI
Q3x8fkRRxm/PEcTxVov7V+xNC6VS6fM3h9qQP6LTLUdy6XEe6NNZuSPS/bNAf30N
d8wWTIHPfFIlJsb7CqRIxBE+pc1GGI9mP+bF6DJqR9pnED2szBFNBe4843dF83GS
oKYVPZgV+o0AvBKz08YuhNSTe652KHgfKuDiND0IDht2ZT6RPWapfMlcnqhcqJDu
ceggQ/CjwAq9QF2m/7uGsmeAy9x57M7MjNKrmhHmqMfdCjQr46a0ipwxrUdISqzQ
kjGN+j1jxtNvr3nK//rSDkBUipUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT9se4F
CWJmZqkwWolcT1MdCHIW9jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Yjk0YzAxYWItNzhjOS00ZGVhLTg2MDUtMjA2ZWRmNGY0YWMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADlVMA0G
CSqGSIb3DQEBCwUAA4IBAQC/Ikk537J+dPPpU0l+TucopSaVWUQ0IQ6ZaV7rbRRV
AXqBTHiZkUCvOOyrrHljggjkTx47f202kNeQ4LBFQ0ql+GwicyPhgHBWt7WFTE7J
PQ4gKuRmOuJWjVh+Tz2s2jbxCI5re6afZgMuhRK493Lr4ZlttqWqlMLtKee54c4t
ikI1KUcgGG3UvFkpEc1yTFfwMOe7uUIcvVkBBWkbjGPlnHGFO4vPv39ix8ZgdHvJ
rZtMztFqNiaqJO7U9gumfSvNsCuUDQuTvCxW6dl7VbTk6W9tZMlknUWpoURnGJCr
EwpfH1MErMT7CywJUf6MRsp4FYcDFlNjbz97T36B4N37
-----END CERTIFICATE-----
Generated at Sat Jun 14 06:08:49 2025 by rpki-client