Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
File: cf5e86ef-0733-4056-8b1b-683470ef90f1.roa (raw, json)
Hash identifier: KrvG/rqMXacS8pnKfwKOMkpgn/L5yL014q28f7iP59w=
Subject key identifier: AF:ED:06:95:2E:6B:58:BA:68:0D:57:BE:16:D1:22:49:9E:2F:68:8F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2BFF6A2DF32D03F35062E0A32C8F09670950E5C4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
Signing time: Fri 23 May 2025 00:50:11 +0000
ROA not before: Fri 23 May 2025 00:50:11 +0000
ROA not after: Fri 27 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.112.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:ff:6a:2d:f3:2d:03:f3:50:62:e0:a3:2c:8f:09:67:09:50:e5:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 23 00:50:11 2025 GMT
Not After : Jun 27 23:59:59 2025 GMT
Subject: serialNumber=cdf02887e8d5f984464521311b60b0404d23d1c3b2d791cb40aa75d1b3dcc05d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:1e:21:1b:c2:88:4d:31:ab:3b:1f:ea:79:97:
24:ed:68:96:66:11:9c:1f:63:17:a4:12:6c:20:74:
2a:f2:86:a9:fe:40:56:fa:bb:40:92:07:e5:b3:ff:
48:e0:2b:60:05:d4:15:e0:5d:96:48:94:b7:ed:40:
01:d6:73:a2:25:f8:9c:23:19:fd:a9:2e:f6:17:0d:
73:71:07:db:84:8b:f7:3e:b0:18:c4:14:74:23:d3:
76:eb:09:40:0e:a0:ec:82:e4:c0:1b:d3:3f:e4:aa:
29:d0:d8:1c:a6:27:5d:91:17:b9:d7:cd:a0:72:95:
3d:a9:98:50:11:9d:c7:80:6c:07:88:91:c2:c7:42:
45:64:47:c9:0d:1b:85:48:92:0f:94:f4:2d:b3:39:
aa:8d:e0:76:a8:ad:c3:69:ba:ff:4e:f1:bc:77:ee:
91:c2:c8:02:a1:47:70:83:93:c6:cf:03:ce:e1:47:
a1:d6:5b:25:3d:c0:7a:fd:09:1b:86:e8:c9:9a:e4:
71:d3:87:6a:80:0d:c9:0d:76:67:ec:6d:84:99:83:
b7:5f:0a:d9:e7:9f:e8:6f:48:0e:21:e0:48:6f:72:
68:bf:e5:da:75:dd:71:05:38:30:d2:70:16:de:44:
36:f1:fd:78:cd:58:8c:07:a5:24:c1:1c:46:ec:25:
9b:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:ED:06:95:2E:6B:58:BA:68:0D:57:BE:16:D1:22:49:9E:2F:68:8F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.112.0/21
Signature Algorithm: sha256WithRSAEncryption
b9:c0:49:36:dd:6d:06:84:c0:11:44:6e:f2:bd:81:d8:c3:47:
f5:3b:d8:67:5b:ff:51:86:3e:1e:5f:ef:ce:13:91:c4:b3:ac:
02:dc:96:f1:f7:d5:4b:1d:a3:20:3d:7a:79:20:d6:dd:10:8f:
1c:6a:54:6a:7b:c9:98:49:a9:8e:da:e3:8a:72:54:89:b6:c8:
c5:b7:9f:83:31:9d:d0:ec:a2:45:79:b8:a1:95:cf:5c:05:a8:
cc:f2:2d:f9:61:ef:11:ea:a9:08:30:bc:24:4d:9c:41:8e:e9:
d5:68:4c:1f:d4:00:80:91:4a:8e:a6:79:41:e2:0e:ca:39:e9:
79:db:46:10:ca:bf:06:96:87:0f:e6:a9:20:76:a0:fd:b8:74:
28:4a:5e:55:7b:88:90:63:63:e6:93:ea:3b:81:82:a5:2f:55:
1d:ac:03:4e:04:6b:a5:44:95:a7:8e:9b:42:31:dd:21:c6:14:
eb:0f:f2:cc:43:fb:fb:c6:2a:2d:92:59:13:fc:ed:d9:78:91:
1c:c5:63:ca:dc:5b:86:87:a1:f3:2b:f0:72:3f:a8:b3:b0:d6:
6a:d8:02:5b:13:1a:98:dd:68:2f:ae:d4:76:b1:bf:c0:95:1a:
1a:c4:e9:a5:47:68:2d:56:56:be:54:0e:65:29:82:2d:c0:ae:
d6:35:4e:aa
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUK/9qLfMtA/NQYuCjLI8JZwlQ5cQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjMwMDUwMTFaFw0yNTA2MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQGNkZjAyODg3ZThkNWY5ODQ0NjQ1MjEzMTFiNjBiMDQwNGQyM2QxYzNiMmQ3
OTFjYjQwYWE3NWQxYjNkY2MwNWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMYeIRvCiE0xqzsf6nmXJO1olmYRnB9jF6QSbCB0KvKGqf5AVvq7QJIH5bP/
SOArYAXUFeBdlkiUt+1AAdZzoiX4nCMZ/aku9hcNc3EH24SL9z6wGMQUdCPTdusJ
QA6g7ILkwBvTP+SqKdDYHKYnXZEXudfNoHKVPamYUBGdx4BsB4iRwsdCRWRHyQ0b
hUiSD5T0LbM5qo3gdqitw2m6/07xvHfukcLIAqFHcIOTxs8DzuFHodZbJT3Aev0J
G4boyZrkcdOHaoANyQ12Z+xthJmDt18K2eef6G9IDiHgSG9yaL/l2nXdcQU4MNJw
Ft5ENvH9eM1YjAelJMEcRuwlm78CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSv7QaV
LmtYumgNV74W0SJJni9ojzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2Y1ZTg2ZWYtMDczMy00MDU2LThiMWItNjgzNDcwZWY5MGYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAcDAN
BgkqhkiG9w0BAQsFAAOCAQEAucBJNt1tBoTAEURu8r2B2MNH9TvYZ1v/UYY+Hl/v
zhORxLOsAtyW8ffVSx2jID16eSDW3RCPHGpUanvJmEmpjtrjinJUibbIxbefgzGd
0OyiRXm4oZXPXAWozPIt+WHvEeqpCDC8JE2cQY7p1WhMH9QAgJFKjqZ5QeIOyjnp
edtGEMq/BpaHD+apIHag/bh0KEpeVXuIkGNj5pPqO4GCpS9VHawDTgRrpUSVp46b
QjHdIcYU6w/yzEP7+8YqLZJZE/zt2XiRHMVjytxbhoeh8yvwcj+os7DWatgCWxMa
mN1oL67UdrG/wJUaGsTppUdoLVZWvlQOZSmCLcCu1jVOqg==
-----END CERTIFICATE-----
Generated at Sat Jun 14 06:08:44 2025 by rpki-client