Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
File: dbc88f4b-781b-45e4-8402-e6b216deacc3.roa (raw, json)
Hash identifier: s2QEH9oXoSXGiVfBa6IBehcZ/sk5GxdaKGMR9y+A2UQ=
Subject key identifier: 37:2D:EE:62:6C:85:63:04:96:83:DA:AC:3E:01:B2:9E:03:3B:7C:FA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 673DDC8A1DA732D123037B12A6679E5A777086CC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
Signing time: Fri 11 Jul 2025 20:50:48 +0000
ROA not before: Fri 11 Jul 2025 20:50:48 +0000
ROA not after: Fri 15 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 151.176.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:3d:dc:8a:1d:a7:32:d1:23:03:7b:12:a6:67:9e:5a:77:70:86:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Jul 11 20:50:48 2025 GMT
Not After : Aug 15 23:59:59 2025 GMT
Subject: serialNumber=efae12e73a8158f982d39911df89947242c1f8597bb8183bfca426d728f8a371, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:8f:5e:d9:77:63:92:af:89:d4:48:1d:d2:3e:
68:ad:d3:39:0d:e2:29:35:d3:40:9f:64:1b:fc:61:
09:38:2f:92:71:f7:ee:be:f0:b9:5f:1c:87:f4:35:
f1:f7:70:5a:66:59:a4:ff:c0:09:7c:78:42:45:ce:
1c:12:87:a4:cd:34:06:8c:b8:f3:00:44:32:2c:d6:
63:f7:d9:e6:ad:54:40:4a:d4:eb:8b:09:01:33:a5:
73:da:04:aa:ad:38:7b:4a:77:46:fb:48:2a:a4:d0:
ce:79:26:f8:28:1b:9e:09:b8:c1:1a:e8:64:37:fe:
a0:36:ce:de:f1:7c:17:72:ed:a9:b9:ec:d3:e1:a9:
bb:69:88:93:7f:36:aa:ed:92:32:2b:ba:54:68:5f:
d1:ca:40:29:09:07:5a:2f:4f:8a:d2:38:55:af:09:
b8:5f:5f:2d:a1:cd:b7:a5:de:ca:51:51:0f:ed:5d:
c1:3e:00:0d:84:5c:ac:b9:08:23:19:d6:9a:7e:74:
0d:75:54:15:84:d6:a4:a5:94:4d:c5:44:2d:90:9d:
65:34:39:a3:03:ea:dd:e8:a4:ec:e8:28:72:84:32:
46:47:d6:ec:69:85:12:96:bd:84:32:d0:82:ba:fd:
7e:eb:09:6a:e8:2d:89:2c:2a:94:5f:9b:06:0b:01:
e8:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:2D:EE:62:6C:85:63:04:96:83:DA:AC:3E:01:B2:9E:03:3B:7C:FA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.176.0.0/16
Signature Algorithm: sha256WithRSAEncryption
67:5e:b7:a1:a8:64:b3:37:f0:de:47:2b:8e:74:0f:5e:72:d4:
c2:83:14:4e:e2:9b:b7:9f:80:44:11:09:2d:d9:91:b2:30:c1:
bf:01:e3:0c:07:89:7e:c7:57:b6:6d:fe:1c:59:f6:14:ec:fa:
21:f4:16:6e:f7:4c:78:46:5b:e4:c2:f7:ff:47:dd:81:36:9c:
19:04:2c:4c:c4:61:41:4c:3f:91:b6:6b:9d:5e:cd:09:bf:8c:
2a:ec:c9:04:b3:23:fa:3d:f2:10:33:52:a8:01:00:40:7a:8b:
fe:1a:cb:62:30:4e:f6:d1:fe:13:43:2c:b5:00:54:a6:fa:a3:
f3:27:cd:a6:db:6d:bb:e5:1f:81:87:d7:fa:bb:bb:63:76:1c:
8b:37:6c:4e:18:01:fd:5f:ea:2d:74:49:c2:2c:6d:3a:7f:51:
cc:cd:f8:b4:f1:e3:43:34:10:47:6a:72:45:6e:4d:70:65:85:
fe:82:73:24:22:69:78:d8:1e:b5:25:b6:1d:b4:fa:9b:18:e1:
7e:0b:14:1b:8d:64:a2:25:25:87:56:4f:61:72:b9:1b:0c:4c:
fb:5e:d5:26:89:f9:54:49:52:7c:9c:e5:10:37:b1:1d:02:ba:
4b:8c:b0:a6:a1:46:6f:7f:10:a4:51:05:91:fa:ff:54:1c:62:
a9:5f:b3:f1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZz3cih2nMtEjA3sSpmeeWndwhswwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMDUwNDhaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGVmYWUxMmU3M2E4MTU4Zjk4MmQzOTkxMWRmODk5NDcyNDJjMWY4NTk3YmI4
MTgzYmZjYTQyNmQ3MjhmOGEzNzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMSPXtl3Y5KvidRIHdI+aK3TOQ3iKTXTQJ9kG/xhCTgvknH37r7wuV8ch/Q1
8fdwWmZZpP/ACXx4QkXOHBKHpM00Boy48wBEMizWY/fZ5q1UQErU64sJATOlc9oE
qq04e0p3RvtIKqTQznkm+Cgbngm4wRroZDf+oDbO3vF8F3Ltqbns0+Gpu2mIk382
qu2SMiu6VGhf0cpAKQkHWi9PitI4Va8JuF9fLaHNt6XeylFRD+1dwT4ADYRcrLkI
IxnWmn50DXVUFYTWpKWUTcVELZCdZTQ5owPq3eik7OgocoQyRkfW7GmFEpa9hDLQ
grr9fusJaugtiSwqlF+bBgsB6BECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ3Le5i
bIVjBJaD2qw+AbKeAzt8+jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGJjODhmNGItNzgxYi00NWU0LTg0MDItZTZiMjE2ZGVhY2MzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJewMA0G
CSqGSIb3DQEBCwUAA4IBAQBnXrehqGSzN/DeRyuOdA9ectTCgxRO4pu3n4BEEQkt
2ZGyMMG/AeMMB4l+x1e2bf4cWfYU7Poh9BZu90x4Rlvkwvf/R92BNpwZBCxMxGFB
TD+RtmudXs0Jv4wq7MkEsyP6PfIQM1KoAQBAeov+GstiME720f4TQyy1AFSm+qPz
J82m22275R+Bh9f6u7tjdhyLN2xOGAH9X+otdEnCLG06f1HMzfi08eNDNBBHanJF
bk1wZYX+gnMkIml42B61JbYdtPqbGOF+CxQbjWSiJSWHVk9hcrkbDEz7XtUmiflU
SVJ8nOUQN7EdArpLjLCmoUZvfxCkUQWR+v9UHGKpX7Px
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:42:46 2025 by rpki-client