Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0bfa25dd-319f-4f2d-b786-8ab19d58e811.roa
File: 0bfa25dd-319f-4f2d-b786-8ab19d58e811.roa (raw, json)
Hash identifier: 9xwo2dJcVPXM4b+zBEwzQ8A9WkqO2zqbsUR6nmaNln0=
Subject key identifier: 31:85:88:F7:F4:82:D8:C3:A1:F9:82:B8:F8:8D:F2:B0:86:5F:ED:F0
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4BE9092CB1B8E4FF70A14562E54B775D616449DA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0bfa25dd-319f-4f2d-b786-8ab19d58e811.roa
Signing time: Tue 05 Aug 2025 20:20:58 +0000
ROA not before: Tue 05 Aug 2025 20:20:58 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.100.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:e9:09:2c:b1:b8:e4:ff:70:a1:45:62:e5:4b:77:5d:61:64:49:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:20:58 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=b499ff3bb76d7586e19811bc7364c9ee2739f9e8b8a6180460b90673a4166db8, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:70:3d:30:c3:71:78:64:d4:60:4f:50:3d:ab:
25:a8:16:0e:ce:46:51:d6:f7:b5:98:50:34:d6:92:
00:07:26:aa:a2:42:41:f0:50:c7:f0:f6:aa:28:5b:
79:b7:ac:0b:4d:74:ab:4d:d3:9a:b0:71:54:a1:09:
92:56:1e:f2:01:6d:5f:91:58:11:57:71:f9:d3:18:
67:63:91:e0:b3:bd:1a:60:36:e6:2b:e6:b9:d0:14:
11:07:16:cd:b2:f6:2c:31:10:87:79:4d:52:e8:f8:
30:a9:f1:db:12:48:77:4d:b4:76:02:5d:c6:53:c4:
0d:f1:9e:03:76:06:55:b5:3f:66:88:21:eb:fe:11:
0a:5c:ba:d3:ca:4a:61:7b:b2:d5:9b:02:3d:b3:b9:
66:82:21:4f:85:a6:dd:bd:f8:26:4b:14:62:72:a1:
73:46:c4:2e:63:d3:2f:51:21:54:cc:81:60:b6:d6:
5c:44:12:9f:d4:2c:f1:75:dc:2b:00:db:23:fc:1e:
9e:9f:dd:55:af:6e:aa:46:2f:2a:bf:f9:67:44:19:
50:7a:df:7e:d2:fb:21:42:e5:a7:76:d9:65:ca:31:
5e:b3:e7:0b:f4:ba:5a:1f:17:4f:2b:86:dd:97:87:
1c:b0:f4:06:f0:60:dd:1f:f2:35:a6:9b:51:15:ba:
98:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:85:88:F7:F4:82:D8:C3:A1:F9:82:B8:F8:8D:F2:B0:86:5F:ED:F0
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0bfa25dd-319f-4f2d-b786-8ab19d58e811.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.100.0.0/15
Signature Algorithm: sha256WithRSAEncryption
ae:08:e7:42:f6:f5:f9:67:75:bc:e5:aa:0d:b4:f8:a3:aa:59:
c0:53:67:ba:46:d9:b0:fa:1e:83:92:57:05:f7:bd:42:46:5a:
97:35:86:e8:29:8e:07:64:94:cd:37:2d:7f:17:ea:95:e8:72:
0e:ab:88:2f:c4:65:c3:14:c8:49:f8:e2:c0:ce:82:ab:8f:e5:
18:76:4b:b2:da:a8:a6:bd:3f:d6:8e:83:38:e9:3e:96:21:a6:
1b:9f:e0:38:33:37:ca:14:33:79:ff:1e:60:63:85:3a:f6:e2:
f4:70:41:28:90:db:27:db:a5:49:51:9b:77:f2:ae:04:a4:25:
49:20:e1:a1:c4:a6:f6:3e:19:6e:f0:d7:30:15:ee:f2:c1:31:
5e:94:45:fd:f9:06:bc:63:35:80:aa:6c:ba:2c:35:d3:69:e4:
d6:86:d7:fc:96:0b:ab:3f:e0:19:e3:15:b9:58:f1:21:bf:2e:
bd:57:1e:c8:b9:e2:c6:5f:e0:8a:d9:5a:f3:fe:d8:1b:0d:1f:
19:ab:23:f2:9a:3e:b9:fc:6b:d3:5b:ea:ea:ce:50:66:13:7f:
cf:e0:6a:3e:dd:af:db:e3:d6:02:44:94:28:02:0a:8f:79:bc:
aa:c2:bd:c0:4b:98:c0:a3:bb:f8:8f:10:1e:99:ce:1e:65:45:
d6:59:60:59
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUS+kJLLG45P9woUVi5Ut3XWFkSdowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDIwNThaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0OTlmZjNiYjc2ZDc1ODZlMTk4MTFiYzczNjRjOWVlMjczOWY5ZThiOGE2
MTgwNDYwYjkwNjczYTQxNjZkYjgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI9wPTDDcXhk1GBPUD2rJagWDs5GUdb3tZhQNNaSAAcmqqJCQfBQx/D2qihb
ebesC010q03TmrBxVKEJklYe8gFtX5FYEVdx+dMYZ2OR4LO9GmA25ivmudAUEQcW
zbL2LDEQh3lNUuj4MKnx2xJId020dgJdxlPEDfGeA3YGVbU/Zogh6/4RCly608pK
YXuy1ZsCPbO5ZoIhT4Wm3b34JksUYnKhc0bELmPTL1EhVMyBYLbWXEQSn9Qs8XXc
KwDbI/wenp/dVa9uqkYvKr/5Z0QZUHrfftL7IULlp3bZZcoxXrPnC/S6Wh8XTyuG
3ZeHHLD0BvBg3R/yNaabURW6mBMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQxhYj3
9ILYw6H5grj4jfKwhl/t8DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGJmYTI1ZGQtMzE5Zi00ZjJkLWI3ODYtOGFiMTlkNThlODExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNkMA0G
CSqGSIb3DQEBCwUAA4IBAQCuCOdC9vX5Z3W85aoNtPijqlnAU2e6Rtmw+h6DklcF
971CRlqXNYboKY4HZJTNNy1/F+qV6HIOq4gvxGXDFMhJ+OLAzoKrj+UYdkuy2qim
vT/WjoM46T6WIaYbn+A4MzfKFDN5/x5gY4U69uL0cEEokNsn26VJUZt38q4EpCVJ
IOGhxKb2Phlu8NcwFe7ywTFelEX9+Qa8YzWAqmy6LDXTaeTWhtf8lgurP+AZ4xW5
WPEhvy69Vx7IueLGX+CK2Vrz/tgbDR8ZqyPymj65/GvTW+rqzlBmE3/P4Go+3a/b
49YCRJQoAgqPebyqwr3AS5jAo7v4jxAemc4eZUXWWWBZ
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:38:13 2025 by rpki-client