Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
File: 123b20eb-4142-4c18-96e0-d1871de66fd3.roa (raw, json)
Hash identifier: CN5Ra2DLPEuy0hqHh2oHKSVZa2ioZX0M67fEnWZvSmQ=
Subject key identifier: 25:AE:F4:8A:33:83:5D:17:49:E1:CD:B8:75:DD:0E:36:26:BF:24:A1
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 51AFD32B19CA92866B115667176BB3C83EDB1195
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
Signing time: Tue 20 May 2025 20:50:39 +0000
ROA not before: Tue 20 May 2025 20:50:39 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.214.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 06:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:af:d3:2b:19:ca:92:86:6b:11:56:67:17:6b:b3:c8:3e:db:11:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:50:39 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=fd6ffb8d0befb0087473f741f1a58eafbb0f1593864f86bd42069d342dfd7a1d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:1b:d6:ef:d0:e1:1a:bf:15:56:4a:c4:8c:2b:
70:c8:ff:10:d8:8d:76:16:29:0c:fe:29:1c:89:e9:
d6:06:e8:d8:d9:e0:aa:7c:3f:7d:b5:7d:37:39:35:
dc:83:5f:3a:e3:f0:da:43:69:50:2a:fe:a4:55:19:
99:f0:be:db:5a:77:54:c9:a3:b6:ef:31:f1:40:84:
4f:37:25:92:e9:90:9c:74:79:89:d8:fa:c9:24:00:
a2:a5:3a:da:c3:3d:40:29:94:a0:42:3c:05:d3:29:
f8:76:13:7d:06:36:2c:de:bd:d0:2f:ff:af:bb:89:
2d:34:ac:15:e0:85:02:70:40:7f:8c:86:10:91:4e:
92:ef:ff:fe:54:ad:6a:8e:17:f8:21:61:45:43:e8:
fe:df:39:63:a1:12:22:42:83:2e:05:2c:f9:8e:d6:
e8:9a:c2:03:36:1a:45:19:f0:88:5d:f1:3b:fa:c6:
17:e9:cc:55:d8:a0:32:bb:f7:f3:0a:3d:97:b9:3a:
38:ab:80:ae:c1:73:53:57:67:7e:b5:ad:ff:14:03:
bd:43:bb:0f:b1:1e:1e:97:69:a0:a0:90:f5:66:da:
f6:8c:71:65:b6:a6:2c:d6:a3:0a:ac:40:e6:f4:73:
31:51:7c:28:d5:88:a5:5d:c3:69:b1:6c:e1:ac:d7:
8f:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:AE:F4:8A:33:83:5D:17:49:E1:CD:B8:75:DD:0E:36:26:BF:24:A1
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.214.0.0/15
Signature Algorithm: sha256WithRSAEncryption
32:98:1e:de:47:ad:6d:ea:69:90:b3:73:08:44:09:dd:e4:52:
15:d2:74:d0:2b:38:4d:86:84:84:97:01:ac:8f:33:a6:f1:da:
55:93:9d:d9:3c:13:56:a0:77:23:0b:61:02:c1:65:65:9e:81:
4c:08:0f:e3:10:cd:24:ab:1b:24:ab:92:9c:c6:0e:81:2d:5b:
e9:a0:96:76:86:dd:51:49:87:6c:6a:55:ab:34:2f:fa:c6:62:
b2:b3:e0:01:e9:7b:a2:12:7e:bc:3d:12:51:f5:c5:9f:36:a9:
8c:ec:f3:1d:31:ea:9e:2a:8d:05:90:44:f0:6f:e9:15:7d:e3:
97:b5:81:db:0c:16:00:cb:d7:8d:20:35:6c:ff:19:af:76:d2:
bf:0a:68:2b:1e:15:41:dd:bf:6c:88:6f:dd:20:77:b3:3b:62:
91:89:94:45:bf:f4:66:e5:17:93:bf:7c:00:ec:ed:df:e9:c1:
93:0a:26:04:49:6a:b1:3b:d1:d0:9f:ce:fb:2f:a3:9e:74:79:
ef:79:0b:7e:c4:22:a8:7d:5d:62:43:c4:f6:d7:ee:00:09:c0:
c8:f7:eb:ff:67:0c:b5:41:29:9e:71:2b:0e:a6:e1:e1:95:1d:
2e:b5:49:4f:c5:93:a7:a1:c3:e1:51:33:a1:e6:5c:e1:91:59:
97:50:bc:04
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUa/TKxnKkoZrEVZnF2uzyD7bEZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDUwMzlaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGZkNmZmYjhkMGJlZmIwMDg3NDczZjc0MWYxYTU4ZWFmYmIwZjE1OTM4NjRm
ODZiZDQyMDY5ZDM0MmRmZDdhMWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALQb1u/Q4Rq/FVZKxIwrcMj/ENiNdhYpDP4pHInp1gbo2Nngqnw/fbV9Nzk1
3INfOuPw2kNpUCr+pFUZmfC+21p3VMmjtu8x8UCETzclkumQnHR5idj6ySQAoqU6
2sM9QCmUoEI8BdMp+HYTfQY2LN690C//r7uJLTSsFeCFAnBAf4yGEJFOku///lSt
ao4X+CFhRUPo/t85Y6ESIkKDLgUs+Y7W6JrCAzYaRRnwiF3xO/rGF+nMVdigMrv3
8wo9l7k6OKuArsFzU1dnfrWt/xQDvUO7D7EeHpdpoKCQ9Wba9oxxZbamLNajCqxA
5vRzMVF8KNWIpV3DabFs4azXj7kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQlrvSK
M4NdF0nhzbh13Q42Jr8koTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTIzYjIwZWItNDE0Mi00YzE4LTk2ZTAtZDE4NzFkZTY2ZmQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPWMA0G
CSqGSIb3DQEBCwUAA4IBAQAymB7eR61t6mmQs3MIRAnd5FIV0nTQKzhNhoSElwGs
jzOm8dpVk53ZPBNWoHcjC2ECwWVlnoFMCA/jEM0kqxskq5Kcxg6BLVvpoJZ2ht1R
SYdsalWrNC/6xmKys+AB6XuiEn68PRJR9cWfNqmM7PMdMeqeKo0FkETwb+kVfeOX
tYHbDBYAy9eNIDVs/xmvdtK/CmgrHhVB3b9siG/dIHezO2KRiZRFv/Rm5ReTv3wA
7O3f6cGTCiYESWqxO9HQn877L6OedHnveQt+xCKofV1iQ8T21+4ACcDI9+v/Zwy1
QSmecSsOpuHhlR0utUlPxZOnocPhUTOh5lzhkVmXULwE
-----END CERTIFICATE-----
Generated at Fri Jun 6 17:49:27 2025 by rpki-client