Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
File: 1daf6597-c039-470d-a015-f42507e1afef.roa (raw, json)
Hash identifier: ZdTFRclpIooFNUGr3bSdFNTOSrzynLK8yW46ui/VAVE=
Subject key identifier: 11:67:5D:6C:79:31:37:DA:CC:94:82:54:64:C0:6C:4B:E2:60:EC:D4
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 21AC2661342DEEB048EA4C460975CEA56C8C1860
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
Signing time: Tue 20 May 2025 20:40:18 +0000
ROA not before: Tue 20 May 2025 20:40:18 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.172.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 20:42:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:ac:26:61:34:2d:ee:b0:48:ea:4c:46:09:75:ce:a5:6c:8c:18:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:40:18 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=29731cb922d7fab8e7763ccc54632cacb501353d4dbdc4f7ddc380e0078633ba, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:dd:be:19:a2:11:c4:31:21:6e:b5:bc:c5:d0:
c1:fe:f1:49:59:e4:32:e3:c3:0b:e1:7f:c4:03:ad:
ee:1d:cf:b2:85:c1:8c:40:91:2f:d8:6e:3a:b4:34:
00:41:13:f5:1f:6e:82:12:a9:30:2f:35:da:dd:69:
ad:c6:2c:5d:48:46:e4:49:1e:10:36:a3:39:de:76:
27:96:19:93:37:e1:d7:99:23:da:7e:83:c7:20:5d:
6d:0a:c0:ec:67:6c:1d:e2:a4:98:48:13:f5:de:c7:
eb:f5:f4:fe:50:62:07:61:23:42:4e:b7:dd:21:14:
90:06:ea:8c:ce:28:de:6e:97:a5:38:58:9f:45:17:
bd:bd:f1:dd:1e:9d:f7:bd:7a:2e:5f:4b:b5:f8:70:
af:42:fd:fb:9b:bf:bc:26:33:02:95:2b:cb:a0:30:
a1:4a:17:d0:e4:3c:5a:0a:74:01:48:b8:ab:10:1b:
02:f8:f0:1a:b2:36:05:cf:21:6b:f5:7e:d2:79:46:
0a:03:03:a0:39:d4:94:db:0e:c6:0c:ba:7d:59:2e:
40:e8:72:a6:5c:b7:f9:bd:1e:10:c9:30:89:58:85:
5d:b1:4c:e2:b7:a1:86:f6:02:39:58:a3:45:6d:72:
d7:e7:2c:f0:fd:c6:70:7f:96:dc:8f:d7:0b:c0:25:
b5:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:67:5D:6C:79:31:37:DA:CC:94:82:54:64:C0:6C:4B:E2:60:EC:D4
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.172.0.0/15
Signature Algorithm: sha256WithRSAEncryption
ac:e6:ec:9f:f1:0c:40:96:9a:a1:c1:ce:f1:45:a6:a3:3e:e3:
c4:8c:63:33:e1:f2:e3:85:68:55:21:6e:ef:47:7b:fb:fe:a2:
68:bc:c9:05:1a:52:e8:e3:d2:4b:b8:d1:fe:a9:6f:32:84:f9:
a9:3f:2f:4c:75:ec:c0:61:79:76:70:f0:9d:3d:b0:74:f8:2c:
0a:d4:63:d8:da:37:51:84:d9:0f:6b:2e:b4:df:80:01:47:9d:
57:e4:0a:58:84:8f:ac:08:49:b5:41:0a:4a:99:c4:bb:3e:36:
df:e1:af:4d:5a:6a:c8:6a:fa:49:1f:a5:a9:03:10:48:65:e8:
70:41:c6:ba:ba:21:0a:04:86:36:59:0d:db:ef:d8:3a:f8:b8:
ba:c9:51:ad:62:ec:dd:ba:8d:64:b6:15:d9:8e:44:8f:44:86:
90:3f:1e:92:06:e9:6a:96:4d:aa:4e:87:a6:e3:c0:23:2f:25:
a5:5d:0d:f1:18:45:28:28:1c:75:a5:23:ca:f6:dd:c9:6f:f3:
51:c0:da:83:3d:86:04:03:3b:4f:82:dc:ba:70:6b:69:8e:ef:
70:e3:80:5e:a5:9a:ca:51:42:89:d6:b7:cc:31:0f:1f:da:7a:
57:59:70:68:f1:b7:15:3c:18:67:01:4c:3f:0a:e3:54:a3:d1:
24:0e:85:00
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUIawmYTQt7rBI6kxGCXXOpWyMGGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDQwMThaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQDI5NzMxY2I5MjJkN2ZhYjhlNzc2M2NjYzU0NjMyY2FjYjUwMTM1M2Q0ZGJk
YzRmN2RkYzM4MGUwMDc4NjMzYmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXdvhmiEcQxIW61vMXQwf7xSVnkMuPDC+F/xAOt7h3PsoXBjECRL9huOrQ0
AEET9R9ughKpMC812t1prcYsXUhG5EkeEDajOd52J5YZkzfh15kj2n6DxyBdbQrA
7GdsHeKkmEgT9d7H6/X0/lBiB2EjQk633SEUkAbqjM4o3m6XpThYn0UXvb3x3R6d
9716Ll9Ltfhwr0L9+5u/vCYzApUry6AwoUoX0OQ8Wgp0AUi4qxAbAvjwGrI2Bc8h
a/V+0nlGCgMDoDnUlNsOxgy6fVkuQOhyply3+b0eEMkwiViFXbFM4rehhvYCOVij
RW1y1+cs8P3GcH+W3I/XC8AltUUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQRZ11s
eTE32syUglRkwGxL4mDs1DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWRhZjY1OTctYzAzOS00NzBkLWEwMTUtZjQyNTA3ZTFhZmVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOsMA0G
CSqGSIb3DQEBCwUAA4IBAQCs5uyf8QxAlpqhwc7xRaajPuPEjGMz4fLjhWhVIW7v
R3v7/qJovMkFGlLo49JLuNH+qW8yhPmpPy9MdezAYXl2cPCdPbB0+CwK1GPY2jdR
hNkPay6034ABR51X5ApYhI+sCEm1QQpKmcS7Pjbf4a9NWmrIavpJH6WpAxBIZehw
Qca6uiEKBIY2WQ3b79g6+Li6yVGtYuzduo1kthXZjkSPRIaQPx6SBulqlk2qToem
48AjLyWlXQ3xGEUoKBx1pSPK9t3Jb/NRwNqDPYYEAztPgty6cGtpju9w44BepZrK
UUKJ1rfMMQ8f2npXWXBo8bcVPBhnAUw/CuNUo9EkDoUA
-----END CERTIFICATE-----
Generated at Fri Jun 6 03:16:12 2025 by rpki-client