Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2229ee03-08c0-4c87-acab-bbf5abf49264.roa
File: 2229ee03-08c0-4c87-acab-bbf5abf49264.roa (raw, json)
Hash identifier: MXAEnZ4gMHWNfRIwCm9BCUo6D7jh/gjuMXUGj4Gml0c=
Subject key identifier: 17:68:EC:1D:AA:E3:23:06:1D:69:06:98:C5:7A:04:02:06:15:F5:8A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3894D39564B648DEF4AFEC4E8AE5D48B9F6C5387
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2229ee03-08c0-4c87-acab-bbf5abf49264.roa
Signing time: Fri 08 Aug 2025 00:40:20 +0000
ROA not before: Fri 08 Aug 2025 00:40:20 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.86.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 15:34:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:94:d3:95:64:b6:48:de:f4:af:ec:4e:8a:e5:d4:8b:9f:6c:53:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 8 00:40:20 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=d405c5463f4cf130075ae6d095186384441ebb1fd7da57e206b15b56add23b22, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:6c:e4:68:c3:4f:b0:4c:c7:e4:ff:1f:65:e9:
d5:c4:e0:ba:37:a7:84:09:70:82:79:20:89:3f:ee:
fe:38:c8:dc:dd:61:44:61:11:bd:8f:d0:7f:8f:cb:
32:48:a8:8e:e3:38:79:89:13:c3:e0:d6:1b:fe:65:
fc:41:e2:57:1f:87:c3:c4:bb:1d:ea:bf:82:fd:a0:
9a:25:9e:93:69:43:de:e3:e8:05:1f:08:63:19:39:
e3:06:6d:f9:4b:24:34:1b:75:7b:40:dd:1c:ed:8b:
ae:1c:70:8a:6e:d8:58:a8:8a:02:c1:21:ed:f7:61:
89:c3:7c:e3:76:1c:71:4f:f7:00:0e:c9:a5:f3:14:
3d:25:53:63:cd:fb:26:e0:98:45:31:25:24:3f:e1:
eb:05:5e:c1:fb:4b:04:73:f1:17:39:30:4f:d5:58:
69:b0:53:b1:ec:b7:37:ac:cd:29:97:0f:96:08:e8:
ad:5e:f4:3b:17:88:1e:33:7e:c3:73:f7:d2:28:78:
8c:47:95:d0:6c:17:c4:e5:68:9c:cb:a1:07:8d:0c:
ee:45:87:22:2d:66:71:b7:e2:96:4f:99:61:a2:ba:
ab:ed:0f:a0:67:5b:98:20:a6:17:55:78:38:87:97:
fe:9b:81:1e:3b:8a:30:a6:7c:45:98:1f:ea:b9:bc:
bf:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:68:EC:1D:AA:E3:23:06:1D:69:06:98:C5:7A:04:02:06:15:F5:8A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2229ee03-08c0-4c87-acab-bbf5abf49264.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.86.0.0/15
Signature Algorithm: sha256WithRSAEncryption
a3:1e:ff:24:85:51:1e:3a:83:b9:5a:f8:35:c2:b3:ea:ef:c0:
16:c2:d4:a9:aa:f3:d7:82:7c:a0:b8:d0:93:a5:96:c9:2b:fd:
d3:c9:98:08:67:31:6d:f5:46:d7:5e:cc:dd:5f:b2:57:f0:66:
35:3f:8e:34:35:1b:02:0e:a5:37:ee:19:ec:c4:55:8b:49:e4:
12:0d:29:cd:0f:ff:b6:81:6f:86:d6:50:ad:f0:87:bb:c9:5d:
43:55:d5:c1:5e:fb:68:31:46:5b:a8:46:fa:88:60:cb:d1:a6:
2a:23:7d:55:be:67:45:ec:b3:49:14:0b:08:3e:44:a3:2f:44:
b9:35:da:ff:23:de:2e:d8:1d:6c:a1:fc:97:36:fe:6b:b0:7e:
06:74:0d:82:b9:d4:8c:e0:a7:a6:c7:26:3d:ec:44:ba:f3:33:
90:73:89:78:db:31:88:e0:d3:8a:74:55:da:0e:2f:40:0b:97:
ae:7a:b5:2d:a5:b1:07:a9:ad:9f:a5:f4:8d:15:ea:30:89:62:
55:ca:71:76:e6:dc:bd:91:74:11:d7:f2:88:8a:26:d6:3f:ad:
25:52:7f:33:ec:ae:96:9a:ef:eb:15:11:df:e2:a3:8a:7a:dc:
a2:53:33:aa:21:6c:1e:cd:ec:26:5e:4d:7e:da:4b:47:78:9e:
10:56:bb:dd
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUOJTTlWS2SN70r+xOiuXUi59sU4cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDgwMDQwMjBaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ0MDVjNTQ2M2Y0Y2YxMzAwNzVhZTZkMDk1MTg2Mzg0NDQxZWJiMWZkN2Rh
NTdlMjA2YjE1YjU2YWRkMjNiMjIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMds5GjDT7BMx+T/H2Xp1cTgujenhAlwgnkgiT/u/jjI3N1hRGERvY/Qf4/L
MkiojuM4eYkTw+DWG/5l/EHiVx+Hw8S7Heq/gv2gmiWek2lD3uPoBR8IYxk54wZt
+UskNBt1e0DdHO2Lrhxwim7YWKiKAsEh7fdhicN843YccU/3AA7JpfMUPSVTY837
JuCYRTElJD/h6wVewftLBHPxFzkwT9VYabBTsey3N6zNKZcPlgjorV70OxeIHjN+
w3P30ih4jEeV0GwXxOVonMuhB40M7kWHIi1mcbfilk+ZYaK6q+0PoGdbmCCmF1V4
OIeX/puBHjuKMKZ8RZgf6rm8v/8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQXaOwd
quMjBh1pBpjFegQCBhX1ijAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjIyOWVlMDMtMDhjMC00Yzg3LWFjYWItYmJmNWFiZjQ5MjY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNWMA0G
CSqGSIb3DQEBCwUAA4IBAQCjHv8khVEeOoO5Wvg1wrPq78AWwtSpqvPXgnyguNCT
pZbJK/3TyZgIZzFt9UbXXszdX7JX8GY1P440NRsCDqU37hnsxFWLSeQSDSnND/+2
gW+G1lCt8Ie7yV1DVdXBXvtoMUZbqEb6iGDL0aYqI31VvmdF7LNJFAsIPkSjL0S5
Ndr/I94u2B1sofyXNv5rsH4GdA2CudSM4KemxyY97ES68zOQc4l42zGI4NOKdFXa
Di9AC5euerUtpbEHqa2fpfSNFeowiWJVynF25ty9kXQR1/KIiibWP60lUn8z7K6W
mu/rFRHf4qOKetyiUzOqIWwezewmXk1+2ktHeJ4QVrvd
-----END CERTIFICATE-----
Generated at Thu Aug 21 18:53:41 2025 by rpki-client