Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
File: 286f881c-8fa0-4200-ada2-20a0cc49038e.roa (raw, json)
Hash identifier: gm7/83Tl8RGpYZKkhpU8m3qEv5Fa3RN7v3TY9s0RDlc=
Subject key identifier: F4:1D:F0:B6:B5:26:AB:41:08:93:AC:DF:83:32:E9:7C:AE:DA:B3:0F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4D3C0A6CCE91FF0B1FD61E2912339A2EB1E01DF7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
Signing time: Tue 05 Aug 2025 20:20:13 +0000
ROA not before: Tue 05 Aug 2025 20:20:13 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.166.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:3c:0a:6c:ce:91:ff:0b:1f:d6:1e:29:12:33:9a:2e:b1:e0:1d:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:20:13 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=c2ac3a31220251e1017709b637467dd8211af21b493f87c0179a9d8e5e19f805, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:9b:43:b2:5e:ed:27:f4:2f:e8:7a:13:9e:4e:
be:1e:c0:7c:6a:d1:af:79:76:00:25:cf:8a:4f:b1:
2b:f3:09:54:67:88:73:65:bf:a0:df:21:86:b9:3d:
84:1d:40:fe:c4:2f:4d:38:0b:6e:97:09:b9:c2:00:
67:79:25:07:b5:4e:28:0c:db:d7:25:89:ef:d5:79:
60:4a:bf:8e:4d:ca:31:0c:b8:6a:39:ec:57:b8:e3:
29:5c:20:27:be:37:c5:d7:2f:1c:42:1a:9e:16:41:
a0:33:c1:1f:8c:78:61:0c:55:d3:ce:0a:34:05:4b:
51:2b:5b:11:70:2e:aa:48:89:6b:48:91:d3:25:31:
73:e7:f9:18:23:41:21:0c:22:07:b2:e5:a3:18:a8:
34:e6:a8:95:0c:0b:3b:20:d0:fc:c2:da:ac:f9:a3:
82:e3:49:34:a9:09:c8:7b:93:90:90:71:22:03:83:
45:ec:08:ba:cb:f3:b5:b7:e9:3d:4d:1a:91:d0:69:
54:9a:7f:72:f0:00:8e:31:74:de:96:19:ac:83:ed:
76:6e:9d:98:e1:de:47:fc:4f:78:d6:09:c0:39:95:
f1:b7:57:ec:e3:64:e2:a9:bc:4b:9f:c5:a5:a1:03:
23:89:a9:6f:cb:33:e6:95:95:67:76:84:47:b0:88:
26:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:1D:F0:B6:B5:26:AB:41:08:93:AC:DF:83:32:E9:7C:AE:DA:B3:0F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.166.0.0/15
Signature Algorithm: sha256WithRSAEncryption
37:61:71:21:f2:5d:b6:e8:33:f1:c4:55:b9:97:7a:c1:39:6f:
d2:d2:16:62:79:4a:54:94:cf:1c:8e:dd:db:0d:51:10:30:73:
60:70:00:74:5e:8c:87:fe:2d:19:f4:cd:6b:05:f7:18:fb:6d:
0c:d0:9d:d1:51:5e:db:95:c8:ce:87:a3:e7:ef:5c:98:a7:ce:
ed:a7:9d:53:f5:2b:f2:f6:35:55:44:72:dc:7c:33:cf:2f:db:
ac:cc:0e:e8:02:c6:08:03:50:3c:16:c9:53:ec:6a:10:bd:5b:
31:be:05:5b:7e:40:ea:7b:78:0a:e6:ee:d0:82:8a:27:6c:4a:
1c:a2:56:f5:e8:62:b6:b7:31:d1:24:18:05:73:6a:88:fc:b0:
db:2d:e6:f8:bc:08:34:a2:2c:e0:ff:87:c4:5f:f3:a7:00:46:
30:df:89:11:51:0e:0a:39:ef:86:eb:f1:3e:f7:a1:46:15:fb:
b5:e0:6e:eb:77:f8:2c:84:70:8e:2d:70:e2:e9:61:ed:85:4d:
c3:4b:dc:e8:b0:d3:cb:a4:5e:0a:17:9e:72:d0:1a:b8:0f:ea:
54:f8:4b:f7:72:3b:5b:83:f6:62:ad:00:be:39:6f:b3:82:52:
84:4f:da:fa:63:ef:ec:af:4a:7b:12:35:15:2c:ef:03:63:65:
46:2b:81:6e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUTTwKbM6R/wsf1h4pEjOaLrHgHfcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDIwMTNaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyYWMzYTMxMjIwMjUxZTEwMTc3MDliNjM3NDY3ZGQ4MjExYWYyMWI0OTNm
ODdjMDE3OWE5ZDhlNWUxOWY4MDUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIibQ7Je7Sf0L+h6E55Ovh7AfGrRr3l2ACXPik+xK/MJVGeIc2W/oN8hhrk9
hB1A/sQvTTgLbpcJucIAZ3klB7VOKAzb1yWJ79V5YEq/jk3KMQy4ajnsV7jjKVwg
J743xdcvHEIanhZBoDPBH4x4YQxV084KNAVLUStbEXAuqkiJa0iR0yUxc+f5GCNB
IQwiB7LloxioNOaolQwLOyDQ/MLarPmjguNJNKkJyHuTkJBxIgODRewIusvztbfp
PU0akdBpVJp/cvAAjjF03pYZrIPtdm6dmOHeR/xPeNYJwDmV8bdX7ONk4qm8S5/F
paEDI4mpb8sz5pWVZ3aER7CIJp0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT0HfC2
tSarQQiTrN+DMul8rtqzDzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mjg2Zjg4MWMtOGZhMC00MjAwLWFkYTItMjBhMGNjNDkwMzhlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOmMA0G
CSqGSIb3DQEBCwUAA4IBAQA3YXEh8l226DPxxFW5l3rBOW/S0hZieUpUlM8cjt3b
DVEQMHNgcAB0XoyH/i0Z9M1rBfcY+20M0J3RUV7blcjOh6Pn71yYp87tp51T9Svy
9jVVRHLcfDPPL9uszA7oAsYIA1A8FslT7GoQvVsxvgVbfkDqe3gK5u7QgoonbEoc
olb16GK2tzHRJBgFc2qI/LDbLeb4vAg0oizg/4fEX/OnAEYw34kRUQ4KOe+G6/E+
96FGFfu14G7rd/gshHCOLXDi6WHthU3DS9zosNPLpF4KF55y0Bq4D+pU+Ev3cjtb
g/ZirQC+OW+zglKET9r6Y+/sr0p7EjUVLO8DY2VGK4Fu
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:37:47 2025 by rpki-client