Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
File: 2db57b82-f8e4-4b85-a46a-befecb4774c0.roa (raw, json)
Hash identifier: B7CRuUPCNuxr7ydP8bPANM8/0Qa7oeHhMyeM024dUbQ=
Subject key identifier: 04:C8:00:79:0B:C0:93:F4:2C:CE:BF:CF:D1:2B:FB:B6:2C:F1:04:B2
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 20AD45ECDB3D9E7D598FA1DED09A5DC3AD1EF5DA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
Signing time: Tue 05 Aug 2025 20:30:20 +0000
ROA not before: Tue 05 Aug 2025 20:30:20 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.32.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:ad:45:ec:db:3d:9e:7d:59:8f:a1:de:d0:9a:5d:c3:ad:1e:f5:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:30:20 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=daaaa38fe500ed18f3b1ecfc2708df2abae4427de47c06bd42054e071b26f3ef, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:ce:53:1a:20:70:89:b0:c0:3e:6a:d5:89:1a:
03:c7:a3:84:e0:34:8b:b3:79:63:00:23:7e:c3:7a:
8a:04:b9:f3:ff:d8:a6:f1:5b:77:c0:d3:cc:d7:79:
9b:44:32:1e:58:52:e6:d0:f3:0f:c5:04:2a:8d:f8:
5f:4f:3e:bd:e4:5f:45:6d:73:82:03:42:b6:7d:22:
ee:c2:9d:ef:7a:c2:d1:77:43:17:e1:9c:71:bd:c6:
80:4a:3e:28:61:8c:6b:86:72:d1:c4:4d:09:d2:fb:
0a:64:23:eb:45:af:39:79:8e:dd:58:27:58:4e:a9:
41:60:2f:45:67:3d:f0:25:08:80:7b:d0:74:aa:73:
c5:2f:58:eb:a7:88:4f:a1:45:7b:f6:08:74:a3:9a:
95:e4:91:71:e1:e3:d7:ad:7e:02:33:70:df:0b:b0:
23:52:0d:8f:12:7e:be:70:3b:17:07:dd:15:3c:cd:
e0:a8:78:8a:fe:9c:85:84:23:d6:cd:a3:f6:3f:24:
72:b2:a0:77:7f:8a:5f:c7:e9:fb:88:34:d9:f3:2e:
a8:01:ef:a5:ab:47:b6:b2:a3:16:66:14:81:a7:48:
86:8a:d5:ec:86:53:ca:b2:97:cf:90:13:ae:6f:09:
6b:28:77:2b:6f:5a:91:9e:96:8b:d1:5c:5b:de:1e:
d1:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:C8:00:79:0B:C0:93:F4:2C:CE:BF:CF:D1:2B:FB:B6:2C:F1:04:B2
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.32.0.0/16
Signature Algorithm: sha256WithRSAEncryption
74:2c:66:2a:8f:b3:b9:ae:13:d3:64:9c:31:70:44:d6:dd:b2:
1a:77:9b:24:1c:5c:42:4b:9d:60:52:1d:85:4d:80:eb:7f:4d:
ab:44:45:9f:74:05:50:b0:96:9a:08:b6:9b:ae:9d:8e:7f:3a:
63:0c:9f:06:ed:cd:f8:58:f6:1a:b4:ac:e1:83:a8:cd:33:b3:
68:bd:e3:33:4c:5e:0c:48:a4:39:b0:67:b3:36:dd:99:d3:1f:
07:9d:ed:41:46:04:04:cb:d5:6d:30:8a:b9:40:81:a6:49:80:
3a:26:e5:90:e9:84:9f:2d:e3:6b:b2:80:82:7a:bc:80:90:53:
1c:6f:95:9c:da:08:26:db:bb:88:8b:de:9a:e3:3c:de:35:5a:
a6:6e:29:1d:11:be:fc:74:a7:94:03:b4:42:e9:27:da:a3:2c:
13:48:ce:61:85:6f:df:96:75:f3:d2:e1:f4:b8:7d:3e:7c:28:
ae:58:bf:91:d7:11:b3:4f:cb:b6:f5:e2:b4:9a:25:1f:64:d4:
e4:77:56:b5:4e:6e:56:8d:b7:63:f0:47:ad:c1:ab:d5:67:9d:
eb:25:80:4d:86:e0:e3:5f:71:78:b3:d6:f8:9a:1e:d7:36:4b:
11:e3:d4:c8:35:12:60:40:8d:db:20:49:ae:8a:4b:88:11:f3:
98:57:9e:31
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUIK1F7Ns9nn1Zj6He0Jpdw60e9dowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDMwMjBaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRhYWFhMzhmZTUwMGVkMThmM2IxZWNmYzI3MDhkZjJhYmFlNDQyN2RlNDdj
MDZiZDQyMDU0ZTA3MWIyNmYzZWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7OUxogcImwwD5q1YkaA8ejhOA0i7N5YwAjfsN6igS58//YpvFbd8DTzNd5
m0QyHlhS5tDzD8UEKo34X08+veRfRW1zggNCtn0i7sKd73rC0XdDF+Gccb3GgEo+
KGGMa4Zy0cRNCdL7CmQj60WvOXmO3VgnWE6pQWAvRWc98CUIgHvQdKpzxS9Y66eI
T6FFe/YIdKOaleSRceHj161+AjNw3wuwI1INjxJ+vnA7FwfdFTzN4Kh4iv6chYQj
1s2j9j8kcrKgd3+KX8fp+4g02fMuqAHvpatHtrKjFmYUgadIhorV7IZTyrKXz5AT
rm8Jayh3K29akZ6Wi9FcW94e0a8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQEyAB5
C8CT9CzOv8/RK/u2LPEEsjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmRiNTdiODItZjhlNC00Yjg1LWE0NmEtYmVmZWNiNDc3NGMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMgMA0G
CSqGSIb3DQEBCwUAA4IBAQB0LGYqj7O5rhPTZJwxcETW3bIad5skHFxCS51gUh2F
TYDrf02rREWfdAVQsJaaCLabrp2OfzpjDJ8G7c34WPYatKzhg6jNM7NoveMzTF4M
SKQ5sGezNt2Z0x8Hne1BRgQEy9VtMIq5QIGmSYA6JuWQ6YSfLeNrsoCCeryAkFMc
b5Wc2ggm27uIi96a4zzeNVqmbikdEb78dKeUA7RC6SfaoywTSM5hhW/flnXz0uH0
uH0+fCiuWL+R1xGzT8u29eK0miUfZNTkd1a1Tm5Wjbdj8EetwavVZ53rJYBNhuDj
X3F4s9b4mh7XNksR49TINRJgQI3bIEmuikuIEfOYV54x
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:37:31 2025 by rpki-client