Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
File: 397b5a86-52b0-4a8c-87de-e6da77812b46.roa (raw, json)
Hash identifier: CVyoFtnqGrR4rY9hhMzQ3JgErpo9BGxUFm4z38lg6fg=
Subject key identifier: CF:9B:CF:C5:E1:FA:4B:A4:D7:BF:00:96:F4:6A:6D:60:CC:79:BD:85
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 690A825FDD7693C796F8F3E552001151F2CB154A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
Signing time: Tue 05 Aug 2025 20:30:18 +0000
ROA not before: Tue 05 Aug 2025 20:30:18 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.248.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:0a:82:5f:dd:76:93:c7:96:f8:f3:e5:52:00:11:51:f2:cb:15:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:30:18 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=8e0b4f30ad5fb377435c2a4132f27974ae88573776f1cf3096582e390759f93e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:60:09:1f:08:08:f0:04:c6:12:71:06:eb:af:
69:17:ff:a7:f8:35:6b:6b:b3:55:d1:03:99:d6:39:
f3:b2:ce:01:d3:c7:77:27:79:25:25:1a:4f:be:a3:
21:6e:50:2f:70:13:00:b2:b0:8d:b3:3b:50:a2:7a:
2b:be:0b:30:30:fd:6e:45:7d:df:be:bc:b7:17:3d:
81:70:d3:cd:6b:19:ce:4d:23:09:0f:7c:ba:58:92:
07:b6:01:9e:95:b7:e1:81:4f:97:2e:50:a2:e9:c7:
9c:72:17:0d:d8:82:9d:95:c6:d9:f8:86:d1:80:91:
d1:72:e0:b7:55:0a:d5:79:23:f0:b3:ec:8d:37:60:
2d:53:f8:c1:77:15:1a:8f:43:9a:17:7e:90:b4:d7:
ed:7a:b2:52:2e:46:d8:3b:89:44:ca:78:df:ba:fd:
d1:e5:47:64:e4:f1:dc:1c:17:21:39:e1:4b:68:c1:
24:49:03:6d:3b:13:17:c7:b5:b4:41:1d:05:b6:1e:
03:47:6e:24:b6:49:bd:e9:cc:c5:4b:83:0e:46:88:
23:7e:1f:30:4f:24:7c:15:40:6f:1b:47:e4:97:1d:
24:75:e9:36:9f:81:74:23:d9:60:75:06:32:1e:b0:
9f:ae:d8:e5:6c:4e:09:73:88:aa:48:f6:46:8b:fb:
b9:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:9B:CF:C5:E1:FA:4B:A4:D7:BF:00:96:F4:6A:6D:60:CC:79:BD:85
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.248.0.0/15
Signature Algorithm: sha256WithRSAEncryption
84:44:c6:35:34:d2:bb:b0:61:f7:36:80:6d:96:ef:48:f7:1c:
fa:d0:48:4b:d2:51:e1:84:4c:28:6e:e9:22:d2:99:45:9a:cc:
0c:bf:90:43:83:8d:f8:50:4d:b0:6b:8d:a8:98:fb:b8:1f:01:
59:b3:28:3a:f8:bb:e2:35:29:1b:b3:ed:89:74:89:48:b2:83:
79:4e:78:b2:bf:ac:ce:5d:42:2c:40:d2:c8:2c:d1:fd:75:19:
bf:33:c1:fb:84:a2:48:19:09:15:85:d2:0b:0d:17:23:7b:69:
a2:62:97:cd:e4:92:7f:f1:1f:23:75:44:74:c4:8c:5a:95:7c:
0d:26:ba:42:47:f2:99:d7:37:62:2c:99:77:43:c4:30:72:a6:
a1:91:72:50:7c:34:bb:fb:69:0b:e3:d2:3d:3d:06:bb:13:12:
15:c0:46:52:e7:5f:5e:8c:44:88:c7:8a:40:d8:4c:e4:c4:be:
3c:42:2f:14:2b:cd:13:ce:3a:1d:39:8e:d4:82:45:0b:f2:c8:
bb:46:36:fe:95:20:a7:f3:32:a3:95:1b:e8:c4:c0:10:8f:01:
f3:75:e0:d7:d7:98:3a:ba:60:4f:55:01:8c:f1:99:93:56:95:
f2:63:c3:a6:0d:73:c1:ef:9b:67:0c:12:e9:bf:59:63:6e:ab:
76:ba:af:56
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUaQqCX912k8eW+PPlUgARUfLLFUowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDMwMThaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDhlMGI0ZjMwYWQ1ZmIzNzc0MzVjMmE0MTMyZjI3OTc0YWU4ODU3Mzc3NmYx
Y2YzMDk2NTgyZTM5MDc1OWY5M2UxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALRgCR8ICPAExhJxBuuvaRf/p/g1a2uzVdEDmdY587LOAdPHdyd5JSUaT76j
IW5QL3ATALKwjbM7UKJ6K74LMDD9bkV93768txc9gXDTzWsZzk0jCQ98uliSB7YB
npW34YFPly5QounHnHIXDdiCnZXG2fiG0YCR0XLgt1UK1Xkj8LPsjTdgLVP4wXcV
Go9Dmhd+kLTX7XqyUi5G2DuJRMp437r90eVHZOTx3BwXITnhS2jBJEkDbTsTF8e1
tEEdBbYeA0duJLZJvenMxUuDDkaII34fME8kfBVAbxtH5JcdJHXpNp+BdCPZYHUG
Mh6wn67Y5WxOCXOIqkj2Rov7uUkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTPm8/F
4fpLpNe/AJb0am1gzHm9hTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mzk3YjVhODYtNTJiMC00YThjLTg3ZGUtZTZkYTc3ODEyYjQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP4MA0G
CSqGSIb3DQEBCwUAA4IBAQCERMY1NNK7sGH3NoBtlu9I9xz60EhL0lHhhEwobuki
0plFmswMv5BDg434UE2wa42omPu4HwFZsyg6+LviNSkbs+2JdIlIsoN5Tniyv6zO
XUIsQNLILNH9dRm/M8H7hKJIGQkVhdILDRcje2miYpfN5JJ/8R8jdUR0xIxalXwN
JrpCR/KZ1zdiLJl3Q8QwcqahkXJQfDS7+2kL49I9PQa7ExIVwEZS519ejESIx4pA
2EzkxL48Qi8UK80TzjodOY7UgkUL8si7Rjb+lSCn8zKjlRvoxMAQjwHzdeDX15g6
umBPVQGM8ZmTVpXyY8OmDXPB75tnDBLpv1ljbqt2uq9W
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:39:14 2025 by rpki-client