Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
File: 67568c6a-cd1a-4586-a397-580b374dbdb0.roa (raw, json)
Hash identifier: jBoPzy5/Ma4YJOVt0jBmH4Px2GyERH/lPw72/61qzoI=
Subject key identifier: AF:54:DF:FC:5D:A7:B6:52:9B:DD:33:1C:4A:BE:42:47:01:05:62:D6
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 6B839348B4B1605F4E26BEA082135452002394C6
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
Signing time: Tue 05 Aug 2025 20:30:33 +0000
ROA not before: Tue 05 Aug 2025 20:30:33 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.60.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:83:93:48:b4:b1:60:5f:4e:26:be:a0:82:13:54:52:00:23:94:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:30:33 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=b6d92dbbc99c68c479c5dd18c9fa157b8ec6486b042c8126c55ec878c466f964, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:5e:52:e2:87:92:d4:4f:7a:94:79:02:4a:0e:
f5:10:53:23:72:e1:24:8d:89:24:a2:74:05:53:33:
0d:20:31:58:13:98:e6:4b:67:86:46:63:5f:cc:e1:
60:af:57:b1:fb:43:e7:28:19:b7:01:0f:f9:b5:8d:
02:98:e5:04:d4:ff:28:a0:b6:9a:f1:e3:3e:ab:46:
bd:c8:d6:3f:11:cc:9e:3d:b4:23:ab:72:d6:21:d9:
f3:7f:46:51:bd:4d:fe:72:17:62:9c:b2:68:e7:ae:
da:92:96:b2:a4:23:0b:2e:d2:f5:6a:60:f9:9d:99:
d4:70:ce:3c:ee:64:84:14:e9:30:65:5f:27:4d:65:
ee:33:f4:0e:99:ea:b5:d0:3a:a3:d7:44:37:1f:9e:
09:45:f0:79:e6:5c:98:b7:62:4b:95:19:75:97:62:
0a:a8:2c:47:c8:a4:ee:4a:5f:c2:a1:76:8f:c2:79:
2a:50:81:df:44:f5:94:0c:19:d2:13:ab:2b:7d:96:
67:70:ef:a4:94:ed:6b:95:94:4c:98:9d:d2:f5:21:
ad:5d:a6:d6:ef:a3:a6:44:dc:19:02:6a:f7:db:b5:
67:d4:90:2d:21:01:61:5c:71:1e:fa:0c:56:67:c3:
94:2d:7a:9e:5a:d8:d2:22:84:27:bd:59:28:73:bf:
d5:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:54:DF:FC:5D:A7:B6:52:9B:DD:33:1C:4A:BE:42:47:01:05:62:D6
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.60.0.0/16
Signature Algorithm: sha256WithRSAEncryption
79:ec:02:66:52:35:f4:67:74:f8:e9:26:82:8a:eb:29:eb:f2:
3e:67:65:17:f0:b0:04:08:7f:ce:d6:d5:1a:e9:72:f2:c4:bb:
47:c5:16:d5:33:23:05:7c:cf:96:fc:d0:c0:cf:dd:7b:9d:21:
1a:a2:69:c5:f4:f3:1b:ac:f7:66:d9:87:54:31:dd:81:f2:eb:
6e:ce:d0:be:ac:e7:7c:b7:0e:67:21:05:f5:c2:b2:12:91:9a:
ba:33:5a:cf:a6:8f:1e:93:87:26:94:42:b3:a1:79:bb:60:3b:
e2:db:21:fe:e6:11:1b:be:3e:4a:82:6c:36:95:4e:38:05:42:
40:74:03:8a:f8:b9:98:19:0e:18:07:21:84:88:83:b0:c8:0b:
ea:87:3d:bf:1b:29:7f:95:2a:b0:5e:ef:80:ca:d4:8c:59:30:
cc:31:6c:c6:37:ce:7a:99:dc:21:14:ff:1a:b3:84:64:8d:40:
f8:95:18:46:81:e9:0e:7c:09:4e:e4:f5:b7:d4:88:e4:36:65:
5d:60:08:a0:c3:5a:b1:44:7b:58:e3:8c:5c:00:cd:39:9c:b5:
3d:44:b4:f8:a0:5e:38:f4:93:e4:9c:bd:8f:14:5c:e9:76:66:
31:e5:5c:56:09:e8:10:19:f9:da:90:bf:7f:44:67:03:21:98:
7b:1f:5f:e5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUa4OTSLSxYF9OJr6gghNUUgAjlMYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDMwMzNaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGI2ZDkyZGJiYzk5YzY4YzQ3OWM1ZGQxOGM5ZmExNTdiOGVjNjQ4NmIwNDJj
ODEyNmM1NWVjODc4YzQ2NmY5NjQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5eUuKHktRPepR5AkoO9RBTI3LhJI2JJKJ0BVMzDSAxWBOY5ktnhkZjX8zh
YK9XsftD5ygZtwEP+bWNApjlBNT/KKC2mvHjPqtGvcjWPxHMnj20I6ty1iHZ839G
Ub1N/nIXYpyyaOeu2pKWsqQjCy7S9Wpg+Z2Z1HDOPO5khBTpMGVfJ01l7jP0Dpnq
tdA6o9dENx+eCUXweeZcmLdiS5UZdZdiCqgsR8ik7kpfwqF2j8J5KlCB30T1lAwZ
0hOrK32WZ3DvpJTta5WUTJid0vUhrV2m1u+jpkTcGQJq99u1Z9SQLSEBYVxxHvoM
VmfDlC16nlrY0iKEJ71ZKHO/1YMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSvVN/8
Xae2UpvdMxxKvkJHAQVi1jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc1NjhjNmEtY2QxYS00NTg2LWEzOTctNTgwYjM3NGRiZGIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQB57AJmUjX0Z3T46SaCiusp6/I+Z2UX8LAECH/O1tUa
6XLyxLtHxRbVMyMFfM+W/NDAz917nSEaomnF9PMbrPdm2YdUMd2B8utuztC+rOd8
tw5nIQX1wrISkZq6M1rPpo8ek4cmlEKzoXm7YDvi2yH+5hEbvj5Kgmw2lU44BUJA
dAOK+LmYGQ4YByGEiIOwyAvqhz2/Gyl/lSqwXu+AytSMWTDMMWzGN856mdwhFP8a
s4RkjUD4lRhGgekOfAlO5PW31IjkNmVdYAigw1qxRHtY44xcAM05nLU9RLT4oF44
9JPknL2PFFzpdmYx5VxWCegQGfnakL9/RGcDIZh7H1/l
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:43:46 2025 by rpki-client