Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
File: 676cc479-c956-49aa-8372-560fd674c62c.roa (raw, json)
Hash identifier: EpGPsQ4h2EePp7+kg27H4ACncgD+y7ARF0mZ61wo0V0=
Subject key identifier: FD:C3:C6:50:E1:63:78:E4:1A:72:89:BA:D8:64:55:99:C8:03:84:9B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 02745E327BFB7267E97975A8682CDF72847E38B0
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
Signing time: Fri 08 Aug 2025 00:40:10 +0000
ROA not before: Fri 08 Aug 2025 00:40:10 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.20.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:74:5e:32:7b:fb:72:67:e9:79:75:a8:68:2c:df:72:84:7e:38:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 8 00:40:10 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=dbb49519c3d34da672c28281f359fc94b20e13187fccbe781204427cc7988f58, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:a9:07:6f:3d:27:ed:b4:be:4b:6b:cc:3b:25:
0f:15:c2:7b:6c:da:20:88:b1:30:18:13:80:87:a3:
8d:1b:f2:4f:41:66:07:f0:90:34:15:f8:e3:7d:68:
61:a3:d9:82:c9:4d:20:e8:10:9f:99:fe:a1:f4:2a:
26:b5:1a:6c:20:19:5c:4c:c7:1e:52:40:77:ae:2a:
57:f1:31:0b:49:5b:71:7b:56:0a:30:7c:af:33:de:
53:b3:9d:58:0f:75:df:59:a5:aa:c1:bb:ef:d0:f3:
02:00:f6:75:a8:0f:c0:43:ab:b0:22:b2:1b:ce:73:
4d:00:36:7c:ed:fa:90:4d:af:58:2f:1a:46:5a:61:
cb:fd:06:09:65:51:ad:d7:93:ba:e9:b8:7d:cf:9f:
e9:7a:92:60:51:49:6a:73:b7:2b:59:1c:80:cb:c4:
6d:f3:a6:a4:70:f1:93:f6:ab:bf:3a:ec:04:07:ce:
3c:ba:53:d3:37:7c:6e:77:5e:24:e1:2c:47:c4:af:
10:fc:63:16:2d:a9:20:1d:a7:b8:c8:9b:0f:f4:e1:
e8:94:32:ed:24:8f:27:ce:3e:d9:d2:b6:bf:ca:e8:
d1:00:b1:27:90:8a:9e:e5:91:16:ab:ad:2e:7b:33:
c9:5a:0b:f3:e8:30:dc:9a:45:16:10:0f:50:35:07:
56:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:C3:C6:50:E1:63:78:E4:1A:72:89:BA:D8:64:55:99:C8:03:84:9B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/676cc479-c956-49aa-8372-560fd674c62c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.20.0.0/16
Signature Algorithm: sha256WithRSAEncryption
06:ed:6d:ad:56:28:bc:d3:a9:42:d9:2e:b6:a6:87:32:4e:27:
40:7c:e4:b9:7e:db:75:76:b0:ff:0d:44:0c:dd:37:42:34:00:
53:b8:89:d4:8a:16:8a:0b:c1:4b:4d:b1:ea:be:23:af:21:3a:
18:76:16:88:1e:41:be:37:e1:f3:29:67:82:ec:9c:02:3f:95:
03:b9:28:58:07:52:f5:d6:7f:ea:47:a1:90:14:56:0e:54:9d:
89:a9:48:5f:a6:20:f2:2d:ad:28:e5:df:db:bd:74:7e:6c:53:
a8:a8:cb:7c:59:d2:8e:9b:0b:df:f6:64:f7:f3:dc:bc:28:be:
9c:b9:84:37:e2:95:48:09:fe:8c:0c:40:90:d7:41:c8:64:1e:
42:7c:30:b2:6d:2a:07:c6:f8:b3:d8:5d:44:55:8a:59:c0:37:
ce:ae:06:af:75:a2:78:98:74:d7:91:4e:f7:53:9d:2e:96:5d:
76:1a:4c:15:11:bb:26:dc:82:f3:62:07:37:b1:19:ac:25:58:
57:5a:02:64:17:86:1d:be:cf:84:a5:82:aa:5c:77:ae:a2:d3:
33:18:88:86:ac:88:c5:65:46:6f:bc:06:34:50:49:c2:1b:63:
24:da:28:e2:6a:10:da:1b:a2:17:f9:b8:ce:1e:5b:b5:24:05:
7d:a3:c4:a4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUAnReMnv7cmfpeXWoaCzfcoR+OLAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDgwMDQwMTBaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiYjQ5NTE5YzNkMzRkYTY3MmMyODI4MWYzNTlmYzk0YjIwZTEzMTg3ZmNj
YmU3ODEyMDQ0MjdjYzc5ODhmNTgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOSpB289J+20vktrzDslDxXCe2zaIIixMBgTgIejjRvyT0FmB/CQNBX4431o
YaPZgslNIOgQn5n+ofQqJrUabCAZXEzHHlJAd64qV/ExC0lbcXtWCjB8rzPeU7Od
WA9131mlqsG779DzAgD2dagPwEOrsCKyG85zTQA2fO36kE2vWC8aRlphy/0GCWVR
rdeTuum4fc+f6XqSYFFJanO3K1kcgMvEbfOmpHDxk/arvzrsBAfOPLpT0zd8bnde
JOEsR8SvEPxjFi2pIB2nuMibD/Th6JQy7SSPJ84+2dK2v8ro0QCxJ5CKnuWRFqut
LnszyVoL8+gw3JpFFhAPUDUHVjECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT9w8ZQ
4WN45BpyibrYZFWZyAOEmzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc2Y2M0NzktYzk1Ni00OWFhLTgzNzItNTYwZmQ2NzRjNjJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMUMA0G
CSqGSIb3DQEBCwUAA4IBAQAG7W2tVii806lC2S62pocyTidAfOS5ftt1drD/DUQM
3TdCNABTuInUihaKC8FLTbHqviOvIToYdhaIHkG+N+HzKWeC7JwCP5UDuShYB1L1
1n/qR6GQFFYOVJ2JqUhfpiDyLa0o5d/bvXR+bFOoqMt8WdKOmwvf9mT389y8KL6c
uYQ34pVICf6MDECQ10HIZB5CfDCybSoHxviz2F1EVYpZwDfOrgavdaJ4mHTXkU73
U50ull12GkwVEbsm3ILzYgc3sRmsJVhXWgJkF4Ydvs+EpYKqXHeuotMzGIiGrIjF
ZUZvvAY0UEnCG2Mk2ijiahDaG6IX+bjOHlu1JAV9o8Sk
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:44:32 2025 by rpki-client