Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
File: 69988e45-d4fb-4896-be53-951c20d12c48.roa (raw, json)
Hash identifier: pNjHAWKAJi3oEYVQmqiEjalrefUbTciDBI7EhYkBaMk=
Subject key identifier: 00:12:B9:A1:88:99:29:16:45:86:64:76:A0:46:CA:73:0F:CB:25:93
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 185E84C5EEE9D7C408E5E047DF006291D0DCAF5B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
Signing time: Mon 01 Sep 2025 21:30:22 +0000
ROA not before: Mon 01 Sep 2025 21:30:22 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a11:47c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 21:38:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:5e:84:c5:ee:e9:d7:c4:08:e5:e0:47:df:00:62:91:d0:dc:af:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:30:22 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=4ff3b88e5f7a67abf8eee2cfa715296ccd3c6732306bfb2da02fe623f5a37e02, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:b6:c1:c3:96:9c:47:b0:38:74:fc:13:cf:f2:
97:cb:d3:98:eb:23:8b:89:17:63:c9:2c:67:69:91:
4a:55:2d:8b:66:7a:ff:9b:7b:9b:9c:81:b5:0e:9b:
f2:59:17:97:eb:fd:5b:d4:f7:e9:5a:b1:8d:61:0b:
12:e2:87:9d:a6:f2:b6:b8:0c:c3:c4:05:16:bc:dc:
8b:47:7d:69:4c:19:3b:70:c1:da:2c:61:b1:84:60:
8a:32:5f:cf:b5:a6:25:5a:52:ba:32:10:b2:8b:69:
cf:1d:9f:3c:bc:87:8b:06:78:4b:36:34:98:87:5d:
90:da:14:a2:7a:07:db:be:db:d2:f0:1b:86:b8:05:
35:c1:79:8c:bd:55:06:be:f1:49:80:51:64:9b:45:
9f:78:dd:6c:62:fe:82:1a:de:77:21:c9:5c:53:5a:
8a:26:0b:8b:ef:f0:8e:89:28:fe:9d:ee:8e:1c:f3:
34:9d:d7:74:55:7c:85:a4:c6:41:08:13:4d:49:19:
19:46:8b:8f:5e:43:48:a4:b5:6d:bc:73:d6:dd:1d:
07:d8:04:d9:c0:9c:4a:95:92:60:90:ad:97:73:ca:
72:c8:72:f6:3c:ff:d4:b0:a9:21:7d:bb:1c:0f:22:
65:df:74:16:c6:89:57:8e:d1:d3:76:d9:b3:82:8b:
e9:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:12:B9:A1:88:99:29:16:45:86:64:76:A0:46:CA:73:0F:CB:25:93
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:47c0::/29
Signature Algorithm: sha256WithRSAEncryption
24:eb:c7:de:38:12:56:0c:fd:14:eb:04:03:d8:5c:27:dc:c0:
f0:45:0d:58:ee:29:47:94:09:af:29:6a:26:c9:55:83:02:db:
6f:2e:49:f6:89:3c:43:e6:11:18:23:6a:00:7e:0a:89:f0:10:
c9:e6:e2:18:f3:cc:12:2b:12:1c:88:81:45:75:df:d9:00:c7:
f6:92:ad:8b:4f:d8:03:0f:7d:93:a0:ec:9b:dd:01:6e:1e:99:
62:7e:3b:2e:b6:8f:db:a0:a2:e5:28:52:4e:29:b2:f0:fc:39:
a8:80:0c:a2:b5:7f:bc:54:89:7a:d5:bf:90:a8:a5:8a:80:60:
75:cf:bb:d9:28:d8:ae:85:8b:14:a5:10:27:f0:c2:64:ce:1a:
4f:94:93:0f:ee:81:cd:d0:18:6b:ef:5c:75:4a:bc:54:a7:c8:
29:63:54:b0:45:4a:52:71:51:ab:b3:01:61:c1:e5:7f:87:6a:
a9:e3:01:38:f7:71:e4:6a:71:0f:29:8d:9e:1a:df:0e:7d:86:
a7:22:67:74:62:5b:2a:38:11:a1:37:78:00:72:37:25:3d:f3:
6e:e0:c9:32:e6:6a:01:2e:7a:fc:48:78:13:23:a4:3e:bc:a0:
bd:b9:2f:e8:2b:a5:9a:66:de:b9:3a:e5:f8:50:be:07:f3:64:
54:e1:d9:b5
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUGF6Exe7p18QI5eBH3wBikdDcr1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTMwMjJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDRmZjNiODhlNWY3YTY3YWJmOGVlZTJjZmE3MTUyOTZjY2QzYzY3MzIzMDZi
ZmIyZGEwMmZlNjIzZjVhMzdlMDIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANW2wcOWnEewOHT8E8/yl8vTmOsji4kXY8ksZ2mRSlUti2Z6/5t7m5yBtQ6b
8lkXl+v9W9T36VqxjWELEuKHnabytrgMw8QFFrzci0d9aUwZO3DB2ixhsYRgijJf
z7WmJVpSujIQsotpzx2fPLyHiwZ4SzY0mIddkNoUonoH277b0vAbhrgFNcF5jL1V
Br7xSYBRZJtFn3jdbGL+ghredyHJXFNaiiYLi+/wjoko/p3ujhzzNJ3XdFV8haTG
QQgTTUkZGUaLj15DSKS1bbxz1t0dB9gE2cCcSpWSYJCtl3PKcshy9jz/1LCpIX27
HA8iZd90FsaJV47R03bZs4KL6d8CAwEAAaOCAiIwggIeMB0GA1UdDgQWBBQAErmh
iJkpFkWGZHagRspzD8slkzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njk5ODhlNDUtZDRmYi00ODk2LWJlNTMtOTUxYzIwZDEyYzQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoRR8Aw
DQYJKoZIhvcNAQELBQADggEBACTrx944ElYM/RTrBAPYXCfcwPBFDVjuKUeUCa8p
aibJVYMC228uSfaJPEPmERgjagB+ConwEMnm4hjzzBIrEhyIgUV139kAx/aSrYtP
2AMPfZOg7JvdAW4emWJ+Oy62j9ugouUoUk4psvD8OaiADKK1f7xUiXrVv5CopYqA
YHXPu9ko2K6FixSlECfwwmTOGk+Ukw/ugc3QGGvvXHVKvFSnyCljVLBFSlJxUauz
AWHB5X+HaqnjATj3ceRqcQ8pjZ4a3w59hqciZ3RiWyo4EaE3eAByNyU9827gyTLm
agEuevxIeBMjpD68oL25L+grpZpm3rk65fhQvgfzZFTh2bU=
-----END CERTIFICATE-----
Generated at Thu Sep 18 01:46:13 2025 by rpki-client