Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
File: 6df8accc-a525-49ec-ad13-7401de62f775.roa (raw, json)
Hash identifier: NMx7aSuDkV2NX5fDyGnOR5eINEh9KYdnTmddwm/KBR8=
Subject key identifier: B3:6C:EA:FD:A9:E7:78:E5:0A:1F:84:9B:D1:95:B8:BC:B2:34:6A:5D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1DE3C4556DF299591826EA775ECD1F0B7EFCA8DC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
Signing time: Tue 20 May 2025 20:40:53 +0000
ROA not before: Tue 20 May 2025 20:40:53 +0000
ROA not after: Tue 24 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 159.109.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 20:42:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:e3:c4:55:6d:f2:99:59:18:26:ea:77:5e:cd:1f:0b:7e:fc:a8:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 20 20:40:53 2025 GMT
Not After : Jun 24 23:59:59 2025 GMT
Subject: serialNumber=e5eef9ff2f1e00098d34eafdb514749640beb8f4bec83e757606fa4f97ba527b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:1b:af:b6:23:5e:01:da:c9:b5:ab:ea:10:e2:
3d:64:2e:da:bb:42:e8:08:70:e7:ab:25:0d:88:a6:
96:a9:8d:e1:d4:a4:74:76:68:71:17:eb:a0:61:aa:
60:22:4a:b9:93:c7:2b:06:a6:63:2e:4b:c7:d4:95:
93:c9:1a:b2:5f:d4:04:23:f6:ae:9d:b8:c8:99:ac:
fc:da:ff:1c:ed:70:57:85:18:f7:b4:22:0e:54:17:
b3:56:54:57:92:ba:21:bc:a4:ec:3f:8c:6d:99:03:
a1:51:49:92:37:f0:65:74:96:06:cd:f2:49:3a:84:
f7:92:f4:18:55:26:c8:af:0d:75:dd:d5:dc:b1:95:
3d:9f:82:98:45:94:2c:25:f7:a2:c3:3e:a9:b2:5b:
44:75:d6:b3:82:85:6a:4f:53:c0:6b:e0:12:9d:65:
a7:04:67:12:0d:f7:4f:f7:33:52:6a:96:72:a8:14:
4d:cc:0e:f2:80:17:e1:74:6d:f3:28:ae:40:e3:13:
f9:68:a0:f6:d1:1b:81:76:9b:fe:3d:10:99:93:75:
c7:c7:04:13:cf:d2:88:27:9d:b2:5b:77:00:a8:b5:
5b:54:8d:f8:9b:f3:fe:39:49:c0:8b:95:82:98:d4:
18:b1:ae:f5:74:52:ef:c8:dd:ec:67:54:66:2c:23:
54:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:6C:EA:FD:A9:E7:78:E5:0A:1F:84:9B:D1:95:B8:BC:B2:34:6A:5D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.109.0.0/16
Signature Algorithm: sha256WithRSAEncryption
82:3d:93:37:6b:1e:ea:1f:9a:9a:05:2a:83:fe:bd:fd:5a:23:
28:72:1a:18:2b:ab:fe:a5:94:78:7d:6c:4e:e2:e8:c1:a1:3c:
6f:a8:71:4c:54:8f:e1:c0:da:ef:3f:2b:3b:4a:92:fb:1e:82:
4d:ac:ee:46:7f:3e:24:8b:97:d1:a1:3e:da:85:f9:d1:4a:4b:
12:a9:1a:24:65:5b:3f:d2:8d:a1:0a:30:be:c1:e4:95:20:58:
03:ec:d8:6d:04:4d:f3:58:e0:34:e8:7d:7b:eb:ef:1b:ff:51:
c2:66:bf:44:93:02:95:53:af:5b:fd:a2:a2:6b:b1:89:10:d8:
b0:2c:3e:61:b3:97:f2:0d:32:bc:2b:5f:18:59:fe:bb:2d:47:
d8:5d:0d:c6:7a:f3:43:f9:3d:68:66:82:bd:e3:d1:67:cd:fa:
94:b4:c9:cd:db:f3:6e:79:58:b3:e7:20:ce:64:ab:9c:35:eb:
1f:59:03:7e:28:74:bd:22:08:29:97:93:ba:eb:c5:39:6f:9a:
33:41:cb:3b:f9:94:be:96:1e:e7:f4:d9:24:f7:5b:ed:fa:46:
4b:1f:80:ea:68:6d:9a:cc:4d:35:59:a6:06:be:0a:0d:90:a7:
0f:76:3d:c2:e4:de:c0:a8:42:88:7b:db:26:79:8a:23:50:f6:
2d:23:2c:1b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHePEVW3ymVkYJup3Xs0fC378qNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjAyMDQwNTNaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGU1ZWVmOWZmMmYxZTAwMDk4ZDM0ZWFmZGI1MTQ3NDk2NDBiZWI4ZjRiZWM4
M2U3NTc2MDZmYTRmOTdiYTUyN2IxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOobr7YjXgHaybWr6hDiPWQu2rtC6Ahw56slDYimlqmN4dSkdHZocRfroGGq
YCJKuZPHKwamYy5Lx9SVk8kasl/UBCP2rp24yJms/Nr/HO1wV4UY97QiDlQXs1ZU
V5K6Ibyk7D+MbZkDoVFJkjfwZXSWBs3ySTqE95L0GFUmyK8Ndd3V3LGVPZ+CmEWU
LCX3osM+qbJbRHXWs4KFak9TwGvgEp1lpwRnEg33T/czUmqWcqgUTcwO8oAX4XRt
8yiuQOMT+Wig9tEbgXab/j0QmZN1x8cEE8/SiCedslt3AKi1W1SN+Jvz/jlJwIuV
gpjUGLGu9XRS78jd7GdUZiwjVJECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSzbOr9
qed45QofhJvRlbi8sjRqXTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmRmOGFjY2MtYTUyNS00OWVjLWFkMTMtNzQwMWRlNjJmNzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ9tMA0G
CSqGSIb3DQEBCwUAA4IBAQCCPZM3ax7qH5qaBSqD/r39WiMochoYK6v+pZR4fWxO
4ujBoTxvqHFMVI/hwNrvPys7SpL7HoJNrO5Gfz4ki5fRoT7ahfnRSksSqRokZVs/
0o2hCjC+weSVIFgD7NhtBE3zWOA06H176+8b/1HCZr9EkwKVU69b/aKia7GJENiw
LD5hs5fyDTK8K18YWf67LUfYXQ3GevND+T1oZoK949FnzfqUtMnN2/NueViz5yDO
ZKucNesfWQN+KHS9Iggpl5O668U5b5ozQcs7+ZS+lh7n9Nkk91vt+kZLH4DqaG2a
zE01WaYGvgoNkKcPdj3C5N7AqEKIe9smeYojUPYtIywb
-----END CERTIFICATE-----
Generated at Fri Jun 6 03:51:28 2025 by rpki-client