Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
File: 795bae65-e494-4497-8c64-6c78c5a4b388.roa (raw, json)
Hash identifier: nYKXpRN+WSvB7gmscqmn47uAZUAMb4NatTngM+UOKVI=
Subject key identifier: CC:D2:4A:92:DD:C0:D2:BA:D9:5F:E0:E7:01:B7:2E:C5:27:00:12:E8
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 12572B2D4023EEB0FFA3A3762C3FF7451B92BE7E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
Signing time: Fri 08 Aug 2025 00:40:58 +0000
ROA not before: Fri 08 Aug 2025 00:40:58 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.104.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:57:2b:2d:40:23:ee:b0:ff:a3:a3:76:2c:3f:f7:45:1b:92:be:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 8 00:40:58 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=f6ce4202f4ea07d512f022ff01224400f5f4686eb27f9782d7ddb92dde9e5edf, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:b6:49:0e:40:0e:2e:1c:34:33:f5:18:1b:c0:
2c:f9:6e:6c:21:cb:b1:c6:e9:9a:7e:c4:c6:f2:c1:
01:d7:58:8e:73:19:00:f2:f9:e9:51:ba:9d:44:77:
d8:5c:ee:5a:68:ff:f9:ef:f3:ca:a1:8c:31:5f:6d:
11:0f:13:ab:36:4f:37:40:0e:17:23:17:17:0a:29:
1f:78:04:1a:3b:c8:40:3e:31:e5:cf:c2:4e:3b:9d:
dd:ff:25:d3:02:7b:8f:7f:70:40:f7:d2:c9:17:f5:
94:bb:70:c9:7b:f5:f5:d8:de:13:4b:8b:54:dc:d7:
73:2f:25:2c:4c:ec:ff:11:f5:f7:ac:7f:61:11:88:
fb:c1:93:20:0f:16:78:00:49:f9:f2:82:d0:2e:ae:
1e:d7:7f:c7:d0:8a:52:71:46:d6:5a:a8:ac:7e:2b:
e2:b0:b5:99:b3:a0:90:a0:65:86:58:a2:5c:cb:bd:
fe:27:46:37:d4:00:40:b5:3a:bc:87:d8:00:b3:93:
df:14:c3:52:dd:4b:e8:bb:e2:ac:10:e8:88:97:ef:
76:62:6e:f6:fe:cd:0b:90:f3:f4:8c:04:0e:51:43:
76:e6:99:64:da:a8:13:f7:f0:bc:1d:b7:6e:97:63:
3d:e7:95:ea:22:99:69:e9:0c:db:b0:d6:40:6a:d9:
ea:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:D2:4A:92:DD:C0:D2:BA:D9:5F:E0:E7:01:B7:2E:C5:27:00:12:E8
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.104.0/21
Signature Algorithm: sha256WithRSAEncryption
86:07:6c:4f:ba:ad:00:23:f0:6b:c5:81:6a:de:62:5e:b0:79:
ee:6b:c2:ef:55:a6:0f:03:84:ce:4d:24:93:a5:47:3d:fa:89:
b7:fc:ca:03:b0:c4:3e:45:d0:2b:f5:97:f1:55:bf:7d:67:3f:
eb:e8:13:50:3a:6d:ca:40:7a:2c:b1:c0:f6:8d:4e:f8:93:10:
1a:49:a1:12:37:25:97:bf:4e:d5:62:26:5d:4f:bf:9c:90:9f:
8f:ef:3f:91:e8:f3:f2:e6:22:05:99:6b:37:1f:21:5c:ca:80:
38:73:f1:5a:90:f3:ad:b5:66:ec:1d:7c:04:f8:96:0f:2d:c9:
bc:a7:08:9c:87:21:2a:b0:85:6b:40:ab:e2:8a:a0:9b:72:3b:
9e:59:76:b2:ed:6e:6d:4b:41:6b:02:3e:01:c4:d0:b7:d7:98:
f8:05:d5:ae:89:dc:49:21:db:6b:47:ca:81:fd:c4:44:3f:87:
88:55:3d:dd:3f:84:ea:49:3a:a3:ac:4e:0b:57:fb:e7:f0:4a:
92:61:a1:98:b0:49:0d:60:b0:f9:9c:9d:44:0c:cc:76:3a:0f:
c3:87:16:4c:bb:28:20:7b:a1:fe:d2:d9:ad:89:a2:67:51:77:
91:36:cc:81:1b:0e:b2:85:1f:f5:c4:40:6c:c6:38:7a:ea:5e:
2c:a1:56:77
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUElcrLUAj7rD/o6N2LD/3RRuSvn4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDgwMDQwNThaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2Y2U0MjAyZjRlYTA3ZDUxMmYwMjJmZjAxMjI0NDAwZjVmNDY4NmViMjdm
OTc4MmQ3ZGRiOTJkZGU5ZTVlZGYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN+2SQ5ADi4cNDP1GBvALPlubCHLscbpmn7ExvLBAddYjnMZAPL56VG6nUR3
2FzuWmj/+e/zyqGMMV9tEQ8TqzZPN0AOFyMXFwopH3gEGjvIQD4x5c/CTjud3f8l
0wJ7j39wQPfSyRf1lLtwyXv19djeE0uLVNzXcy8lLEzs/xH196x/YRGI+8GTIA8W
eABJ+fKC0C6uHtd/x9CKUnFG1lqorH4r4rC1mbOgkKBlhliiXMu9/idGN9QAQLU6
vIfYALOT3xTDUt1L6LvirBDoiJfvdmJu9v7NC5Dz9IwEDlFDduaZZNqoE/fwvB23
bpdjPeeV6iKZaekM27DWQGrZ6j0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTM0kqS
3cDSutlf4OcBty7FJwAS6DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Nzk1YmFlNjUtZTQ5NC00NDk3LThjNjQtNmM3OGM1YTRiMzg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAaDAN
BgkqhkiG9w0BAQsFAAOCAQEAhgdsT7qtACPwa8WBat5iXrB57mvC71WmDwOEzk0k
k6VHPfqJt/zKA7DEPkXQK/WX8VW/fWc/6+gTUDptykB6LLHA9o1O+JMQGkmhEjcl
l79O1WImXU+/nJCfj+8/kejz8uYiBZlrNx8hXMqAOHPxWpDzrbVm7B18BPiWDy3J
vKcInIchKrCFa0Cr4oqgm3I7nll2su1ubUtBawI+AcTQt9eY+AXVroncSSHba0fK
gf3ERD+HiFU93T+E6kk6o6xOC1f75/BKkmGhmLBJDWCw+ZydRAzMdjoPw4cWTLso
IHuh/tLZrYmiZ1F3kTbMgRsOsoUf9cRAbMY4eupeLKFWdw==
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:42:45 2025 by rpki-client