Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
File: 7dc90e26-05aa-40c8-bbd0-967e095d6485.roa (raw, json)
Hash identifier: At9FxV4lgV+oMjN5hKw4ax9NQ8nLiq/eMjXjmAe/Kjc=
Subject key identifier: 9E:35:12:B0:A3:BB:A7:5D:B4:04:71:CE:12:57:2D:B4:2B:A1:0D:EF
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 8C39125D4E9B633C5FD6B4BF6758E7240BAF34
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
Signing time: Fri 25 Apr 2025 20:30:50 +0000
ROA not before: Fri 25 Apr 2025 20:30:50 +0000
ROA not after: Fri 30 May 2025 23:59:59 +0000
asID: 16509
IP address blocks: 143.65.0.0/17 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 10 May 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8c:39:12:5d:4e:9b:63:3c:5f:d6:b4:bf:67:58:e7:24:0b:af:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 25 20:30:50 2025 GMT
Not After : May 30 23:59:59 2025 GMT
Subject: serialNumber=99ca959321d1eaf9093558ba2c32abd6b483b6a11bdc87ceb05d4691c6de575a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:d9:26:48:43:d3:f3:01:22:c9:b0:b7:d4:ff:
fe:71:a1:bf:b0:44:27:b2:14:6d:de:91:ee:2e:68:
61:6e:61:6a:a5:8b:7e:e2:1e:51:23:ed:3b:b4:c6:
87:7b:ba:3f:6b:fe:56:de:5b:b2:8c:73:45:a7:99:
30:e3:5e:1e:d8:13:75:7d:52:1b:3f:5b:dd:b9:4a:
f0:b9:bf:1a:b0:8b:e0:77:bb:94:d8:fe:e7:3f:d0:
0f:72:70:c7:d1:bd:f3:14:3b:ef:65:d6:bf:18:cb:
d1:78:6b:5f:da:9f:c8:c5:23:ea:b5:d9:b6:01:f5:
08:1c:29:0f:e7:fe:84:a8:06:be:5f:d3:bc:3f:fc:
cc:1b:31:cc:cf:96:f7:b2:7e:a6:47:84:92:27:a2:
3f:23:8c:91:bd:1b:61:31:69:9d:3b:5b:ba:b2:ef:
a2:2c:17:ab:d9:aa:8a:7e:c8:d0:6c:ba:ed:f8:3a:
28:dd:c9:3b:42:50:b5:c1:d8:92:d2:1a:63:76:90:
06:0e:74:0d:51:c0:2f:4d:5f:db:1b:02:7d:7c:b6:
7b:21:2b:8b:fe:78:24:e0:b0:a3:83:a0:57:b0:c5:
8d:25:e3:24:56:f1:58:77:dc:85:b8:dd:c6:14:3b:
39:50:21:d5:85:cf:d4:d0:3f:a4:3b:3b:19:e6:2d:
db:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:35:12:B0:A3:BB:A7:5D:B4:04:71:CE:12:57:2D:B4:2B:A1:0D:EF
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.65.0.0/17
Signature Algorithm: sha256WithRSAEncryption
9f:09:49:62:86:f5:8d:64:fb:36:ed:14:57:ea:c9:9e:15:4d:
1c:17:3d:3f:a2:68:7f:f3:bd:18:9a:69:c9:68:8f:98:22:3c:
58:a3:cb:8f:32:68:95:7c:d9:36:ba:d0:9d:16:24:a3:79:0e:
4a:98:69:77:c3:ee:7e:b6:a9:37:06:72:01:39:90:2c:2a:db:
e6:a8:6d:40:68:a5:f7:fc:d1:3d:7e:7c:25:1a:91:e3:5d:3f:
c2:6c:02:99:be:5c:14:64:1c:6a:1f:87:d6:7a:71:f6:ee:fa:
f1:a5:ae:94:64:3f:4b:6f:75:82:6f:d1:f9:27:19:9a:d4:77:
d2:5d:eb:6f:14:19:41:f1:c2:f5:f4:2b:8a:6c:4c:79:f0:9d:
00:b7:2f:e2:67:21:8a:38:74:b1:b4:17:c4:d4:a2:c4:62:98:
d8:3b:2e:84:1a:63:dc:3e:c7:61:14:cd:69:dc:f4:0e:0d:8a:
d5:56:ca:ac:01:68:6f:45:94:85:09:3a:d1:66:e1:fc:31:39:
45:41:68:3a:c1:0b:e5:a9:73:13:ff:5f:a0:22:68:92:d4:fe:
b0:a8:18:19:15:55:13:24:b8:cd:fd:02:cc:e4:5f:50:48:60:
e4:62:d8:34:c2:3d:b9:ef:f9:32:6f:d3:e8:80:ba:56:03:4a:
2c:7e:66:43
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUAIw5El1Om2M8X9a0v2dY5yQLrzQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MjUyMDMwNTBaFw0yNTA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5Y2E5NTkzMjFkMWVhZjkwOTM1NThiYTJjMzJhYmQ2YjQ4M2I2YTExYmRj
ODdjZWIwNWQ0NjkxYzZkZTU3NWExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMXZJkhD0/MBIsmwt9T//nGhv7BEJ7IUbd6R7i5oYW5haqWLfuIeUSPtO7TG
h3u6P2v+Vt5bsoxzRaeZMONeHtgTdX1SGz9b3blK8Lm/GrCL4He7lNj+5z/QD3Jw
x9G98xQ772XWvxjL0XhrX9qfyMUj6rXZtgH1CBwpD+f+hKgGvl/TvD/8zBsxzM+W
97J+pkeEkieiPyOMkb0bYTFpnTtburLvoiwXq9mqin7I0Gy67fg6KN3JO0JQtcHY
ktIaY3aQBg50DVHAL01f2xsCfXy2eyEri/54JOCwo4OgV7DFjSXjJFbxWHfchbjd
xhQ7OVAh1YXP1NA/pDs7GeYt25kCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSeNRKw
o7unXbQEcc4SVy20K6EN7zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2RjOTBlMjYtMDVhYS00MGM4LWJiZDAtOTY3ZTA5NWQ2NDg1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB49BADAN
BgkqhkiG9w0BAQsFAAOCAQEAnwlJYob1jWT7Nu0UV+rJnhVNHBc9P6Jof/O9GJpp
yWiPmCI8WKPLjzJolXzZNrrQnRYko3kOSphpd8PufrapNwZyATmQLCrb5qhtQGil
9/zRPX58JRqR410/wmwCmb5cFGQcah+H1npx9u768aWulGQ/S291gm/R+ScZmtR3
0l3rbxQZQfHC9fQrimxMefCdALcv4mchijh0sbQXxNSixGKY2DsuhBpj3D7HYRTN
adz0Dg2K1VbKrAFob0WUhQk60Wbh/DE5RUFoOsEL5alzE/9foCJoktT+sKgYGRVV
EyS4zf0CzORfUEhg5GLYNMI9ue/5Mm/T6IC6VgNKLH5mQw==
-----END CERTIFICATE-----
Generated at Fri May 9 12:43:03 2025 by rpki-client