Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
File: 94c2a36e-245b-439a-bf61-04132c5df5a4.roa (raw, json)
Hash identifier: 7k6qAl1rJbDv4pjdgYtSzuZkxuh0+jXlaEYIGxnry8M=
Subject key identifier: AF:88:FD:98:EB:A3:57:00:05:8E:57:A8:0A:F3:88:32:7C:90:21:28
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4B09ECA9E046498BAD65D96BE6F03EFF041CFE8A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
Signing time: Tue 05 Aug 2025 20:30:21 +0000
ROA not before: Tue 05 Aug 2025 20:30:21 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.35.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:09:ec:a9:e0:46:49:8b:ad:65:d9:6b:e6:f0:3e:ff:04:1c:fe:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:30:21 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=b58e2bbc6f93cfd0f839f71300223f88875ef17cfc39982de30b33a765fe9a4a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:8a:12:14:0e:46:ac:a0:87:db:d2:cd:d8:f0:
64:b4:4b:5c:d1:53:77:90:66:33:98:77:23:2b:1e:
43:fb:d2:69:cf:20:fd:5f:53:f4:5c:30:9c:fb:d9:
01:d5:e4:ab:d9:27:15:70:8d:df:57:c2:7f:47:49:
a9:22:98:3e:89:5d:fc:23:e3:76:a9:38:91:57:88:
46:21:9e:66:29:8a:cf:b3:9d:53:65:fe:26:54:4b:
37:68:d7:33:8b:b3:79:0a:d1:2d:47:59:66:d6:dd:
c5:27:33:14:11:b4:e8:1e:c5:8f:52:2d:51:d7:64:
0e:f1:10:5b:67:61:aa:fe:20:ed:0b:89:76:08:0c:
0e:4a:1e:b7:8a:74:c7:ff:81:2f:04:d0:96:e6:82:
cf:1d:a4:b3:3a:0c:c6:6d:a7:03:61:1f:45:de:96:
06:0a:a5:31:07:a0:ba:88:79:32:d0:a1:cc:af:ba:
cf:4c:1c:18:bf:1a:f7:48:1e:14:5b:8e:7c:16:80:
d9:24:5a:ba:9e:5e:00:27:e1:00:c1:6d:d0:0b:0c:
ba:fe:da:b6:04:02:b1:73:0c:04:41:49:05:32:de:
80:0a:21:43:89:dc:e2:88:bf:63:ff:ca:fa:8b:e3:
81:19:f1:31:16:4a:34:48:2a:c2:20:78:4d:88:cb:
fa:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:88:FD:98:EB:A3:57:00:05:8E:57:A8:0A:F3:88:32:7C:90:21:28
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.35.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7e:55:d7:4f:dd:1b:00:a7:0e:7e:8e:b3:2a:71:b6:e0:82:19:
27:28:e3:49:37:e4:63:48:4e:c9:6d:1f:f3:5f:34:29:f9:cc:
e9:f6:55:63:f8:b6:3d:5f:07:b4:ea:36:62:9d:e2:c7:93:90:
dd:b6:d9:93:00:d0:4e:7b:dc:b2:7c:bc:ae:9d:0b:cb:f3:18:
3a:f2:53:a3:bd:2c:56:01:6f:a5:8c:2d:0f:8c:5c:2b:42:9c:
7a:3c:ea:bb:b1:25:d8:9d:c1:da:58:e3:d5:bb:f1:6e:b8:04:
b3:6d:4d:af:f0:eb:a7:f0:cb:ed:1c:1b:8c:2b:ae:c3:16:3e:
df:a1:16:7e:fd:52:3f:87:76:0d:23:62:0d:9b:b8:f8:9d:a5:
2f:d0:37:4d:95:36:08:de:71:fc:98:4f:c3:36:8b:a9:e9:9e:
a7:78:b5:4e:e7:6d:42:f8:86:dd:5d:e6:86:a3:da:e8:99:c8:
8d:a6:f2:69:7e:dc:04:d5:35:ac:bf:29:4c:b2:6b:75:c5:60:
c7:a5:5e:57:a8:50:16:35:bb:ce:68:21:d6:80:6a:a9:47:ea:
48:59:7c:68:97:c1:7b:cb:98:94:b5:22:1c:b4:ca:5e:b2:17:
73:9c:51:41:a0:9d:57:20:ba:a2:52:87:10:5c:0b:69:a9:93:
74:52:c5:9a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSwnsqeBGSYutZdlr5vA+/wQc/oowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDMwMjFaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGI1OGUyYmJjNmY5M2NmZDBmODM5ZjcxMzAwMjIzZjg4ODc1ZWYxN2NmYzM5
OTgyZGUzMGIzM2E3NjVmZTlhNGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmKEhQORqygh9vSzdjwZLRLXNFTd5BmM5h3IyseQ/vSac8g/V9T9FwwnPvZ
AdXkq9knFXCN31fCf0dJqSKYPold/CPjdqk4kVeIRiGeZimKz7OdU2X+JlRLN2jX
M4uzeQrRLUdZZtbdxSczFBG06B7Fj1ItUddkDvEQW2dhqv4g7QuJdggMDkoet4p0
x/+BLwTQluaCzx2kszoMxm2nA2EfRd6WBgqlMQeguoh5MtChzK+6z0wcGL8a90ge
FFuOfBaA2SRaup5eACfhAMFt0AsMuv7atgQCsXMMBEFJBTLegAohQ4nc4oi/Y//K
+ovjgRnxMRZKNEgqwiB4TYjL+j8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSviP2Y
66NXAAWOV6gK84gyfJAhKDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTRjMmEzNmUtMjQ1Yi00MzlhLWJmNjEtMDQxMzJjNWRmNWE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMjMA0G
CSqGSIb3DQEBCwUAA4IBAQB+VddP3RsApw5+jrMqcbbgghknKONJN+RjSE7JbR/z
XzQp+czp9lVj+LY9Xwe06jZineLHk5DdttmTANBOe9yyfLyunQvL8xg68lOjvSxW
AW+ljC0PjFwrQpx6POq7sSXYncHaWOPVu/FuuASzbU2v8Oun8MvtHBuMK67DFj7f
oRZ+/VI/h3YNI2INm7j4naUv0DdNlTYI3nH8mE/DNoup6Z6neLVO521C+IbdXeaG
o9romciNpvJpftwE1TWsvylMsmt1xWDHpV5XqFAWNbvOaCHWgGqpR+pIWXxol8F7
y5iUtSIctMpeshdznFFBoJ1XILqiUocQXAtpqZN0UsWa
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:39:35 2025 by rpki-client