Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a1fa391-4377-44ba-a6c7-c785fc9a7733.roa
File: 9a1fa391-4377-44ba-a6c7-c785fc9a7733.roa (raw, json)
Hash identifier: 9RcLPqewzRNdWw4NPe9naaCe4+EpP5TMvkWJ5e/Ey80=
Subject key identifier: 83:25:B3:F7:FF:2C:EB:7F:AE:67:52:29:86:15:BF:34:DB:C0:9D:72
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 339F6BC21F815E73B4174AF3B3870E99092731CC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a1fa391-4377-44ba-a6c7-c785fc9a7733.roa
Signing time: Fri 08 Aug 2025 00:40:18 +0000
ROA not before: Fri 08 Aug 2025 00:40:18 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.84.0.0/14 maxlen: 14
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:9f:6b:c2:1f:81:5e:73:b4:17:4a:f3:b3:87:0e:99:09:27:31:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 8 00:40:18 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=df8a906c32a93c9bf5d7edf430e3d3fc2502ba21737282f0d789d5b99eb4b679, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:60:20:92:c0:0f:e2:df:b7:5c:ee:d1:58:a9:
90:c0:8b:c6:8f:05:5b:00:5d:1a:9d:5e:73:7d:53:
56:93:59:29:ef:52:f0:58:1b:ae:af:59:e6:2c:67:
77:fe:af:be:99:89:48:24:6e:85:71:24:b6:00:ee:
85:40:06:b4:e3:ba:24:57:1c:89:56:8c:ef:15:1a:
a3:c8:2d:e2:52:c6:dd:dd:f4:5c:66:35:09:da:73:
a0:c9:ca:20:c9:57:b8:db:51:a4:89:77:08:ca:cc:
bb:ce:59:5c:2d:43:f9:30:b7:10:8d:90:d1:28:14:
37:82:28:d8:d8:d6:1c:98:2b:30:17:e5:f6:59:4d:
9d:dc:f0:4a:b3:49:1b:7c:f2:1f:2e:41:ad:84:f2:
f3:e8:03:96:72:6d:5d:d4:4b:57:c1:58:5d:38:be:
7d:29:f3:94:c3:c2:e2:1a:56:c0:67:c0:ae:04:30:
6c:20:17:85:31:93:02:1f:11:bb:a0:78:4f:69:c3:
90:94:5c:8c:5c:0c:6f:0f:06:05:8f:c3:94:38:6c:
d4:47:0d:f6:00:1f:16:e4:b4:23:a1:ad:30:bd:03:
ae:d5:b2:14:fe:b4:27:13:0f:d6:a4:da:31:61:08:
cc:09:3b:e6:d9:b2:a7:ca:ab:ee:00:63:bb:a5:25:
9f:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:25:B3:F7:FF:2C:EB:7F:AE:67:52:29:86:15:BF:34:DB:C0:9D:72
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a1fa391-4377-44ba-a6c7-c785fc9a7733.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.84.0.0/14
Signature Algorithm: sha256WithRSAEncryption
54:f8:33:48:69:48:1c:fc:a6:fb:0e:e9:6c:ec:ce:c8:64:e6:
a8:49:85:d8:f2:96:3a:a1:26:47:2d:44:dc:7e:48:b4:0c:b4:
39:f3:4d:28:f5:76:ff:0e:47:b9:89:d9:a2:e1:a5:63:ac:e9:
10:18:9a:80:d2:52:b4:29:83:87:d6:4c:0d:3d:0f:36:41:9a:
4f:54:e0:9d:17:8e:f1:6a:37:be:ef:b4:03:be:aa:0e:5b:45:
03:26:9a:bb:57:21:af:66:cd:92:9e:3f:c6:a5:1c:3e:34:d5:
69:67:97:2e:25:c3:86:c1:0b:78:6f:60:ca:9c:c9:3f:2a:c4:
e6:9f:8e:2a:8b:e7:8f:78:9a:41:a4:a3:6c:d6:4d:4e:b7:45:
17:8e:2f:f2:07:14:16:04:23:6c:fe:63:21:46:78:19:32:e3:
51:0f:c3:14:0f:86:bf:34:e5:a0:aa:20:9e:36:e8:da:20:70:
49:84:59:3a:ee:6b:84:0c:80:80:1c:f2:fe:e7:4b:d7:27:00:
a5:f2:68:e5:34:64:1c:2c:c8:7f:07:00:ad:72:a0:6a:30:54:
8d:1f:72:9c:55:2b:ab:98:a7:3b:7c:0a:c7:86:3c:fb:0a:cf:
08:05:3d:dc:69:ed:78:d3:36:61:0b:b8:73:d9:44:0c:c7:59:
44:08:dd:a1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUM59rwh+BXnO0F0rzs4cOmQknMcwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDgwMDQwMThaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGRmOGE5MDZjMzJhOTNjOWJmNWQ3ZWRmNDMwZTNkM2ZjMjUwMmJhMjE3Mzcy
ODJmMGQ3ODlkNWI5OWViNGI2NzkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5gIJLAD+Lft1zu0VipkMCLxo8FWwBdGp1ec31TVpNZKe9S8Fgbrq9Z5ixn
d/6vvpmJSCRuhXEktgDuhUAGtOO6JFcciVaM7xUao8gt4lLG3d30XGY1CdpzoMnK
IMlXuNtRpIl3CMrMu85ZXC1D+TC3EI2Q0SgUN4Io2NjWHJgrMBfl9llNndzwSrNJ
G3zyHy5BrYTy8+gDlnJtXdRLV8FYXTi+fSnzlMPC4hpWwGfArgQwbCAXhTGTAh8R
u6B4T2nDkJRcjFwMbw8GBY/DlDhs1EcN9gAfFuS0I6GtML0DrtWyFP60JxMP1qTa
MWEIzAk75tmyp8qr7gBju6Uln/ECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSDJbP3
/yzrf65nUimGFb8028CdcjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWExZmEzOTEtNDM3Ny00NGJhLWE2YzctYzc4NWZjOWE3NzMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAjNUMA0G
CSqGSIb3DQEBCwUAA4IBAQBU+DNIaUgc/Kb7Duls7M7IZOaoSYXY8pY6oSZHLUTc
fki0DLQ5800o9Xb/Dke5idmi4aVjrOkQGJqA0lK0KYOH1kwNPQ82QZpPVOCdF47x
aje+77QDvqoOW0UDJpq7VyGvZs2Snj/GpRw+NNVpZ5cuJcOGwQt4b2DKnMk/KsTm
n44qi+ePeJpBpKNs1k1Ot0UXji/yBxQWBCNs/mMhRngZMuNRD8MUD4a/NOWgqiCe
NujaIHBJhFk67muEDICAHPL+50vXJwCl8mjlNGQcLMh/BwCtcqBqMFSNH3KcVSur
mKc7fArHhjz7Cs8IBT3cae140zZhC7hz2UQMx1lECN2h
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:39:49 2025 by rpki-client