Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
File: aa15a3a6-022f-41a6-9a60-2175164bb741.roa (raw, json)
Hash identifier: rIY+zi/wpzM9UbfhtIuh7+Xms658AChng1vXsDda/Vk=
Subject key identifier: 85:42:D7:A8:C0:59:DC:AF:DA:54:CE:62:30:B1:56:7E:DF:7F:D2:C2
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7A8B599D60576693CA9906D57333D417EF9C820E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
Signing time: Fri 08 Aug 2025 00:41:06 +0000
ROA not before: Fri 08 Aug 2025 00:41:06 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.204.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:8b:59:9d:60:57:66:93:ca:99:06:d5:73:33:d4:17:ef:9c:82:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 8 00:41:06 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=aac8590742b2ac5a21ee47e58edb3b8ef3e955a833b6a8925a0815dc6943f712, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:53:7f:ed:8e:a0:21:e4:08:c3:c9:33:32:d0:
31:f9:59:60:97:c9:bd:e0:9f:aa:bd:07:d4:b0:c1:
1b:64:8f:6e:55:1f:4e:17:b9:43:51:1b:b2:5a:d0:
b9:04:ce:c1:aa:a7:66:7c:31:ee:7d:88:f6:cc:9b:
0f:d8:7d:32:f1:8f:c2:3e:f4:9d:e9:dc:60:bc:15:
1d:ba:07:40:6a:63:83:ff:57:c4:79:e5:14:b3:a7:
b9:0a:72:cf:4e:82:55:d8:19:a1:e7:8b:10:3a:cb:
00:a5:6e:31:7a:54:6c:37:ef:1c:d8:9c:c9:61:70:
4c:35:5e:29:fc:ab:65:d4:3f:eb:76:46:2e:c1:62:
fe:4b:90:80:4c:a6:89:49:51:c9:9e:25:52:70:69:
cb:78:8f:d1:ce:21:96:71:86:ba:94:91:80:65:11:
1b:e2:22:ef:30:8e:d0:43:d4:e9:97:96:2b:97:f6:
ac:e4:97:e8:c8:55:71:8d:92:36:40:41:3b:fe:d5:
76:c4:0d:af:2d:75:45:6f:7d:64:28:72:44:1b:0e:
7c:ea:b3:ae:1b:7f:03:c0:ca:9b:df:52:4c:07:96:
89:2c:85:a8:62:c2:f8:e0:a2:99:53:2d:8d:aa:cd:
ea:d6:de:81:b7:01:f0:dd:13:e0:00:91:44:e3:89:
01:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:42:D7:A8:C0:59:DC:AF:DA:54:CE:62:30:B1:56:7E:DF:7F:D2:C2
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.204.0/24
Signature Algorithm: sha256WithRSAEncryption
af:8a:45:60:25:29:cd:dd:0e:20:bb:d2:3e:5c:af:dc:88:7b:
ba:86:10:8c:19:5d:2d:05:5d:d5:49:e3:bd:71:85:0e:f4:53:
53:bf:30:bd:41:22:84:6d:07:29:26:5a:6b:1b:4c:15:e0:e8:
92:71:b9:cf:57:f8:90:4e:09:a8:ef:ab:15:bd:17:04:25:54:
77:5f:e0:a4:4d:8d:92:2e:ed:95:86:e1:6c:02:26:0e:c4:35:
58:5c:f7:08:00:21:6d:3d:29:91:71:2d:11:c5:91:e7:47:08:
db:71:f1:ca:5c:c0:65:f4:90:c2:48:ee:cc:db:44:b2:32:03:
26:b6:63:37:9f:d9:00:f5:49:e4:4b:d3:4a:d1:70:51:04:2c:
73:4a:32:65:71:88:13:d6:22:c8:31:46:11:16:83:82:53:f5:
28:1c:a5:0e:db:5f:53:3b:fe:c3:86:38:6d:c4:0b:63:40:b5:
17:b1:68:05:a2:65:85:31:9e:4c:46:fb:a6:8d:5a:cf:d4:92:
5d:02:0f:90:5a:10:3e:e4:69:00:27:2a:0a:7e:5d:71:e0:19:
18:41:79:df:e3:97:2e:fe:af:c3:ce:45:85:5b:29:38:ba:34:
03:a7:da:7a:d0:4b:8e:7a:96:b7:0a:a0:69:c9:af:b9:a0:71:
7a:57:ac:7b
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUeotZnWBXZpPKmQbVczPUF++cgg4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDgwMDQxMDZaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGFhYzg1OTA3NDJiMmFjNWEyMWVlNDdlNThlZGIzYjhlZjNlOTU1YTgzM2I2
YTg5MjVhMDgxNWRjNjk0M2Y3MTIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM5Tf+2OoCHkCMPJMzLQMflZYJfJveCfqr0H1LDBG2SPblUfThe5Q1EbslrQ
uQTOwaqnZnwx7n2I9sybD9h9MvGPwj70nencYLwVHboHQGpjg/9XxHnlFLOnuQpy
z06CVdgZoeeLEDrLAKVuMXpUbDfvHNicyWFwTDVeKfyrZdQ/63ZGLsFi/kuQgEym
iUlRyZ4lUnBpy3iP0c4hlnGGupSRgGURG+Ii7zCO0EPU6ZeWK5f2rOSX6MhVcY2S
NkBBO/7VdsQNry11RW99ZChyRBsOfOqzrht/A8DKm99STAeWiSyFqGLC+OCimVMt
jarN6tbegbcB8N0T4ACRROOJAbcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSFQteo
wFncr9pUzmIwsVZ+33/SwjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWExNWEzYTYtMDIyZi00MWE2LTlhNjAtMjE3NTE2NGJiNzQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMQzDAN
BgkqhkiG9w0BAQsFAAOCAQEAr4pFYCUpzd0OILvSPlyv3Ih7uoYQjBldLQVd1Unj
vXGFDvRTU78wvUEihG0HKSZaaxtMFeDoknG5z1f4kE4JqO+rFb0XBCVUd1/gpE2N
ki7tlYbhbAImDsQ1WFz3CAAhbT0pkXEtEcWR50cI23HxylzAZfSQwkjuzNtEsjID
JrZjN5/ZAPVJ5EvTStFwUQQsc0oyZXGIE9YiyDFGERaDglP1KBylDttfUzv+w4Y4
bcQLY0C1F7FoBaJlhTGeTEb7po1az9SSXQIPkFoQPuRpACcqCn5dceAZGEF53+OX
Lv6vw85FhVspOLo0A6faetBLjnqWtwqgacmvuaBxelesew==
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:38:57 2025 by rpki-client