Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
File: af8582f5-d209-4e12-aacf-31186289c430.roa (raw, json)
Hash identifier: bvzSKE/AFIsv4Udqn9GJkTe2UxIKeLofGrpIHu4YPG0=
Subject key identifier: 7F:2F:32:94:59:14:F4:4A:A3:A1:4D:7C:93:CC:6C:0E:3C:BD:54:B4
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 710FBBDF84E3E606736D062D287D9D9008E66838
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
Signing time: Tue 05 Aug 2025 20:30:14 +0000
ROA not before: Tue 05 Aug 2025 20:30:14 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.216.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:0f:bb:df:84:e3:e6:06:73:6d:06:2d:28:7d:9d:90:08:e6:68:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:30:14 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=7051e366fa31e572f4645d36168c1db0c4fa92d4440740817f1bf2df63715cce, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:fa:84:df:78:fe:a4:e1:a4:93:4e:8b:cf:8c:
52:04:00:bb:8c:bd:93:48:77:f0:cf:4f:cd:fc:35:
4c:31:d0:bf:e4:83:30:a4:43:19:66:a7:a1:ff:6a:
15:ad:bd:a7:f5:d2:ea:c9:17:97:e3:85:ea:8a:4d:
85:49:8d:a6:6d:45:ca:41:fb:b1:52:9e:78:17:5b:
08:12:3e:e7:91:43:f1:71:1e:e7:a4:d3:69:a6:a5:
52:67:4b:eb:12:73:09:09:95:0d:37:f4:57:8f:61:
d8:d4:e7:1c:c7:92:1a:08:d5:03:67:09:70:e4:f8:
8b:ad:9f:a0:48:da:75:59:38:2b:f1:97:49:8a:9a:
2b:ef:dd:98:c6:a9:ec:d5:41:e3:04:6d:fe:6b:a0:
0a:4c:31:fe:c2:f2:5c:49:6a:ad:c6:bd:b2:49:ef:
08:62:ec:b5:ef:f2:58:cc:de:31:b3:9a:e7:36:fd:
9d:3a:89:62:31:db:a6:6e:d1:c4:ec:93:dd:da:5c:
f1:1b:74:05:a2:4a:6b:ed:bc:b2:5c:0c:84:c5:77:
fe:26:75:c4:58:94:89:f1:f3:4d:0e:4b:ae:3e:24:
99:23:f9:d1:3c:05:a9:83:be:45:dd:de:0b:7a:4d:
e2:f2:e4:76:73:22:c1:27:a6:74:f7:2f:af:b5:36:
5d:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:2F:32:94:59:14:F4:4A:A3:A1:4D:7C:93:CC:6C:0E:3C:BD:54:B4
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.216.0.0/15
Signature Algorithm: sha256WithRSAEncryption
98:fe:96:df:87:24:65:a3:d1:ec:e6:c4:a7:3b:c2:4e:04:88:
a6:88:90:d1:48:9c:2f:2d:b0:d2:4a:47:62:b5:86:eb:c1:11:
7f:df:5c:7b:83:c8:2b:eb:cb:38:93:98:6a:7e:2b:61:38:f2:
de:49:73:ad:9c:5f:77:d6:be:19:9f:84:9b:71:4a:79:df:37:
d6:27:55:b0:e6:7f:63:0f:99:00:15:39:1c:5a:b1:30:b0:ff:
fa:44:62:e6:33:86:3d:42:9f:19:06:1f:0a:04:8f:5a:eb:fe:
30:16:0d:f6:c2:44:bc:b1:27:a9:05:05:ef:76:90:a5:dd:80:
88:3a:f9:d7:74:e6:0e:b4:37:89:cb:45:7d:6c:25:68:68:fc:
51:69:54:b7:e7:d6:cd:c1:33:37:33:76:6e:96:4d:a5:68:01:
ab:a3:74:3e:ab:f5:ff:1f:54:73:6a:ab:e4:3a:41:39:9a:e6:
88:4d:2c:e4:c7:28:a7:0d:77:db:bf:9c:b3:cb:8a:e9:22:94:
79:81:88:4d:b6:6a:ae:8e:99:ed:ed:47:3c:41:1b:1a:58:2e:
a1:dd:6d:7d:19:19:71:e0:cf:cf:f0:18:63:c3:fc:1d:bd:cc:
1b:92:b8:c3:bf:66:a0:55:cc:b0:d5:de:2d:71:a4:d8:a1:6a:
58:76:03:f9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUcQ+734Tj5gZzbQYtKH2dkAjmaDgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDMwMTRaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDcwNTFlMzY2ZmEzMWU1NzJmNDY0NWQzNjE2OGMxZGIwYzRmYTkyZDQ0NDA3
NDA4MTdmMWJmMmRmNjM3MTVjY2UxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMH6hN94/qThpJNOi8+MUgQAu4y9k0h38M9Pzfw1TDHQv+SDMKRDGWanof9q
Fa29p/XS6skXl+OF6opNhUmNpm1FykH7sVKeeBdbCBI+55FD8XEe56TTaaalUmdL
6xJzCQmVDTf0V49h2NTnHMeSGgjVA2cJcOT4i62foEjadVk4K/GXSYqaK+/dmMap
7NVB4wRt/mugCkwx/sLyXElqrca9sknvCGLste/yWMzeMbOa5zb9nTqJYjHbpm7R
xOyT3dpc8Rt0BaJKa+28slwMhMV3/iZ1xFiUifHzTQ5Lrj4kmSP50TwFqYO+Rd3e
C3pN4vLkdnMiwSemdPcvr7U2XRECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR/LzKU
WRT0SqOhTXyTzGwOPL1UtDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWY4NTgyZjUtZDIwOS00ZTEyLWFhY2YtMzExODYyODljNDMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPYMA0G
CSqGSIb3DQEBCwUAA4IBAQCY/pbfhyRlo9Hs5sSnO8JOBIimiJDRSJwvLbDSSkdi
tYbrwRF/31x7g8gr68s4k5hqfithOPLeSXOtnF931r4Zn4SbcUp53zfWJ1Ww5n9j
D5kAFTkcWrEwsP/6RGLmM4Y9Qp8ZBh8KBI9a6/4wFg32wkS8sSepBQXvdpCl3YCI
OvnXdOYOtDeJy0V9bCVoaPxRaVS359bNwTM3M3Zulk2laAGro3Q+q/X/H1Rzaqvk
OkE5muaITSzkxyinDXfbv5yzy4rpIpR5gYhNtmqujpnt7Uc8QRsaWC6h3W19GRlx
4M/P8Bhjw/wdvcwbkrjDv2agVcyw1d4tcaTYoWpYdgP5
-----END CERTIFICATE-----
Generated at Wed Aug 20 12:55:20 2025 by rpki-client