Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
File: bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa (raw, json)
Hash identifier: a5A6D2UlIopgkbzy2+3a9Hwol59Vs1c1HSHRoszdKbU=
Subject key identifier: 10:A7:92:D5:07:5B:09:09:36:C9:61:DA:A0:DD:98:D0:CD:97:39:38
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 299864162B47FD7F0B7E78FD22C71C9BC9D6A222
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
Signing time: Wed 06 Aug 2025 07:22:50 +0000
ROA not before: Wed 06 Aug 2025 07:22:50 +0000
ROA not after: Wed 10 Sep 2025 23:59:59 +0000
asID: 14618
IP address blocks: 51.100.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 15:34:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:98:64:16:2b:47:fd:7f:0b:7e:78:fd:22:c7:1c:9b:c9:d6:a2:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 6 07:22:50 2025 GMT
Not After : Sep 10 23:59:59 2025 GMT
Subject: serialNumber=8b92dd4f789a974adde80fa24b646ddf944befa40d512bf954d7e4656a9398f3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:a1:20:2b:14:a6:7e:18:f9:bd:98:7e:90:a3:
ed:ca:5c:30:08:af:82:6c:8d:3c:e1:76:0e:e5:5d:
cb:e7:83:74:4d:02:0b:90:0a:66:ac:0a:11:d6:50:
70:43:b8:37:48:df:0c:58:f8:ad:45:e4:bd:05:48:
99:98:a7:84:84:4e:77:52:c1:64:ed:d9:26:b0:d8:
0d:27:1d:00:de:fe:ed:de:42:f4:ec:0b:b6:0a:22:
3c:c2:ca:72:9a:c7:96:fa:98:dc:e0:54:70:37:e1:
57:a5:b9:38:5e:57:47:01:82:7e:5b:86:e7:19:a0:
41:af:a4:54:27:7a:a6:a3:c2:8e:e0:8e:02:cd:23:
ef:5a:67:f4:52:57:d1:4f:03:c5:71:8c:8d:62:9a:
1f:c2:a9:53:bc:a4:2f:77:7a:84:29:6b:3d:26:42:
df:6f:44:8c:d4:71:09:bb:ce:ab:3a:0e:6b:a3:68:
a6:f8:8f:ab:e7:86:48:2a:51:d3:14:82:79:ef:7c:
97:97:86:aa:75:c3:11:37:a0:a5:5b:dd:0f:e4:15:
2b:82:96:ac:e6:ed:9e:9c:b1:70:45:14:42:b0:c5:
d2:09:32:66:17:1d:59:1e:73:95:f4:95:51:0a:30:
20:fc:6f:09:9b:25:b6:8e:75:4e:9d:93:c3:b3:90:
18:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:A7:92:D5:07:5B:09:09:36:C9:61:DA:A0:DD:98:D0:CD:97:39:38
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.100.0.0/15
Signature Algorithm: sha256WithRSAEncryption
ba:cc:21:97:5e:99:46:a8:0a:f8:93:fa:7a:49:43:2a:ec:e8:
e3:ec:4f:40:8b:77:2b:5a:23:76:a3:e4:7c:6a:12:8c:44:0f:
4f:5b:75:e3:a9:60:c8:65:db:be:fd:c7:8a:28:70:91:77:1c:
3e:ff:6f:cc:bf:0e:b6:fd:55:50:a6:f5:3b:ec:1e:24:cf:4f:
24:4c:fd:fa:8a:f4:48:8a:6e:e7:e8:d6:c4:e6:90:78:e8:79:
f2:93:33:c0:ce:46:55:10:aa:0b:10:a9:9d:d8:e5:48:ab:fd:
84:1e:fc:ee:98:61:fd:7e:35:20:25:2d:1d:e0:b5:e8:e7:13:
53:3e:e7:42:b4:42:ed:80:83:5c:1e:75:b3:9d:45:e6:d0:b1:
4c:f0:30:9c:46:04:0c:a0:23:7c:0c:ee:be:91:22:18:5f:24:
a6:86:49:f5:37:f5:f0:95:1e:ee:79:0e:4a:d8:0d:18:ce:d8:
9e:e8:8a:d5:77:6f:bd:14:28:da:14:f9:3d:7c:3d:2d:48:9a:
80:28:f1:5d:4e:94:6d:ab:f8:08:38:69:61:8f:dc:06:fc:65:
9c:9c:d2:7a:27:ee:21:f2:18:f1:e4:a9:e3:e2:35:60:7d:10:
fd:96:73:b0:63:2a:df:42:10:57:8e:08:3e:e2:8b:bf:b2:2c:
7f:bf:de:9f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKZhkFitH/X8Lfnj9Isccm8nWoiIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDYwNzIyNTBaFw0yNTA5MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDhiOTJkZDRmNzg5YTk3NGFkZGU4MGZhMjRiNjQ2ZGRmOTQ0YmVmYTQwZDUx
MmJmOTU0ZDdlNDY1NmE5Mzk4ZjMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALehICsUpn4Y+b2YfpCj7cpcMAivgmyNPOF2DuVdy+eDdE0CC5AKZqwKEdZQ
cEO4N0jfDFj4rUXkvQVImZinhIROd1LBZO3ZJrDYDScdAN7+7d5C9OwLtgoiPMLK
cprHlvqY3OBUcDfhV6W5OF5XRwGCfluG5xmgQa+kVCd6pqPCjuCOAs0j71pn9FJX
0U8DxXGMjWKaH8KpU7ykL3d6hClrPSZC329EjNRxCbvOqzoOa6NopviPq+eGSCpR
0xSCee98l5eGqnXDETegpVvdD+QVK4KWrObtnpyxcEUUQrDF0gkyZhcdWR5zlfSV
UQowIPxvCZslto51Tp2Tw7OQGJMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQQp5LV
B1sJCTbJYdqg3ZjQzZc5ODAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmFjZjg0M2EtMTdlZS00Y2ExLTllM2ItOGYzNzI4ODE0ZDIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNkMA0G
CSqGSIb3DQEBCwUAA4IBAQC6zCGXXplGqAr4k/p6SUMq7Ojj7E9Ai3crWiN2o+R8
ahKMRA9PW3XjqWDIZdu+/ceKKHCRdxw+/2/Mvw62/VVQpvU77B4kz08kTP36ivRI
im7n6NbE5pB46HnykzPAzkZVEKoLEKmd2OVIq/2EHvzumGH9fjUgJS0d4LXo5xNT
PudCtELtgINcHnWznUXm0LFM8DCcRgQMoCN8DO6+kSIYXySmhkn1N/XwlR7ueQ5K
2A0Yztie6IrVd2+9FCjaFPk9fD0tSJqAKPFdTpRtq/gIOGlhj9wG/GWcnNJ6J+4h
8hjx5Knj4jVgfRD9lnOwYyrfQhBXjgg+4ou/six/v96f
-----END CERTIFICATE-----
Generated at Thu Aug 21 18:52:01 2025 by rpki-client