Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
File: c2c395e2-491c-4141-ba1e-1b3717841063.roa (raw, json)
Hash identifier: dqcd0GDgHVouzXZKjdJjJwEmLmfrFLVYR53DD5d40BU=
Subject key identifier: AF:E8:3E:36:4C:17:4A:F4:36:63:31:96:4B:93:BC:F2:3A:B9:DA:AC
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1E21F13EF2B1EABCC99B5CA1795FB26797C88198
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
Signing time: Tue 05 Aug 2025 20:20:09 +0000
ROA not before: Tue 05 Aug 2025 20:20:09 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.152.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:21:f1:3e:f2:b1:ea:bc:c9:9b:5c:a1:79:5f:b2:67:97:c8:81:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:20:09 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=e3265fb70df9e403a4ed0b76ebba3874d48edd54c5787f7f09c1e2cd10aec0e3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:7b:4c:46:59:0d:bd:b5:9c:23:50:0e:b5:ab:
9b:53:84:d8:2c:bb:8a:35:c8:a8:21:dc:80:86:97:
8e:0e:0a:7d:24:16:53:45:22:02:68:39:bb:56:f7:
5b:9d:7c:5e:0c:ac:50:f1:c6:b0:7a:ae:db:74:52:
c4:0e:e5:c4:4a:26:8a:53:9f:9c:c1:4d:6d:f1:e1:
a3:8c:d4:5b:09:98:4d:c8:ac:18:a1:ba:05:54:02:
68:0a:bb:c7:1f:b8:e9:ee:4a:fa:0e:6c:17:22:db:
3b:0a:cb:f4:37:55:9b:02:9b:eb:7a:b1:ab:c1:ba:
51:b5:2f:45:ef:6f:1f:0d:2f:b6:59:d4:80:ee:27:
0b:35:6c:73:1f:00:da:42:30:31:e1:60:d3:dd:08:
b0:e9:e0:f7:1a:37:5d:eb:3a:d2:66:fb:0a:05:56:
77:4d:24:18:85:5a:fd:29:e5:c5:4b:38:1d:85:da:
4f:ef:d1:ec:bf:09:a2:c4:bb:c2:ab:74:db:fa:35:
05:98:dc:07:95:ca:7c:a9:b1:5f:ba:44:fa:e4:ed:
c2:b0:7b:79:ae:20:9d:d1:6a:a3:54:76:91:38:b6:
4d:4d:9f:91:2d:65:af:88:01:71:e6:c8:ab:f0:70:
0f:48:2a:ba:a2:e4:9d:f4:08:7d:e6:4b:92:4f:e0:
e1:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:E8:3E:36:4C:17:4A:F4:36:63:31:96:4B:93:BC:F2:3A:B9:DA:AC
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.152.0.0/15
Signature Algorithm: sha256WithRSAEncryption
d6:98:a3:b0:6c:72:a5:d6:72:ab:fb:29:d1:b5:e3:9a:75:91:
74:c8:8b:4e:87:94:c3:9b:dc:ee:7f:f0:00:bd:fa:6d:af:d4:
1a:59:86:d2:a1:75:b8:95:35:e9:d3:fb:a2:fc:1c:85:cc:7e:
6b:23:6e:9e:51:e7:43:e7:65:d5:28:c6:fc:03:6f:0c:f9:68:
ff:04:1e:7a:13:97:3d:ef:59:5c:4e:91:a9:aa:75:81:cc:99:
bf:6b:f2:2e:5e:fa:37:79:7a:b7:2b:99:7c:6b:bb:42:37:bc:
d5:63:a5:77:6b:a0:32:0b:3a:31:8b:05:9f:20:98:14:ae:cf:
f7:5c:75:d2:08:9a:a5:b2:b0:12:1e:14:a8:47:41:58:e5:4b:
b4:d3:3b:a3:84:16:bd:ee:e6:41:7d:c1:83:fd:81:8f:fb:db:
66:de:ee:6a:06:f1:3b:b2:bc:eb:f5:f8:5f:b0:ab:2f:00:e9:
69:4a:1a:d8:c3:d8:d4:ec:e9:cd:a5:40:a5:92:5c:03:a5:c2:
ac:92:d9:08:bf:42:70:38:2d:70:c3:be:fd:d3:4c:cc:c8:2a:
80:79:84:f9:68:31:42:76:b4:a4:e6:27:37:74:86:ce:7c:c9:
ba:c1:ec:2e:38:f7:21:c5:45:04:e3:a9:37:1a:2d:48:30:f9:
bf:e3:ed:7b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHiHxPvKx6rzJm1yheV+yZ5fIgZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDIwMDlaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGUzMjY1ZmI3MGRmOWU0MDNhNGVkMGI3NmViYmEzODc0ZDQ4ZWRkNTRjNTc4
N2Y3ZjA5YzFlMmNkMTBhZWMwZTMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL57TEZZDb21nCNQDrWrm1OE2Cy7ijXIqCHcgIaXjg4KfSQWU0UiAmg5u1b3
W518XgysUPHGsHqu23RSxA7lxEomilOfnMFNbfHho4zUWwmYTcisGKG6BVQCaAq7
xx+46e5K+g5sFyLbOwrL9DdVmwKb63qxq8G6UbUvRe9vHw0vtlnUgO4nCzVscx8A
2kIwMeFg090IsOng9xo3Xes60mb7CgVWd00kGIVa/SnlxUs4HYXaT+/R7L8JosS7
wqt02/o1BZjcB5XKfKmxX7pE+uTtwrB7ea4gndFqo1R2kTi2TU2fkS1lr4gBcebI
q/BwD0gquqLknfQIfeZLkk/g4WMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSv6D42
TBdK9DZjMZZLk7zyOrnarDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzJjMzk1ZTItNDkxYy00MTQxLWJhMWUtMWIzNzE3ODQxMDYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOYMA0G
CSqGSIb3DQEBCwUAA4IBAQDWmKOwbHKl1nKr+ynRteOadZF0yItOh5TDm9zuf/AA
vfptr9QaWYbSoXW4lTXp0/ui/ByFzH5rI26eUedD52XVKMb8A28M+Wj/BB56E5c9
71lcTpGpqnWBzJm/a/IuXvo3eXq3K5l8a7tCN7zVY6V3a6AyCzoxiwWfIJgUrs/3
XHXSCJqlsrASHhSoR0FY5Uu00zujhBa97uZBfcGD/YGP+9tm3u5qBvE7srzr9fhf
sKsvAOlpShrYw9jU7OnNpUClklwDpcKsktkIv0JwOC1ww77900zMyCqAeYT5aDFC
drSk5ic3dIbOfMm6wewuOPchxUUE46k3Gi1IMPm/4+17
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:40:32 2025 by rpki-client