Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa
File: c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa (raw, json)
Hash identifier: y6Uk4S/AtY/0qGuVSuhK44/3GwB8R4rlvJwLS7xaAwY=
Subject key identifier: A8:71:34:46:5F:13:2A:0E:75:3A:0D:21:AB:8A:B0:D2:B1:60:FD:A0
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 61E96CA76A4352F5A2FA5C9524A955A820CB9122
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa
Signing time: Fri 08 Aug 2025 00:40:03 +0000
ROA not before: Fri 08 Aug 2025 00:40:03 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.238.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:e9:6c:a7:6a:43:52:f5:a2:fa:5c:95:24:a9:55:a8:20:cb:91:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 8 00:40:03 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=f67aceeb3663745a3859cf8843425ba08d48bbfbbd8bbd9c4cd39d8626427e11, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:f1:e2:21:2a:f6:d4:d0:cb:91:8c:5f:cf:29:
7c:74:89:60:a3:8f:20:59:e4:7b:23:34:a7:fd:b8:
40:29:bc:e1:6d:cf:eb:02:e8:ea:bb:35:7f:2b:ec:
b8:c0:ba:71:35:c7:18:e2:71:fc:7f:5a:d0:78:2d:
10:e9:8a:17:8a:e3:52:60:02:cb:ec:18:0c:5e:bb:
75:04:cc:78:2d:32:9a:f7:5a:cb:70:ae:c9:b0:93:
67:a8:a4:cd:c7:7f:3f:b7:ec:9f:11:54:7f:ba:63:
6c:9b:52:dc:54:f7:02:3f:85:24:71:50:da:72:02:
a3:56:d6:c5:ad:b2:04:d8:2f:15:d4:e0:2a:fc:7c:
4f:aa:e9:56:cf:f2:b2:ec:04:7a:25:e5:7f:e4:6e:
97:cd:9b:fe:ed:d5:00:d1:05:84:93:be:55:4d:89:
03:c4:22:54:93:01:5f:75:7c:f8:c9:d4:bd:f1:5f:
dd:f5:d6:c0:ff:49:4c:25:94:32:14:20:fe:f8:c7:
98:25:e1:0c:66:f8:f8:0f:f7:ca:ad:e3:a0:58:14:
bd:1f:8f:ee:83:45:e9:2a:00:77:48:e8:1a:89:e5:
b2:0d:0e:52:4e:63:86:36:c4:54:8f:76:6e:39:04:
88:e3:0f:95:b0:d9:78:42:d2:df:1e:07:50:04:7d:
11:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:71:34:46:5F:13:2A:0E:75:3A:0D:21:AB:8A:B0:D2:B1:60:FD:A0
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8fd8c44-7514-40e6-9198-e0b6e37b4c69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.238.0/23
Signature Algorithm: sha256WithRSAEncryption
2e:fb:bd:db:43:39:b1:49:95:cd:02:39:71:d0:ac:85:49:2c:
77:3f:1c:e1:90:f1:7e:c2:99:57:ae:69:b3:3a:f7:ee:e2:28:
a9:75:07:8b:4e:28:6c:e1:93:e5:90:b9:74:e4:04:01:a9:52:
2a:bd:1d:7b:94:b9:ac:2b:ea:87:01:d8:87:69:82:03:97:3b:
d1:d4:62:a6:af:20:05:42:df:ba:76:f9:ec:37:b9:18:e7:26:
34:05:f4:43:5a:17:bf:6f:2f:84:43:57:0c:1f:a9:51:a2:b1:
2f:1b:a2:e1:4e:6e:fb:37:8f:3d:16:64:c0:14:56:84:1b:9b:
d4:ac:8f:d3:65:21:8d:c9:a0:32:e7:b3:a7:b9:70:b4:24:f2:
69:e0:e7:ba:de:fe:ae:5d:82:c5:aa:1d:1e:c9:b4:e6:30:33:
1b:ae:f7:e9:2b:c2:cd:b8:80:42:9c:cd:c1:0b:09:81:2b:ac:
c5:fb:7c:11:e4:93:36:b4:93:84:97:7b:76:d0:36:21:61:06:
3f:f8:44:f4:be:fb:f6:d1:95:0d:ca:0b:ff:2e:5f:88:23:33:
9a:8d:5d:f5:50:5d:cc:58:ee:6b:eb:02:4c:7e:e0:40:73:5b:
a5:a4:84:87:0c:a3:02:f1:03:b1:25:31:7a:60:c2:38:b4:9c:
61:92:91:47
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUYelsp2pDUvWi+lyVJKlVqCDLkSIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDgwMDQwMDNaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2N2FjZWViMzY2Mzc0NWEzODU5Y2Y4ODQzNDI1YmEwOGQ0OGJiZmJiZDhi
YmQ5YzRjZDM5ZDg2MjY0MjdlMTExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMjx4iEq9tTQy5GMX88pfHSJYKOPIFnkeyM0p/24QCm84W3P6wLo6rs1fyvs
uMC6cTXHGOJx/H9a0HgtEOmKF4rjUmACy+wYDF67dQTMeC0ymvday3CuybCTZ6ik
zcd/P7fsnxFUf7pjbJtS3FT3Aj+FJHFQ2nICo1bWxa2yBNgvFdTgKvx8T6rpVs/y
suwEeiXlf+Rul82b/u3VANEFhJO+VU2JA8QiVJMBX3V8+MnUvfFf3fXWwP9JTCWU
MhQg/vjHmCXhDGb4+A/3yq3joFgUvR+P7oNF6SoAd0joGonlsg0OUk5jhjbEVI92
bjkEiOMPlbDZeELS3x4HUAR9EW8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSocTRG
XxMqDnU6DSGrirDSsWD9oDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzhmZDhjNDQtNzUxNC00MGU2LTkxOTgtZTBiNmUzN2I0YzY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMQ7jAN
BgkqhkiG9w0BAQsFAAOCAQEALvu920M5sUmVzQI5cdCshUksdz8c4ZDxfsKZV65p
szr37uIoqXUHi04obOGT5ZC5dOQEAalSKr0de5S5rCvqhwHYh2mCA5c70dRipq8g
BULfunb57De5GOcmNAX0Q1oXv28vhENXDB+pUaKxLxui4U5u+zePPRZkwBRWhBub
1KyP02UhjcmgMuezp7lwtCTyaeDnut7+rl2CxaodHsm05jAzG6736SvCzbiAQpzN
wQsJgSusxft8EeSTNrSThJd7dtA2IWEGP/hE9L779tGVDcoL/y5fiCMzmo1d9VBd
zFjua+sCTH7gQHNbpaSEhwyjAvEDsSUxemDCOLScYZKRRw==
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:39:08 2025 by rpki-client