Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
File: cf5e86ef-0733-4056-8b1b-683470ef90f1.roa (raw, json)
Hash identifier: GixzvRpsqG6F0pHUsR1mVaoomiq9hCydtC/bGkE9WgY=
Subject key identifier: 64:AC:58:71:D7:F6:0B:0F:F6:3A:9D:4D:4A:4B:DC:AA:54:9C:5F:B7
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 28BF8D75C1F5E794508BE1D908E04607715853F1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
Signing time: Fri 08 Aug 2025 00:40:58 +0000
ROA not before: Fri 08 Aug 2025 00:40:58 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.112.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:bf:8d:75:c1:f5:e7:94:50:8b:e1:d9:08:e0:46:07:71:58:53:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 8 00:40:58 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=9008a850743bc9992d99c328c96aadba7290e2663c2077f33c466fdff9f44966, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:0e:b5:d7:b4:6c:a4:ea:f3:01:16:f0:33:61:
72:2e:75:a2:a7:72:a1:c5:4e:b4:0c:9f:66:6c:d5:
1e:e2:e2:c7:75:04:6e:f9:f2:16:6f:86:7e:69:dd:
7b:ee:19:40:8f:64:1a:0d:0d:02:13:08:ee:71:db:
af:bd:dd:48:ae:a8:8b:fc:40:7f:91:70:89:68:82:
2c:99:c1:a5:d6:66:5c:3f:52:69:ca:13:8c:fa:72:
cc:a1:0c:5a:15:8d:1f:ed:d6:0e:76:13:89:78:b5:
c1:f9:1a:cf:8f:60:91:6c:80:93:6c:4d:2f:e3:cc:
5b:ec:d2:af:32:df:ea:66:17:87:d7:a7:38:87:a9:
66:3f:eb:ce:7c:44:82:99:3c:de:21:44:c9:a7:c2:
f9:9d:c2:3f:84:be:93:4f:d3:9f:db:04:6b:e1:75:
17:63:01:b2:9a:0d:bc:29:bb:78:06:2b:20:fe:d6:
51:2e:d6:ee:fd:c4:88:b0:1c:eb:22:e5:e1:55:fd:
cb:8a:fa:4d:52:e1:be:4a:67:e2:ab:3f:5f:be:c4:
0a:d5:ee:cc:2e:4b:ac:16:6c:1d:92:2a:29:45:29:
86:c5:a6:c9:02:93:de:50:5b:16:90:03:e4:73:61:
19:dc:a9:64:e9:ff:97:ab:3b:a7:2c:5a:94:29:07:
79:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:AC:58:71:D7:F6:0B:0F:F6:3A:9D:4D:4A:4B:DC:AA:54:9C:5F:B7
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.112.0/21
Signature Algorithm: sha256WithRSAEncryption
0c:6b:b9:5e:f6:01:78:90:90:4d:fc:83:54:03:35:43:34:d7:
53:0f:f7:f2:47:12:bc:7f:c0:2f:31:cd:8c:c3:ee:91:46:44:
93:cf:ee:a4:5d:b8:55:63:47:21:27:98:10:75:56:c9:b9:08:
03:c9:f3:61:88:71:0f:cd:7b:4c:49:f1:e9:e4:65:cf:6e:bc:
27:bf:b4:75:4b:b1:7f:ea:67:01:f5:fd:b8:8e:de:4e:81:f3:
8b:ab:99:ce:23:08:d3:bd:08:93:c1:33:b3:a4:49:3f:5f:d0:
12:48:d8:a2:3f:60:2e:1d:79:ef:87:e5:f5:c0:0d:76:3e:0c:
45:f4:8c:37:a4:a9:34:bb:1b:0d:2e:5e:13:f8:ae:7e:ad:36:
eb:2d:7f:3d:6a:ee:1f:13:8b:6d:8f:fb:1a:ce:b9:d1:d0:b7:
ff:3e:ba:d4:3f:a8:d9:e2:59:88:a3:5e:a4:66:16:c0:f1:4e:
a9:09:3a:a7:37:dd:95:15:f9:2f:17:a7:45:7a:8e:35:0f:d1:
53:2f:87:c1:29:b1:ba:fc:c8:e6:1e:25:5e:37:12:08:43:b6:
e1:59:3e:81:c5:ab:ee:9f:d4:f7:b8:4e:69:6f:45:19:9e:df:
3f:0c:04:e9:3e:18:a3:b3:2a:0f:e1:0a:ae:14:80:90:e5:d7:
04:48:0c:f9
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUKL+NdcH155RQi+HZCOBGB3FYU/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDgwMDQwNThaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDkwMDhhODUwNzQzYmM5OTkyZDk5YzMyOGM5NmFhZGJhNzI5MGUyNjYzYzIw
NzdmMzNjNDY2ZmRmZjlmNDQ5NjYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALwOtde0bKTq8wEW8DNhci51oqdyocVOtAyfZmzVHuLix3UEbvnyFm+Gfmnd
e+4ZQI9kGg0NAhMI7nHbr73dSK6oi/xAf5FwiWiCLJnBpdZmXD9SacoTjPpyzKEM
WhWNH+3WDnYTiXi1wfkaz49gkWyAk2xNL+PMW+zSrzLf6mYXh9enOIepZj/rznxE
gpk83iFEyafC+Z3CP4S+k0/Tn9sEa+F1F2MBspoNvCm7eAYrIP7WUS7W7v3EiLAc
6yLl4VX9y4r6TVLhvkpn4qs/X77ECtXuzC5LrBZsHZIqKUUphsWmyQKT3lBbFpAD
5HNhGdypZOn/l6s7pyxalCkHeXkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRkrFhx
1/YLD/Y6nU1KS9yqVJxftzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2Y1ZTg2ZWYtMDczMy00MDU2LThiMWItNjgzNDcwZWY5MGYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAcDAN
BgkqhkiG9w0BAQsFAAOCAQEADGu5XvYBeJCQTfyDVAM1QzTXUw/38kcSvH/ALzHN
jMPukUZEk8/upF24VWNHISeYEHVWybkIA8nzYYhxD817TEnx6eRlz268J7+0dUux
f+pnAfX9uI7eToHzi6uZziMI070Ik8Ezs6RJP1/QEkjYoj9gLh1574fl9cANdj4M
RfSMN6SpNLsbDS5eE/iufq026y1/PWruHxOLbY/7Gs650dC3/z661D+o2eJZiKNe
pGYWwPFOqQk6pzfdlRX5LxenRXqONQ/RUy+HwSmxuvzI5h4lXjcSCEO24Vk+gcWr
7p/U97hOaW9FGZ7fPwwE6T4Yo7MqD+EKrhSAkOXXBEgM+Q==
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:42:04 2025 by rpki-client